1. Data We Collect

We collect only what we need to run the service:

• Account information — your email address, an optional display name, a hashed password, and authentication tokens.
• Financial data you enter — accounts, recurring records, values, overrides, shared-access grants, and saved import mappings. This is whatever you choose to record.
• Files you upload — CSVs imported through the Import feature. These are processed and discarded after parsing; only the resulting records and values are stored.
• Technical data — the IP address of your requests (used for rate limiting and abuse prevention, and stored on your member row), browser type, and basic request metadata.
• Payment data — we do not store your card details. Our payment provider stores those directly; we hold only a customer identifier and billing-cycle metadata.

2. How We Use Your Data

We use your data only to:

• Provide the core service — store your records, calculate projected balances, render your accounts across devices.
• Authenticate you and keep your session secure.
• Process subscription payments through our payment provider.
• Send transactional email (welcome, email verification, password reset, login codes, account-sharing invites, plan-status updates).
• Detect and prevent abuse (rate limiting, bot protection).
• Understand aggregate usage of the site (page views, referrers, browser/device type — not the contents of your records).

3. Legal Basis for Processing

We process your data on three primary bases: contract (we need the data to deliver the service you signed up for), your consent (for any optional features you explicitly enable, such as the Smart Match AI import feature described in Section 9), and our legitimate interests in operating, securing, and improving the service. You can withdraw consent and stop using optional features at any time.

4. Data Ownership

You own every record, value, account, and note you enter. You can export any account's data as JSON (for a full structured backup or transfer) or as CSV (for spreadsheet use), and you can delete your entire account at any time — see Section 10.

5. How We Protect Your Data

Passwords are stored using industry-standard one-way hashing and are never kept in plain text. All traffic to and from Xpensim is encrypted in transit, and your data is encrypted at rest. The service sits behind protective layers that filter abuse, block common web attacks, and rate-limit suspicious traffic. Authentication uses short-lived tokens designed to resist cross-site credential attachment. No Xpensim staff routinely browses user data.

That said, no system is completely secure. We cannot guarantee absolute security of data transmitted to or stored by us, and we can't rule out every possible breach or misuse. We take reasonable steps to protect your data and will notify affected users if we become aware of a breach that requires disclosure.

6. Who Can See Your Data

Your financial data is visible to:

• You.
• Anyone you explicitly invite via the account-sharing feature. You control which accounts are shared and at what permission level (view-only or view+edit), and you can revoke access at any time.

That's it. We do not sell, rent, or disclose your financial data to anyone else for marketing or any other purpose.

7. Third-Party Processors

We rely on a small set of reputable external providers for specific, narrowly-scoped functions. We share only the minimum data each provider needs to do its job.

• Hosting and infrastructure — our servers, database, cache, and email queue run on a major cloud infrastructure provider.
• Payment processing — subscription payments are handled by a dedicated payments provider. Your card details go directly to them and never reach our servers.
• Email delivery — transactional email (verification, password reset, notifications) is sent through a third-party email service.
• Abuse protection — registration, password reset, and guest creation are protected by a third-party bot-detection service.
• Aggregate analytics — a third-party analytics service measures aggregate site usage (page views, referrers, browser/device type).
• Advertising (free plan only) — a third-party ad network serves ads on the Basic plan. The ad script runs in your browser and is given generic page context, not your records. Upgrading to Pro removes all ads.
• AI-assisted import — see Section 9.

We never send your financial records to advertising or analytics services. The contents of your accounts, records, and values are not shared with any third party for marketing, profiling, or analytics purposes.

8. Cookies and Similar Technologies

Xpensim uses cookies and similar technologies for a few specific purposes: keeping you authenticated between visits, detecting and preventing abuse, measuring aggregate site usage, and serving ads on the free plan. Most are first-party items set by Xpensim itself; the analytics and advertising cookies are set by the third-party providers described in Section 7. You can disable cookies in your browser settings at any time, though doing so may break login and other core features.

9. AI-Assisted Import (Smart Match)

Smart Match is an optional Pro feature that helps map values from a CSV import to your existing records. When you explicitly trigger it, we send a limited payload to a third-party AI provider: the distinct values from the column you're matching, together with the names of your existing records, so the AI can suggest mappings. We do not send your transaction history, balances, or other account contents. If you do not trigger Smart Match, no data is sent to the AI provider. We never use your data to train AI models.

10. Your Rights

Regardless of where you live, you have the following rights over your data:

• Access — view any data you've entered directly within the app.
• Export — download any account's data as JSON (full structured backup, re-importable) or as CSV (spreadsheet-compatible) from the account menu.
• Correction — edit any record, value, override, or account detail at any time.
• Deletion — delete your entire account from the Member Profile page. Deletion is immediate and permanent: everything associated with your account is removed from our active systems (see Section 11 (Data Retention) for details on backup retention), and any active subscriptions are cancelled. Once deleted, your data cannot be recovered.

Depending on your jurisdiction (for example, under GDPR in the EU/UK or CCPA in California), you may have additional rights such as restricting processing, objecting to processing, or lodging a complaint with a data protection authority. To exercise any of these, contact us through the Contact section below.

11. Data Retention

We retain your data only while your account is active. When you delete your account, your data is removed from our active systems immediately. Routine database backups, held for disaster-recovery purposes, may briefly retain a copy until they are rotated out on a standard schedule. We do not restore deleted user data from backups, and backups are overwritten in the ordinary course of operations.

12. Cross-Border Data Transfers

Xpensim is operated from Canada and our infrastructure is hosted with providers whose servers are located in North America, principally the United States and Canada. If you are accessing the service from another country, your data will be transferred to, stored, and processed outside your country of residence. By using Xpensim, you consent to that transfer. We apply the same protections described in this policy regardless of where your data is processed.

13. What We Never Do

• We never sell your data.
• We never share your financial records with advertisers or data brokers.
• We never use your data to train AI or machine-learning models.
• We never send the contents of your accounts, records, or values to analytics tools.

14. Children

Xpensim is not directed to, and may not be used by, anyone under 18. We do not knowingly collect data from children under 18. If we learn that we have collected such data, we will delete it.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Continued use of Xpensim after changes constitutes acceptance of the updated policy. We will make reasonable efforts to notify users of significant changes and update the "Last updated" date at the top of this page.

16. Contact

If you have questions about this policy or want to exercise any of your data rights, reach out through our Contact Us page or email us directly at contact@xpensim.com.