Expense Reports

← Back to App

Privacy Policy

Last Updated: March 7, 2026

Overview

ExpenseReports.app is a privacy-focused web application.

The app is local-first: your expense data is created and managed in your browser. We do not operate our own backend that stores your receipts, reports, or email content.

ExpenseReports.app includes optional third-party integrations (for example Google today, with additional providers possible in the future). Integrations are only used when you choose to connect them.

What We Do Today

  • The app runs fully on the client (your browser)
  • Receipt images and related data are stored locally using browser storage
  • No ExpenseReports.app account is required
  • No analytics, tracking, or logging is used by us
  • Optional rough device location may be used to infer nearby cities on your device only
  • Optional third-party integrations can access provider data only under permissions/scopes you grant
  • Current active connectors and scope details are documented in our integration inventory: policies/integrations.inventory.yml
  • Optional automated extraction may parse receipt-related fields (for example from Schema.org JSON-LD in emails) to help prefill form fields

We do not run ad-tech, profiling, or sell personal information.

Optional Third-Party Integrations

When you connect a third-party service, your browser communicates directly with that provider’s APIs over HTTPS.

Provider capabilities (examples)

Current examples include:

  • Mail import capability (read-only scopes such as gmail.readonly where supported)
  • App-data backup/sync capability (restricted scopes such as drive.appdata where supported)

Integration-specific scopes, data categories, storage destinations, and user controls are maintained in:

  • policies/integrations.inventory.yml

Third-party provider handling of data is governed by each provider’s own terms and privacy policies.

OAuth access tokens for optional integrations are stored in browser storage and can be cleared by disconnecting integrations or clearing site data.

All data remains on your device unless you choose to export it or enable optional sync to your own Google Drive.

Your Control

You control your data at all times:

  • Clearing the app’s site data removes all stored information
  • Exported files are created locally on your device
  • We do not retain copies of your data on ExpenseReports.app-operated servers
  • Location access is requested once, and you can deny or revoke permission at any time
  • You can disconnect third-party integrations at any time

Location Assistance

If you allow location access, the App uses a low-accuracy (rough) device location to match nearby cities from a bundled, read-only dataset. This happens locally in your browser.

  • Raw latitude/longitude is not stored or sent anywhere
  • The inferred city suggestions are used in-session to help prefill report location
  • You can override or change the location in the UI at any time

Future Changes

If we add, remove, or materially change integrations or data processing behavior, this Privacy Statement will be updated to reflect those changes.

Changes to This Statement

This Privacy Statement may be updated as the app evolves. The current version will always be available on this page.

Contact

For privacy-related questions:

privacy@expensereports.app