Expensify.org/hunger SNAP campaign status 


The number of families signing up for reimbursement has vastly outnumbered the limited funds available. Though we’re unable to provide a specific timeline on when your report will be reimbursed, we’re doing our best to drive donations and keep our fund moving forward. Rest assured, we’ll review every report that’s submitted per our instructions. 


Thanks for your patience! 

Announcing Changes to Receipt URL Permissions

Sheena TrepanierSheena Trepanier Expensify Success Coach - Admin Posts: 1,391 Expensify Team
edited November 2019 in Product Updates

We wanted to take a moment to update everyone on a change we made to improve the security of receipt URL links in Expensify.

Going forward, users can only view receipts if they have sufficient permissions needed to view receipt images via the receipt URL. This directly affects customers who share receipt URL links for invoicing or auditing purposes. 

What’s changed?

As of November 4, 2019, receipt URLs will only display receipt images to individuals with the required permissions. If you do not have the necessary permissions to view a receipt, you will receive a 403 error and the following message.

Permissions needed to view receipt images via URL

In order to view receipts via URL, you must meet at least one criterion from the list below.

  • You are the receipt owner

  • Be an auditor of the policy the receipt is submitted on

  • Be an admin of the policy the receipt is submitted on

  • The report submitter has shared the report with you

FAQ: I’m sharing receipt URLs with clients, how do I get them access to view the receipts now?

Sharing receipt images with others is an important functionality for many customers. To preserve the security of your expense information, it will now be necessary to ensure your client or auditor has access to the receipts in Expensify. You can do this in one of three ways.

  1. Work with your IT department to grant the client or auditor an email they can use to access Expensify and the receipt images. This account will need a policy invite and the auditor role view receipt URL images.

  2. If they already have an Expensify account, you can grant that account the necessary permissions to view receipt images. The account will need a policy invite and the auditor role at minimum to view receipt URL images.

  3. If you don’t want to add them to your policy, you can ask them to create a free account using their email. Then, once this account exists, the report can be shared with them to grant them access to view receipt URL images.

A more manual alternative would be to download receipt images individually as needed by clicking the following button on an individual receipt:

«1

Comments

  • Jason_Richards_25Jason_Richards_25 Expensify Customer Posts: 23 Expensify Admirer
    Receipt security? Why does a receipt image need security? This change is terrible.

    The new receipt sharing options offered are not feasible for how our organization bills some expenses back to our customers. You expect an AP department at an organization that does not use Expensify to just set up a free account to view receipts- like it's that easy and they do not have to go through security processes on their end before starting to use a new software?

    Have current Expensify customers asked for receipt security? This is the perfect example of how out of touch Expensify is with customers and how expense information is used.
  • Sheena TrepanierSheena Trepanier Expensify Success Coach - Admin Posts: 1,391 Expensify Team
    edited November 2019
    Hi @cslim, @Jason_Richards_25, and @guyellis1988, thanks for joining the conversation here!

    I would really like to advocate for you all and was hoping you could answer a few questions for me so I can share this feedback?

    1. Who is the main user of receipt URLs -- Is this a client, an auditor, or someone in your company who doesn't necessarily use Expensify?
    2. How are you currently utilizing the receipt URLs -- Are you exporting them to a spreadsheet and sharing a spreadsheet with your client?
    3. If you're sharing them with clients, how is the client using them? What are they using them for?
    4. If you knew that receipt URLs were going to stay secured as they currently are now, what other tools in Expensify would you need to continue using the system? 
    Thanks so much for the valuable feedback and for getting back to me!
  • Sheena TrepanierSheena Trepanier Expensify Success Coach - Admin Posts: 1,391 Expensify Team
    Hi @Robert, thanks for joining as well. Would you be open to answering the questions below so I can track the feedback?
    1. Who is the main user of receipt URLs -- Is this a client, an auditor, or someone in your company who doesn't necessarily use Expensify?
    2. How are you currently utilizing the receipt URLs -- Are you exporting them to a spreadsheet and sharing a spreadsheet with your client?
    3. If you're sharing them with clients, how is the client using them? What are they using them for?
    4. If you knew that receipt URLs were going to stay secured as they currently are now, what other tools in Expensify would you need to continue using the system? 
    @cslim and @Jason_Richards_25 -- thank you so much both of you, for taking the time to provide the information I requested.

