Privacy Policy

Last updated: March 2026

1. Information We Collect

When you use All Expenses Paid ("the Service"), operated by WisePenny Software Inc. ("we", "us", "our"), we collect the following types of information:

  • Account information: Name, email address, and password (securely hashed) when you create an account.
  • Financial data: Transaction details, categories, and reports that you choose to enter or import into the application.
  • Usage data: Log data including IP addresses, browser type, and pages visited for security and service improvement.
  • Payment information: Billing details processed securely through Stripe. We do not store your full credit card number.

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the All Expenses Paid service
  • Process transactions and send related information (receipts, confirmations)
  • Send account-related communications (password resets, security alerts, MFA codes)
  • Provide AI-powered categorization of your transactions (descriptions are sent to our AI provider)
  • Extract data from receipt images using AI vision (receipt images are sent to our AI provider for processing)
  • Detect and prevent fraud, abuse, and security incidents

3. Data Isolation & Security

Your financial data is completely isolated from other users. All database queries are filtered by your user ID, ensuring no other user can access your data. We use:

  • HTTPS encryption for all data in transit
  • Secure password hashing (never stored in plain text)
  • Multi-factor authentication options (email, TOTP, passkeys)
  • CSRF protection on all forms
  • Rate limiting on authentication endpoints

4. AI Processing

Our AI-powered features use the OpenAI API to process your data. Here is what is sent and when:

  • Transaction categorization: When you use AI auto-categorize, transaction descriptions are sent to OpenAI to suggest the most appropriate expense category.
  • Receipt scanning: When you scan a receipt (image or PDF), the receipt image is sent to OpenAI's vision API to extract vendor name, date, amounts, tax, tip, and currency. Receipt images may contain visible information such as vendor addresses, payment card last-four digits, and line item details.

In both cases, we never send your personal information (name, email, password), account balances, or financial totals beyond what is visible on the receipt or transaction. Your data is processed by OpenAI under their API data usage policy, which states that API inputs and outputs are not used to train their models. AI results are cached temporarily to improve performance.

Receipt scanning and AI categorization are optional Pro+ features. You can use manual entry and CSV import without any data being sent to AI providers. Company administrators can also disable AI data sharing entirely from Company Settings, which prevents all external AI calls while keeping local pattern-based categorization active.

5. Data Retention & Export

Your data is retained for as long as your account is active. You can export all your data at any time using the Backup feature in your profile. When you delete your account, all associated data (transactions, categories, templates, and preferences) is permanently deleted.

6. Third-Party Services

We use the following third-party services:

  • Stripe: Payment processing (PCI-compliant)
  • OpenAI: AI-powered transaction categorization and receipt data extraction (vision API)
  • Cloudflare: CDN, DDoS protection, and bot management

7. Cookies

We use essential session cookies to keep you logged in and maintain your preferences. We do not use third-party tracking cookies or sell your data to advertisers.

8. Your Rights

You have the right to:

  • Access your data (via the Backup/Export feature)
  • Correct your personal information (via Profile settings)
  • Delete your account and all associated data
  • Opt out of AI categorization

9. Contact

For privacy-related questions or concerns, please contact us at [email protected].