Privacy Policy .
Last Updated: March 5, 2026
At SM Expense, your privacy is fundamental. This policy explains what data we collect, how we use it, how we protect it, and your rights regarding your personal information.
Contents
Information We Collect
Account Information
When you create an account, we collect your name, email address, and an encrypted password. If you sign up via Google or GitHub, we receive your profile name and email from those services.
Financial Data
You provide expense amounts, categories, descriptions, and budget limits. This data is created by you and stored securely in our database. We do not connect to any bank accounts or financial institutions.
Receipt Images
If you upload receipt images for AI analysis, we process the image to extract text and categorize expenses. Images are processed securely and are not shared with third parties beyond our AI processing provider.
Usage Data
We automatically collect basic usage data including login timestamps, browser type, device information, and IP addresses to maintain security and improve our service.
How We Use Your Data
Service Delivery
We use your data to provide expense tracking, budget management, AI-powered receipt analysis, and parent-student account linking features.
Security
Login and usage data helps us detect unauthorized access, prevent fraud, and maintain the security of your account.
Communication
We may send you service-related emails such as password resets, security alerts, and important account notifications. We will never send marketing emails without your explicit opt-in consent.
Improvement
Aggregate, anonymized usage patterns help us understand which features are most useful and improve the application.
How We Protect Your Data
Encryption
All data is encrypted in transit (TLS/SSL) and passwords are hashed using industry-standard algorithms. We never store plain-text passwords.
Security Headers
Our application implements comprehensive security headers including Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, HSTS, and Referrer-Policy.
Access Controls
We implement rate limiting, CSRF protection, input validation, and secure authentication practices to protect against unauthorized access.
Infrastructure
Our application is hosted on Vercel with enterprise-grade security. Our database uses encrypted connections and is hosted on secure cloud infrastructure.
Your Rights
Access Your Data
You can view all your personal information through your account profile and settings pages at any time.
Correct Your Data
You can update your name, email, and other profile information through your account settings.
Delete Your Account
You can request complete deletion of your account and all associated data by contacting us. We will process deletion requests within 30 days.
Data Portability
You can export your expense and budget data from the application for your own records.
Opt-Out
You can opt out of non-essential communications at any time by using the unsubscribe link in our emails or adjusting your notification preferences.
Third-Party Services
Stripe (Payment Processing)
If you subscribe to a paid plan, Stripe processes your payment information. We never see or store your full credit card number. Stripe is PCI DSS Level 1 certified. See Stripe's privacy policy at stripe.com/privacy.
AI Processing (Groq)
Receipt text and expense descriptions may be sent to our AI provider for categorization and analysis. Only the text content is shared, not your personal identity.
Hosting (Vercel)
Our application is hosted on Vercel, which processes request data (IP addresses, request logs) as part of service delivery.
Authentication
If you use Google or GitHub to sign in, those providers share your basic profile information (name, email) with us according to their own privacy policies.
Children's Privacy
Age Requirement
SM Expense requires users to be at least 13 years old to create an account, in compliance with COPPA (Children's Online Privacy Protection Act).
Users Under 18
Users between 13 and 17 years old may use SM Expense but are encouraged to have a parent account linked for oversight. The parent-student linking feature provides parents with appropriate visibility.
Under 13
We do not knowingly collect personal information from children under 13. If we discover that a user is under 13, we will promptly delete their account and all associated data. If you believe a child under 13 has created an account, please contact us immediately.
Contact & Changes
Contact Us
For any privacy-related questions, data requests, or concerns, please contact us at: privacy@smexpense.com
Policy Updates
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notification. The 'Last Updated' date at the top of this page will always reflect the most recent revision.
Governing Law
This Privacy Policy is governed by the laws of the United States of America.
Questions about your privacy? Contact Us