    I have shared this feedback with the team and am following the discussion closely. As I learn more information that is relevant to this change I'll be following up with everyone on this thread. Talk to you soon!
  • Jason_Richards_25Jason_Richards_25 Expensify Customer Posts: 23 Expensify Admirer
    cslimguyellis1988kdearixonStephanieL789Robert all vote up each other's comments to ensure there is more views on this. 

    Extremely doubtful @Sheena Trepanier and team Expensify will actually be doing anything about this, but we may as well put in a little effort. They made the decision with little care for how it would affect customers, so why would our concerns cause a change after the fact? 

    @Sheena Trepanier Is there an update on advocating for your customers?
  • cslimcslim Expensify Customer Posts: 7 Expensify Newcomer
    @Sheena Trepanier would be great if the product team can give us an update. This is impacting our business. And if this is not resolved anytime soon, we really have to move to something else for next month’s expense management.
  • guyellis1988guyellis1988 Expensify Customer Posts: 4 Expensify Newcomer
    @Sheena Trepanier

    Our use-case is almost identical to the one described by @Jason_Richards_25

    If a solution cannot be found, we will be forced to explore alternative systems; this is not something I say lightly, as the years of history and ~50 Expensify users to retrain will be a substantial effort on our side.

    The lack of advanced warning to a substantial change such as this is incredibly worrying.
  • Nicole TrepanierNicole Trepanier Expensify Success Coach - Admin Posts: 490 Expensify Team
    I just want to let everyone know that we are tracking customer demand for this feature to be reversed. This isn't a short process as we need to see if there is more demand here than there was to secure these URLs before we decide if and when we need to change it. I can't provide an ETA for this decision. I am so sorry for the frustration this has caused you. 
  • LayneLayne Expensify Customer Posts: 1 Expensify Newcomer
    A bit of warning would have been nice. I recently sent out an 5,000-line expense report to an auditor that they now cannot access, now making it useless. No, I cannot grant them access to my entire account, we have other clients and NDA's. And no, I am not going to manually send them 100's of individual reports to look at.

    Instead of making changes that nobody is asking for, how about adding ones that we are? (ie. monthly spending tracking/limits across all reports, improved tag management, etc.)
  • cslimcslim Expensify Customer Posts: 7 Expensify Newcomer
    Hi @Nicole Trepanier  

    Thanks for the update but unfortunately no ETA is not great. Let me (and I hope I speak for the rest of the Expensify customers) give you a date to come back to us.

    Please let us know an update by end of this week (22nd Nov). If there is no update, I will take that the this "security" feature remains. This will be a deal breaker for us and we will be migrating off Expensify. We as a business already has expenses unpaid and stuck - that's for September and October, and now November as we continue to use Expensify. We cannot operate like this for another month.
  • samuelsamuel Expensify Customer Posts: 2 Expensify Newcomer
    There should be a few easy options going forward:
    1. Give some customers the capability to opt out of new features like this one;
    2. Consider creating a new role "External Auditor" that is required to login but can only access receipts.
  • Jason_Richards_25Jason_Richards_25 Expensify Customer Posts: 23 Expensify Admirer
    @Nicole Trepanier Expensify tells customers about the change a week after it goes into effect and then provides zero alternatives? Excellent customer service shown here.

    This change must be due to the new Expensify card, either a regulatory requirement or a way to push customers to it.
  • maasjmaasj Expensify Customer Posts: 23 Expensify Admirer
    edited November 2019
    I just discovered this issue.

    I can totally understand why some customers don't want their receipts to be public on the web.  If you can't even imagine why then you don't care at all about privacy.  I envy your life.  :smile:

    But to change existing behavior like this, without warning, and without a way to revert back for those who are willing to accept the privacy implications, is pretty anti-customer behavior.

    Our use case is that we have a years-old procedure of exporting reports via CSV and then a custom script processes that CSV file in order to:
    • import transaction data into our non-standard accounting system
    • make backups of receipt images in case we ever stop using Expensify or Expensify loses their copies due to a computer disaster or Expensify ceases to exist (those things do happen)
    • generate custom notifications when someone charges an expense to someone else's fund/budget (via Tags)

    We started a project a while back to use the API (which didn't exist when we first started using Expensify) to get what we need instead of using manual CSV exports, but we didn't get that project over the finish line.  I hope the API provides the ability to get receipt images.  If getting them manually via the web app is the only way now, that's really not cool.

