P PEXPE

Privacy Policy

How we collect, use, protect, and retain personal and financial data.

Effective date: March 27, 2026

1. Scope

This Privacy Policy explains how PEXPE processes personal data when you access our website, create an account, import financial records, use platform features, or contact support.

It applies to public pages, authenticated app routes, and account-level operations.

2. Data Controller and Contact

PEXPE acts as the data controller for account, product, and usage data processed through the platform.

3. Data We Collect

  • Account and identity data: name, email, password hash, locale, timezone, and authentication metadata.
  • Household and collaboration data: household name, member roles, invitations, and membership history.
  • Financial data you provide: accounts, transactions, categories, merchants, budgets, goals, liabilities, loans, shared expenses, and related notes.
  • Import and attachment data: uploaded files, mapped columns, import diagnostics, and receipt/attachment metadata.
  • Billing data: subscription identifiers, plan and invoice metadata, payment method descriptors (processed by payment providers).
  • Operational and security data: logs, audit records, device/browser data, IP address, session identifiers, and anti-abuse signals.
  • Support communications: messages sent through the contact form or support channels.

4. Purposes and Legal Bases

  • Contract performance: to provide account access, personal finance features, imports, reporting, and household collaboration.
  • Legitimate interests: to monitor reliability, prevent abuse, investigate incidents, improve product quality, and support users.
  • Legal obligations: to comply with applicable accounting, consumer, tax, fraud-prevention, and law-enforcement requirements.
  • Consent: where legally required for optional communications or non-essential tracking technologies.

5. How We Use Your Data

  • Authenticate users, secure sessions, and enforce role-based permissions.
  • Store and display household finance records and derived analytics.
  • Run imports, deduplicate rows, and validate mapped transaction data.
  • Generate dashboards, reports, forecasts, and budgeting insights.
  • Process subscriptions, invoicing, and billing-state transitions.
  • Provide customer support and service notifications.
  • Maintain security monitoring, incident response, and auditability.

6. Cookies, Local Storage, and Similar Technologies

PEXPE uses essential session and preference storage to keep you logged in, remember theme and locale preferences, and provide core app functionality.

We do not sell personal data. If optional analytics or marketing tags are enabled in the future, they will be disclosed and managed through appropriate controls.

7. Sharing and Disclosure

We do not sell personal data to third parties for advertising resale.

We may share data with:

  • Infrastructure and operational processors (hosting, email delivery, monitoring, billing).
  • Payment processors for subscription and invoice management.
  • Professional advisers and authorities where disclosure is legally required.
  • Successors in a merger, acquisition, or asset transfer, subject to confidentiality obligations.

8. International Data Transfers

Data may be processed in countries other than your own.

Where required, we implement transfer safeguards such as contractual clauses and technical security measures to protect personal data across jurisdictions.

9. Data Retention

We retain personal data for as long as necessary to provide the service and meet legal, security, and accounting obligations.

Retention periods vary by dataset type, including account records, billing records, audit logs, and security telemetry.

When data is no longer required, we delete, aggregate, or anonymize it according to our retention controls.

10. Security Measures

  • Authentication and role-based authorization controls.
  • Tenant isolation for household-scoped data access.
  • CSRF protection, rate limiting, and secure password hashing.
  • Audit logging for sensitive write operations and admin actions.
  • Environment-based secret management and operational monitoring.

11. Your Privacy Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or object to processing of your data, and to request portability.

You may also request account closure and data export, subject to legal and operational retention requirements.

12. Children and Age Requirements

PEXPE is not directed to children under the age required by applicable law to create an account.

We do not knowingly collect personal data from children without appropriate authorization.

13. Changes to This Policy

We may update this Privacy Policy to reflect product, legal, or regulatory changes.

Material changes will be communicated through appropriate in-product or website notices.

14. Contact

For privacy inquiries, rights requests, or complaints, contact: info@pexpe.app .