TrackExpnz

Privacy Policy

Effective May 28, 2026

TrackExpnz (“TrackExpnz,” “we,” “us,” or “our”) provides an expense- and mileage-tracking application for freelancers, sole proprietors, and small business owners across web, iOS, and Android (collectively, the “Service”). This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using the Service you agree to the practices described here.

1. Information You Provide

  • Account information. Your name, email address, and a password. Passwords are never stored in plain text — we store only a one-way cryptographic hash.
  • Business profiles. Business names, business type, and display preferences you create to organize your records.
  • Expense records. Amounts, vendors, categories, descriptions, dates, and tax-deductibility flags you enter or that are extracted from receipts you upload.
  • Receipt images. Photos or files of receipts you choose to upload for automatic data extraction.
  • Mileage records. Trip dates, distances, purposes, and the origin/destination descriptions you type in. We do not collect GPS or background location data.

2. Information Collected Automatically

When you use the Service we automatically record limited technical data needed to operate it securely: authentication session tokens (stored as hashes with expiry), the date and time of requests, and standard server logs such as IP address and device/app version. We use this for security, abuse prevention, and debugging.

3. How We Use Your Information

  • To provide, maintain, and improve the Service.
  • To extract structured data (vendor, date, totals, tax, line items, suggested category) from receipt images you upload, so you don’t have to type them.
  • To generate expense summaries and tax-oriented reports, including IRS Schedule C category mapping and mileage deduction calculations.
  • To authenticate you and keep your account secure.
  • To respond to support requests and send essential service communications.

We do not sell your personal information. We do not use your expense data, receipts, or financial records to train machine-learning models.

4. Automated Receipt Processing

When you upload a receipt, the image is sent to Amazon Web Services (AWS) and processed by AWS’s managed AI service (Amazon Bedrock) solely to extract the data fields described above. Per AWS’s terms for this service, your content is not stored by the model or used to train it. The original image is stored in your account’s private storage and is accessible only to you.

5. How Your Information Is Stored & Protected

Your data is hosted on Amazon Web Services in the United States. Expense and account records are stored in Amazon DynamoDB; receipt images are stored in Amazon S3 with private access controls. Data is encrypted in transit (HTTPS/TLS) and at rest. Access is restricted to the authenticated owner of the account and to the limited systems required to operate the Service.

6. Sharing & Disclosure

We share information only in these limited circumstances:

  • Service providers. Infrastructure vendors (such as AWS) that host and process data on our behalf under contractual confidentiality and security obligations.
  • Legal requirements. When required to comply with applicable law, legal process, or a valid governmental request.
  • Business transfers. In connection with a merger, acquisition, or sale of assets, in which case we will notify you before your data becomes subject to a different privacy policy.

7. Data Retention

We retain your information for as long as your account is active. When you delete a record it is removed from your account; when you delete your account, we delete your personal data and associated records within 30 days, except where we are required to retain certain information to comply with legal obligations.

8. Your Rights & Choices

You can access, correct, export, or delete your data from within the app, or by contacting us at the address below. Depending on where you live, you may have additional rights under laws such as the GDPR or CCPA, including the right to access, rectify, delete, or restrict processing of your personal data, and the right to lodge a complaint with a supervisory authority. To delete your account, use the in-app account settings or email us at [email protected].

9. Children's Privacy

The Service is intended for business use by adults and is not directed to children under 13 (or the minimum age of digital consent in your jurisdiction). We do not knowingly collect personal information from children.

10. International Users

The Service is operated from the United States. If you access it from outside the U.S., you understand your information will be transferred to, stored, and processed in the United States, where data-protection laws may differ from those in your country.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes we will update the “Effective” date above and, where appropriate, notify you in the app or by email.

12. Contact Us

Questions about this Privacy Policy or your data? Contact us at [email protected].