About this list
This page identifies the third-party organizations that ExpenseGhost engages to Process customer Personal Data in the course of providing the Service. Each entity listed below acts as a “processor” under Article 4(8) of Regulation (EU) 2016/679 (the “GDPR”) and the United Kingdom General Data Protection Regulation, or as a “service provider” under the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (the “CCPA/CPRA”), and Processes Personal Data solely to perform the specific functions for which it has been engaged, in each case on our documented instructions. We do not list every vendor or tool used to build the Service — only those that receive, store, transmit, or otherwise Process Personal Data belonging to you or to the individuals you invite into your organization. Capitalized terms used but not defined on this page have the meanings given in our Privacy Policy.
Every subprocessor identified below is bound by a written data-processing agreement that incorporates the requirements of Article 28 GDPR (and analogous provisions of comparable laws), and that imposes confidentiality, security, and use-limitation obligations at least as protective as the commitments we make to you in our Privacy Policy. Subprocessors are contractually prohibited from selling Personal Data, from “sharing” Personal Data for cross-context behavioral advertising, from using Personal Data for their own marketing or for the training of general-purpose models, and from disclosing Personal Data to onward recipients except as strictly necessary to deliver their service and subject to equivalent contractual safeguards.
We update this page whenever we add, remove, or materially change the role of a subprocessor. To receive advance notice of changes, email privacy@expenseghost.app and ask to be added to our subprocessor notification list.
Subprocessors that Process Personal Data
The following providers Process Personal Data as part of delivering core ExpenseGhost functionality. Each entry describes the categories of data shared, the purpose of the engagement, and the geographic region in which the provider operates.
| Subprocessor | Purpose | Data processed | Location |
|---|---|---|---|
| Primary database, authentication, file storage, and transactional email delivery | Account profile data, organization records, receipts, expense classifications, journal entries, and authentication credentials | United States and Singapore | |
| Bank account aggregation, account verification, and transaction synchronization | Bank login credentials (held by Plaid, not us), institution identifiers, account and routing numbers, balance and transaction history | United States | |
| Subscription billing, invoicing, and payment card processing | Cardholder data, billing address, tax identifiers, subscription and invoice history, dispute and refund records | United States | |
| AI-assisted receipt extraction and transaction categorization | Receipt images and extracted text, merchant names, and transaction descriptions; account numbers and authentication material are redacted before transmission | United States | |
| In-product customer support messaging and ticketing | User email, full name, organization name, plan tier, and the contents of support conversations you initiate | United Kingdom and United States |
Infrastructure providers
The providers below operate the underlying network and compute layer on which ExpenseGhost runs. They do not maintain durable copies of Personal Data on our behalf and do not access Personal Data for any purpose beyond keeping the Service available, secure, and reachable. We list them here for completeness because Personal Data necessarily transits their systems while the Service is running.
| Provider | Purpose | Data exposure | Location |
|---|---|---|---|
| Application hosting for our web, API, and background worker processes | In-flight request and response payloads while a workload is executing; no persistent storage of customer data on our behalf | United States | |
| DNS resolution, edge routing, and inbound email forwarding for support@expenseghost.app | Network metadata (IP addresses, request headers, TLS fingerprints) and the contents of inbound support email while it is being routed to our ticketing system | Global edge network |
Contractual commitments
Before engaging any subprocessor, we conduct a security and privacy review proportionate to the volume and sensitivity of the Personal Data the provider will Process. Engagement is conditional on the execution of a data-processing agreement that incorporates, at a minimum: (i) a binding scope of Processing limited to ExpenseGhost's documented instructions; (ii) confidentiality undertakings extending to all personnel with access to Personal Data; (iii) appropriate technical and organizational security measures, including encryption of Personal Data in transit using TLS 1.2 or higher and at rest using AES-256 or an equivalent algorithm, role-based access controls, multi-factor authentication for personnel access to production systems, and continuous logging; (iv) prompt breach-notification obligations enabling us to meet our own statutory deadlines (including the seventy-two (72) hour notification window under Article 33 GDPR); (v) cooperation with audits, data-subject-rights requests, and regulatory inquiries; (vi) prompt deletion or return of Personal Data on termination of services and certification of the same; and (vii) flow-down of these obligations to any further subprocessors the provider may engage with our prior written authorization.
We monitor subprocessors on an ongoing basis through public security disclosures, SOC 2 Type II or ISO/IEC 27001 attestations where available, vulnerability advisories, and incident communications. Where a subprocessor materially fails to meet its obligations and cannot promptly remediate, we will transition the affected Processing activity to an alternative provider in a manner designed to preserve continuity and minimize disruption to Customers.
International data transfers
ExpenseGhost is headquartered in the United States, and several of the subprocessors listed above process data outside the country in which you reside. For transfers originating in the European Economic Area, the United Kingdom, or Switzerland, we rely on the European Commission's Standard Contractual Clauses, the United Kingdom International Data Transfer Addendum, and the Swiss Federal Data Protection and Information Commissioner's adapted clauses, in each case supplemented where necessary by additional technical and contractual safeguards identified through a transfer-impact assessment.
For transfers to providers certified under the EU–U.S., UK Extension, or Swiss–U.S. Data Privacy Frameworks, we additionally rely on the corresponding adequacy decisions. Where neither mechanism is available for a specific data flow, we limit the transfer to circumstances permitted by applicable derogations, document the basis, and apply enhanced minimization controls.
Data we do not share
We do not sell Personal Information, and we do not “share” Personal Information for purposes of cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Utah Consumer Privacy Act, or comparable United States state privacy laws. Subprocessors identified above receive only the minimum Personal Data necessary to perform the specific function for which they are engaged and are contractually prohibited from using that Personal Data to train general-purpose machine-learning or foundation models, to build independent behavioral profiles, to enrich third-party datasets, or to repurpose it for any objective other than delivering services to ExpenseGhost on our documented instructions.
Notice of changes
We will update this page before, or contemporaneously with, the addition of any new subprocessor that will Process customer Personal Data, and within a reasonable period after removing or materially changing the role of an existing subprocessor. Customers party to a written agreement that includes a contractual right to object to new subprocessors will receive advance notice in accordance with the terms of that agreement. For all other customers, the canonical record of subprocessor changes is this page together with the “Last Updated” date shown at the top.
Your rights
Depending on the jurisdiction in which you reside, you may have the right to access, correct, delete, port, restrict, or object to the Processing of your Personal Data, including Personal Data held by the subprocessors identified above on our behalf. To exercise any of these rights, contact us at privacy@expenseghost.app; we will coordinate with the relevant subprocessors as needed to fulfill your request and will respond within the timeframes required by applicable law. Additional information about how we honor data-subject-rights requests, including identity verification and authorized-agent procedures, is set out in our Privacy Policy.
Questions
If you have questions about how we Process your Personal Data, the role of a specific subprocessor, or the safeguards applied to international transfers, email privacy@expenseghost.app and we will route your inquiry to our privacy team.