SM Expense Logo
[ RETURN_TO_BASE ]
Institutional_Governance_Protocol

PRIVACY_POLICY

Last Updated: April 19, 2026. At SM Expense, our data stewardship is defined by our commitment to high-integrity private infrastructure and local-edge AI processing.

NODE_01INFORMATIONWE COLLECTNODE_02HOW WE USEYOUR DATANODE_03HOW WE PROTECTYOUR DATANODE_04RIGHTS &GDPRNODE_05THIRD-PARTYSERVICESNODE_06CHILDREN'SPRIVACY (COPPA)NODE_07CONTACT &AMENDMENTS
CLAUSE_REVISION_01

INFORMATION WE COLLECT

Default Data Isolation

SM Expense is designed to maximize local privacy. By default, your expense data, receipt text, and analysis configurations are processed and stored on your hardware. We only collect the minimal account metadata (name, email) required to maintain your authentication session.

Opt-In Cloud Processing

If you voluntarily activate 'Cloud-Enhanced AI' features, receipt images and metadata are transmitted via encrypted connection to our secure inference partners. This data is processed in volatile memory and is never used to train third-party models.

Usage Telemetry

We collect basic request telemetry (IP address, device type) strictly for security monitoring, fraud prevention, and to maintain the operational integrity of our high-performance VPS infrastructure.

IRS Compliance Data

We collect and process expense categories, transaction amounts, and dates solely to generate IRS-organized compliance reports. We do not collect Social Security Numbers, Tax ID Numbers, or bank account information.

CLAUSE_REVISION_02

HOW WE USE YOUR DATA

Strategic Functionality

We use your data to facilitate expense reporting, budget analysis, and the optional parent-student account linking protocol.

Operational Integrity

Telemetry is used to detect and neutralize DDoS attacks, fraudulent account creation, and unauthorized system access attempts.

Zero-Marketing Commitment

We do not sell your data to brokers or advertisers. We do not use your financial data for marketing. We will never send promotional signals without your explicit opt-in.

Local-First Financial Processing

Financial categorization data is processed locally where possible and is never sold to third parties, advertisers, or financial institutions.

CLAUSE_REVISION_03

HOW WE PROTECT YOUR DATA

Encryption Protocol

All transmissions utilize TLS 1.3 encryption. Passwords and sensitive identifiers are hashed using enterprise-grade cryptographic algorithms.

Infrastructure Security

SM Expense is hosted on Private VPS systems with high-integrity firewalls. We implement rate-limiting, CSP, and HSTS to prevent system-level compromises.

Data Retention Protocol

Upon account deletion, all associated cloud-stored data is purged from our production databases within an operational window of 30 days.

IRS Report Sovereignty

IRS Compliance Reports are stored securely and accessible only to the Primary Operative (account holder). Reports are deleted upon account termination.

CLAUSE_REVISION_04

RIGHTS & GDPR

Core Rights (CCPA/GDPR)

Regardless of your location, we grant you the right to access, correct, delete, or port your data. You may download a copy of your records directly from your settings dashboard.

International Data Transfers

SM Expense is operated from the United States. Users located in the EEA, UK, or Switzerland acknowledge that their data will be processed in the US under Standard Contractual Clauses (SCCs) to ensure equivalent protection.

Breach Protocol

In the event of a high-risk data breach, we will notify affected users and relevant authorities without undue delay, as required by global privacy regulations.

CLAUSE_REVISION_05

THIRD-PARTY SERVICES

Financial Operations (Lemon Squeezy)

Payment processing is handled by our Merchant of Record, Lemon Squeezy. They manage PCI-DSS compliance, tax, and billing security. SM Expense does not see or store your payment card details.

AI Infrastructure Protocol

We utilize specialized Enterprise OCR and Inference Subprocessors for cloud-enhanced features. These partners are prohibited from retaining your data or using it for model training. Opting out of cloud features keeps all processing localized.

Security Analytics

We use Google Tag Manager (GTM) for basic navigation-only analytics. No financial data, expense content, or PII is transmitted through this channel.

CLAUSE_REVISION_06

CHILDREN'S PRIVACY (COPPA)

13+ Age Gate Protocol

SM Expense strictly enforces a 13+ age requirement. We maintain automated server-side verification protocols and database hooks that technically block the creation of accounts by individuals identified as under the age of 13.

Parental Oversight

Accounts for users aged 13-17 are designed to be linked with a parent or guardian for collaborative oversight. We do not knowingly store data from children under 13.

CLAUSE_REVISION_07

CONTACT & AMENDMENTS

Communications

For all privacy-related inquiries or Data Subject Access Requests, contact us at: mail@smexpense.com. We respond to all verified requests within 30 days.

Governing Law

This Privacy Policy is governed by the laws of the State of Delaware, United States of America.

ESTABLISH_UPLINK

Questions about your privacy?

Our ethics and transparency team is on standby to assist with any protocol inquiries or subject access requests.

CONTACT_PRIVACY_OFFICER