    Interestingly, e-Receipts are still publicly available.  While not as likely to have incriminating information like the restaurant server's phone number on the married CEO's receipt, e-Receipts can still leak information that some people would rather be private.

    So right now some receipts require authentication and some don't, with no way for the customer to control the behavior for either type.  I doubt that any customer asked for this particular outcome.

    Please give us a policy setting for receipt privacy!  Please!  I think the default should be that they're private and require authentication, but don't force that on your customers.  Let customers choose to be more risky if they want to be.  Give them a big warning or make them sign a waiver or something, but give 'em the choice, especially when the system operated that way for years.

    Please!
  • Victoria O'learyVictoria O'leary Expensify Team Posts: 70 Expensify Team
    Hi @maasj

    Thanks for joining the conversation and providing another perspective on the issue of privacy!

    We hear you and understand this change might not work for everyone. As was mentioned earlier in the thread, we're working through feedback to see if there is enough demand for the feature to be reversed.

    This isn't going to happen overnight because it does take time to gather enough user cases on both ends of the spectrum so we can understand customer demand. We'll keep you informed on this thread so keep an eye out 👀
  • maasjmaasj Expensify Customer Posts: 23 Expensify Admirer
    @Victoria O'Leary - You don't need to "reverse" the change.  It doesn't have to be an either-or.  Just give your customers the option to choose.  We can handle it.  :smile:

  • maasjmaasj Expensify Customer Posts: 23 Expensify Admirer
    I checked the API docs yesterday and I don't see any way to download receipts with it.  So it seems like there's currently no way to automate the process of downloading receipts.  Is that correct?
  • Karisa LattaKarisa Latta Expensify Success Coach - Admin, Expensify Team Posts: 96 Expensify Team
    Hey everyone!

    While we're still working on gathering feedback and looking at our options, have you tried to see if a report PDF would be a good workaround? When you download a report to PDF, you get all the line item data as well as all the receipt images.

    You can choose to only have receipt thumbnails or you can choose to add full page receipt images to the PDF. You can then share that PDF file with anyone who needs it. You can also break out the images/pages to customize which receipt images you send off. [Neat tool here.]

    Since the report PDF downloads a local copy to your computer, it does not have the receipt security limitation (the limitation only affects receipt URLs).

    This won't help all use cases mentioned here, but I hope it benefits at least a few of you.
  • Jason_Richards_25Jason_Richards_25 Expensify Customer Posts: 23 Expensify Admirer
    @Karisa_Latta at times I am pulling together receipts from 5+ employees to submit to a customer. Thumbnails are too small, so that's not an option. The report PDF means I am manually selecting which pages I want- employees submit reports monthly, not separate reports for each billable customer; completely inefficient. But on top of it your solution is to provide a link to something that requires a payment of $50/year? I already pay for Expensify, and your recommendation is to pay for something else to work around the receipt URL security?
  • Jason_Richards_25Jason_Richards_25 Expensify Customer Posts: 23 Expensify Admirer
    @maasj
    @Susanna_De_Bari1
    @samuel
    @cslim
    @Layne
    @guyellis1988
    @StephanieL789
    @Robert

    Everyone vote up on previous and new comments as this is how Expensify views feedback as important or not.
  • cslimcslim Expensify Customer Posts: 7 Expensify Newcomer
    @Karisa_Latta Thanks. Please see my feedback above already.

     (C) If you don’t want to add them to your policy, you can ask them to create a free account using their email. Then, once this account exists, the report can be shared with them to grant them access to view receipt URL images.

      Employee submits 1 report a month. In the report there are company benefits like mobile claims, travel, and then client(s) specific expenses which we mark reimbursable. One employee works across multiple clients and internal stuff and it’s ‘tag’ in the receipt itself. End of the month - I pull a report and filter by tags and send the spreadsheet and supporting docs for our invoices. So I cannot share reports to the clients.

      You suggestion would be mean we share non-client related receipts to the client which is not required, sharing data which is not required. 

      Having 1 report per claimable client is not workable either, employees have to managed 3-4 reports per submission, making it not user friendly at all.

    1. Cortney OfstadCortney Ofstad Expensify Success Coach - Admin Posts: 95 Expensify Team
      @cslim thank you for providing that additional context. Please note that the feedback on this post has been shared with the Expensify team directly. However, at this point we don't have any update or additional information about this change the receipt URLs. I apologize for any hassle that this causes, but as soon as there is an update, we will make sure to let everyone know. 

    Sign In or Register to comment.