Privacy Policy
Effective June 29, 2026 · Providence Society
Overview
Providence Society ("we," "us," or "our") operates Expenz, an expense capture and approval platform that syncs approved expenses to QuickBooks Online. This Privacy Policy explains what information we collect, how we use it, and the choices available to you.
By using Expenz, you agree to the practices described here. If you use the service on behalf of a company, your organization may have additional policies that also apply.
Information we collect
We collect information needed to run expense workflows for your workspace:
- Account information — name, email address, and authentication data provided through our identity provider (Clerk), including organization membership.
- Expense data — descriptions, amounts, dates, categories, vendors, payment cards, job or customer assignments, approval status, and related metadata you or your team enter.
- Receipt files — images and PDFs you upload with expenses. Receipts are stored in secure cloud object storage associated with your workspace, not on end-user devices as the system of record.
- Integration data — when you connect QuickBooks Online, we store OAuth tokens and synced reference data (such as chart of accounts, vendors, customers, jobs, and payment card accounts) needed to post approved expenses.
- Technical data — server logs, IP address, browser or app type, and diagnostic information used for security, support, and reliability.
How we use information
We use collected information to:
- Provide expense capture, submission, approval, and receipt management features
- Authenticate users and enforce role-based access within each workspace
- Sync approved expenses and related reference data with QuickBooks Online at your direction
- Operate, secure, troubleshoot, and improve the service
- Respond to support requests and communicate about the service
- Comply with legal obligations and enforce our Terms of Service
We do not sell your personal information. We do not use your expense content or receipt files to train generalized AI models.
Role visibility and workspace access
Expenz is multi-tenant. Each client organization ("workspace") has its own data boundary. Within a workspace, access depends on assigned role:
- Employees can view and manage their own expense submissions.
- Accountants and owners can review, approve, or reject expenses across the workspace and manage integrations.
- Viewers have read-only access to workspace expense data.
Your workspace administrator controls membership and roles. If you have questions about who can see your data inside your company, contact your workspace owner.
QuickBooks Online
If your workspace connects QuickBooks Online, we access only the Intuit account and data scopes you authorize during OAuth. We use that access to:
- Import reference data (accounts, vendors, customers, jobs)
- Create Purchase transactions in QuickBooks for approved expenses
- Retry failed sync operations when you or an administrator requests it
We do not access your QuickBooks data without a valid connection authorized by a workspace administrator. You can disconnect QuickBooks from the Accounts area of your workspace. Intuit's own privacy policy also applies to data held in QuickBooks Online.
Service providers
We use trusted subprocessors to operate Expenz, including:
- Clerk — authentication, organization membership, and sign-in
- Cloud hosting and database providers — application hosting and PostgreSQL data storage
- Object storage providers — receipt file storage
- Intuit / QuickBooks Online — accounting integration when connected
These providers process data on our behalf under contractual obligations appropriate to their role. A current subprocessor list is available on request.
Data retention
We retain workspace data for as long as your organization uses the service and as needed to provide support, meet legal obligations, resolve disputes, and enforce agreements. When a workspace is deactivated, we delete or anonymize data within a reasonable period unless law requires longer retention.
Security
We use administrative, technical, and organizational measures designed to protect your information, including encrypted transport (HTTPS), access controls, tenant isolation, and restricted production access. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
Your rights and choices
Depending on where you live, you may have rights to access, correct, delete, or export personal information, or to object to certain processing. To make a request, contact us at privacy@expenz.app. Workspace employees should also contact their organization's administrator for role or access changes.
Children
Expenz is a business service not directed to children under 16. We do not knowingly collect personal information from children.
Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised version on this page and update the effective date. Material changes may also be communicated through the service or by email where appropriate.
Contact
Questions about this Privacy Policy or our data practices: privacy@expenz.app.