Back to home

Privacy Policy

3 min read

1. Definitions and Interpretation

In this Privacy Policy:

  • Controller, we, us, or our means QuickBits OÜ.
  • Service refers to the website expensicat.com, mobile and web apps, and related software and tools.
  • Personal Data means any information relating to an identified or identifiable natural person.

2. Information We Collect

We collect the following categories of Personal Data:

  1. Account & Profile Data: Name, email, company name, billing address, password.
  2. Financial & Transaction Data: Bank account details, transaction history, invoice/receipt images.
  3. Technical & Usage Data: IP address, device identifiers, browser type, server logs, error reports.
  4. Cookies & Tracking Data: Cookies, web beacons, similar technologies to operate & analyze the Service.
  5. Third-Party Data: Data from integrations you authorize (e.g., banks, payment processors).

3. How We Collect Your Data

  • Directly from You: When you register, upload receipts, connect financial accounts, or contact support.
  • Automatically: Through cookies, server logs, and analytics services.
  • From Third Parties: Financial institutions, payment gateways, and other integrations you enable.

4. Purposes & Legal Bases for Processing

We process Personal Data to:

  • Provide, maintain, and improve our Service.
  • Authenticate and manage your account.
  • Process payments, billing, and transactions.
  • Communicate updates, security alerts, and support messages.
  • Personalize features, research, and analytics.

GDPR (EU Residents): We rely on consent, performance of contract, legal obligations, and legitimate interests (Art. 6 GDPR).
CCPA (CA Residents): We process for business purposes; you have the right to opt-out of "sale" or "sharing".

5. Sharing and Disclosure

We may share Personal Data with:

  • Service Providers & Subprocessors: Hosting, payment, analytics, and support partners under Data Processing Agreements.
  • Affiliates: QuickBits OÜ subsidiaries and affiliates for internal business purposes under the same standards.
  • Legal Authorities: To comply with laws, subpoenas, or enforceable governmental requests.
  • Business Transfers: In a merger, acquisition, or sale of assets, subject to confidentiality safeguards.

6. Subprocessors

We maintain an up-to-date list of subprocessors on our website. Key examples include:

  • Collective Solution: Receipt transcription.
  • CommonRoom: Customer insights & support platform.

7. Data Retention

We keep Personal Data only as long as necessary for the purposes outlined, or to comply with legal, tax, or accounting requirements. Financial records are retained for at least five (5) years.

8. International Data Transfers

QuickBits OÜ is headquartered in the EEA and may transfer your data globally under EU Standard Contractual Clauses and adequacy decisions.

9. Data Security

We implement technical and organizational measures including:

  • Encryption: HTTPS/TLS in transit; AES-256 at rest.
  • Vulnerability Scanning: Regular internal & external scans.

10. Your Rights

GDPR (EU Residents): Access, rectification, erasure, restriction, portability, objection. Contact: hello@quickbits.io.
CCPA (CA Residents): Know, delete, opt-out of sale/sharing. Requests: web form or hello@quickbits.io.

11. Children's Privacy

Our Service is not intended for children under 13 (US) or 16 (EU). We do not knowingly collect from minors; if discovered, we will delete such data.

12. Changes to This Policy

We may update this Policy for legal or operational reasons. Material changes will be posted with a new effective date and notified via email or in-app alert.

13. Contact Us

Email: hello@quickbits.io

← Back to all pages