Expensify.org/hunger SNAP campaign status
We’re no longer accepting new participants as our focus is on reimbursing existing claims. While we’re unable to provide a specific timeline on when your report will be reimbursed, we’re doing our best to drive donations and keep reimbursements moving forward. If you know anyone who can donate to this campaign please encourage them to enable Personal or Corporate Karma on their Expensify account.

We're currently experiencing issues with our American Express and Capital One connections. Please visit our status page for more details and to subscribe to updates.

Deep Dive: Our commitment to GDPR

Matt MooreMatt Moore Expensify Customer, Expensify Team Posts: 68 Expensify Team
edited January 29 in Deep Dive Docs

At Expensify, we are committed to being transparent with our customers regarding our privacy practices and compliance with European Union (EU) privacy regulations. We value your trust and are dedicated to protecting your privacy.

Our commitment to protecting the privacy of our customer’s data includes:

  • Being active participants in the EU-US Privacy Shield and Swiss-US Privacy Shield Frameworks
  • Undergoing annual SSAE-18 SOC 1 Type 2 audit by a qualified, independent third-party auditors
  • Maintaining PCI-DSS compliance
  • Leveraging third-party experts to conduct annual penetration tests
  • All employees and contractors are subject to background checks (refreshed annually), sign non-disclosure agreements and are subject to ongoing security and privacy training

What is GDPR? 

General Data Protection Regulation (GDPR) proposed by the European Commission will strengthen and unify data protection for individuals within the European Union (EU), whilst addressing the export of personal data outside the EU. The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they handle EU citizens’ personal data. The compliance deadline for GDPR was May 25, 2018.

Preparing for the GDPR 

We have been working hard to ensure compliance with GDPR ahead of the deadline. Below are some of the things we revised in light of GDPR:

  1. We have strengthened our security infrastructure and have reviewed our data privacy policies in anticipation of GDPR
  2. We have appointed a dedicated Data Protection Officer, who can be reached via email at [email protected]
  3. We have signed Data Processing Addendums (DPAs) with all of our vendors to ensure onward transfer of your data is safe
  4. We have published details regarding the sub-processors we use here.
  5. We maintain E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield certification for international data transfers
  6. We have a Data Processing Addendum that sets out terms for us to meet our GDPR requirements with our customers; you can request this by messaging [email protected]
  7. We provide tools for users to export their datamanage their preferences and close their account on their own, at any time, in product


Guide to exporting your data on Expensify

Expensify’s Privacy Policy

Expensify’s Sub-processors 

Managing your preferences

Closing your account


The content on this page is provided for informational purposes only and the information shared here is not meant to serve as legal advice. You should work with legal and other professional counsel to determine exactly how the GDPR may or may not apply to you.

Sign In or Register to comment.