Effective Date: January 20, 2026

Last Updated: January 20, 2026

Important: This Privacy Policy explains how ExpenseTrack ("we", "us", "our") collects, uses, and protects your personal information when you use our expense tracking and budgeting service at www.expensetrack.co.za ("Service", "Platform", "Website").

1. Introduction

ExpenseTrack is committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy Policy governs our data collection, processing, and usage practices in compliance with:

• South Africa's Protection of Personal Information Act (POPIA), 2013
• European Union's General Data Protection Regulation (GDPR)
• Other applicable data protection laws

By using ExpenseTrack, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Username, email address, password (encrypted)
• Subscription Information: First name, last name, cell phone number, subscription dates
• Financial Data: Budget details, expense descriptions, transaction amounts, account names, dates
• Payment Information: Processed securely through third-party payment processors (we do not store credit card details)
• Support Communications: Email correspondence, feedback, and support requests

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent on the platform, click patterns
• Device Information: IP address, browser type and version, operating system, device identifiers
• Cookies and Tracking: Session cookies for authentication, functional cookies for preferences
• Log Data: Access times, error logs, and security-related information

2.3 Information from Third Parties

• Authentication Providers: If you use social login, we receive basic profile information
• Payment Processors: Transaction confirmation and subscription status

3. How We Use Your Information

We process your personal information for the following purposes:

3.1 Service Delivery

• Create and manage your user account
• Process and maintain your budget and expense data
• Generate financial reports and summaries
• Provide customer support and respond to inquiries
• Manage your subscription and billing

3.2 Service Improvement

• Analyze usage patterns to improve features and user experience
• Conduct research and development for new features
• Monitor and analyze platform performance
• Detect and prevent technical issues

3.3 Communication

• Send transactional emails (account verification, password resets, subscription confirmations)
• Notify you about changes to our Service or policies
• Send promotional communications (only with your consent, opt-out available)
• Conduct surveys and gather feedback

3.4 Legal and Security

• Comply with legal obligations and regulatory requirements
• Protect against fraud, unauthorized access, and security threats
• Enforce our Terms of Service and protect our rights
• Resolve disputes and address legal claims

4. Legal Basis for Processing (GDPR/POPIA)

We process your personal information based on the following legal grounds:

• Consent: You have given explicit consent for specific processing activities
• Legitimate Interests: Processing necessary for our legitimate business interests (e.g., fraud prevention, service improvement)
• Legal Obligation: Processing required to comply with applicable laws and regulations

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data transmitted over the internet uses SSL/TLS encryption (HTTPS)
• Password Protection: Passwords are hashed and salted using secure cryptographic algorithms
• Access Controls: Strict access controls limit who can view or process your data
• Regular Security Audits: We conduct regular security assessments and vulnerability testing
• Secure Infrastructure: Our servers and databases are hosted in secure, monitored environments
• Data Backups: Regular encrypted backups to prevent data loss
• Anti-Forgery Tokens: Protection against cross-site request forgery (CSRF) attacks

Important: While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy:

• Active Accounts: Data is retained while your account is active
• Closed Accounts: Financial data may be retained for up to 7 years to comply with tax and accounting regulations
• Legal Requirements: We may retain certain data longer if required by law or to defend legal claims
• Anonymized Data: We may retain anonymized, aggregated data indefinitely for analytical purposes

7. Sharing Your Information

We do not sell, rent, or trade your personal information. We may share your data only in the following circumstances:

7.1 Service Providers

• Hosting Providers: Cloud infrastructure and database hosting
• Payment Processors: To process subscription payments securely
• Email Service Providers: To send transactional and marketing emails
• Analytics Providers: To understand how our Service is used (anonymized data)

All service providers are bound by strict confidentiality and data protection obligations.

7.2 Legal Requirements

We may disclose your information if required by law, court order, or government authority, or to:

• Comply with legal processes or regulatory requirements
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Protect the rights and safety of our users

7.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred. We will notify you of any such change and provide options regarding your data.

8. Your Privacy Rights

Under POPIA, GDPR, and other applicable laws, you have the following rights:

8.1 Right to Access

You can request a copy of the personal information we hold about you.

8.2 Right to Rectification

You can update or correct inaccurate or incomplete personal information through your account settings.

8.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal information, subject to legal retention requirements.

8.4 Right to Data Portability

You can request a copy of your data in a structured, machine-readable format (e.g., CSV, JSON).

8.5 Right to Object

You can object to processing of your personal information for direct marketing or other purposes based on legitimate interests.

8.6 Right to Restrict Processing

You can request that we temporarily or permanently stop processing certain personal information.

8.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw your consent at any time.

8.8 How to Exercise Your Rights

To exercise any of these rights, please contact us at: privacy@expensetrack.co.za

We will respond to your request within 30 days as required by law.

9. Cookie Policy

ExpenseTrack uses cookies and similar tracking technologies to enhance your experience:

9.1 Types of Cookies We Use

• Essential Cookies: Required for authentication, security, and basic functionality (cannot be disabled)
• Functional Cookies: Remember your preferences and settings
• Performance Cookies: Help us understand how you use our Service (anonymized)
• Anti-Forgery Tokens: Protect against CSRF attacks

9.2 Managing Cookies

You can control and delete cookies through your browser settings. Please note that disabling essential cookies may affect the functionality of our Service. For more information about managing cookies, visit: www.allaboutcookies.org

10. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these external sites. We encourage you to review their privacy policies before providing any personal information.

11. Children's Privacy

ExpenseTrack is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@expensetrack.co.za, and we will promptly delete such information.

12. International Data Transfers

Your information may be transferred to and processed in countries other than South Africa. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequate data protection frameworks
• Your explicit consent where required

13. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

• Notify you within 72 hours of becoming aware of the breach (as required by GDPR/POPIA)
• Notify relevant regulatory authorities as required by law
• Take immediate steps to mitigate the breach and prevent future incidents
• Provide guidance on steps you can take to protect yourself

14. Marketing Communications

With your consent, we may send you promotional emails about new features, special offers, and other information we think you may find interesting. You can opt-out at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your email preferences in your account settings
• Contacting us at privacy@expensetrack.co.za

Note: You will still receive essential transactional emails related to your account and subscriptions.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• We will update the "Last Updated" date at the top of this policy
• Material changes will be prominently announced on our website or via email
• Your continued use of the Service after changes constitutes acceptance of the updated policy

We encourage you to review this policy periodically to stay informed about how we protect your information.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@expensetrack.co.za
Website: www.expensetrack.co.za
Response Time: We aim to respond to all inquiries within 3-5 business days

17. Regulatory Authorities

If you believe we have not handled your personal information properly, you have the right to lodge a complaint with:

• South Africa: Information Regulator (South Africa) - www.justice.gov.za/inforeg/
• European Union: Your local Data Protection Authority - Find your DPA

Summary of Key Points

• We collect information you provide and usage data to deliver and improve our Service
• We use industry-standard security measures to protect your financial data
• We do not sell your personal information to third parties
• You have rights to access, correct, delete, and port your data
• You can opt-out of marketing communications at any time
• Contact privacy@expensetrack.co.za for privacy-related inquiries

Last Updated: January 20, 2026