Logo xpendee
Features Pricing FAQ
Log in Register
Legal

Privacy Policy

Last Updated: June 4, 2025
Effective Date: June 4, 2025

1. Introduction

Xpendee ("we", "our", or "us") is a product of Finity Sync, a remote-first company operating from Gujranwala, Pakistan. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform at https://xpendee.com.

By using Xpendee, you agree to the collection and use of information as described in this policy.

2. Who We Are

3. Who This Policy Applies To

This policy applies to all users of Xpendee, including:

  • Tenants (Agencies and Businesses who register and use the platform)
  • Clients (individuals or businesses who receive invoices, proposals, or contracts through Xpendee)
  • Freelancers (individuals whose work records are managed within the platform by a Tenant)

4. Information We Collect

4.1 Account Registration (Tenants)

When you create an account, we collect:

  • Full name and email address
  • Password (stored in encrypted form)
  • Company name, phone number, address, and website
  • Tax number (if provided)
  • Google Account ID (if you sign in via Google)
  • IP address at the time of registration

4.2 Client Information

When Tenants create invoices, contracts, or proposals for their clients, the following client data is stored on our platform:

  • Full name, email address, phone number
  • Company name and address
  • E-signature data (name, email, signature image, and timestamp) when a contract is signed

4.3 OTP and Authentication Data

  • One-time passwords (OTPs) and their expiry times for email-based verification
  • Two-factor authentication (2FA) setup data via Google Authenticator

4.4 Expense and Financial Data

  • Expense categories, amounts, currencies (PKR/USD and others)
  • Expense descriptions
  • Uploaded receipts (images or PDF files)

4.5 Technical Data

  • IP address
  • Browser and device information (collected passively via server logs)

5. How We Use Your Information

We use the collected information to:

  • Create and manage your Xpendee account
  • Generate and deliver invoices, contracts, and proposals
  • Process and verify e-signatures
  • Send OTP verification emails and system notifications
  • Maintain expense records and financial reports for your business
  • Provide white-label client portal access to your clients
  • Allow Super Admins (Finity Sync team) to manage the platform and provide support
  • Improve platform features and ensure security

6. Third-Party Services

We use the following third-party services which may process your data:

  • Google OAuth (via Laravel Socialite): For login via Google. Google's Privacy Policy applies: https://policies.google.com/privacy
  • Google Authenticator: For two-factor authentication setup. Data is processed locally on your device.
  • SMTP Email Services: For sending system emails. Your email address may be processed by our email delivery provider.

We do not use any third-party payment processors (such as Stripe or PayPal). All subscription payments to Finity Sync are made via manual bank transfer.

7. Data Storage and Security

  • All data is stored on secure servers located in Pakistan, provided by our local hosting partner.
  • We implement industry-standard security measures including encrypted passwords, OTP-based verification, and tenant-level data isolation.
  • Each tenant's data is strictly isolated from other tenants using unique tenant identifiers. Client portal access is protected by secure passwords.
  • We retain your data for as long as your account is active. Upon account deletion, data may be retained for up to 90 days before permanent deletion, unless required by law.

8. Data Sharing

We do not sell, rent, or trade your personal information to any third party. We may share data only in the following cases:

  • With third-party service providers listed in Section 6, solely to operate the platform
  • If required by Pakistani law or a valid legal request from authorities
  • To protect the rights, safety, or property of Finity Sync or its users

9. Your Rights

As a user of Xpendee, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Withdraw consent for data processing (where applicable)

To exercise any of these rights, contact us at support@finitysync.com.

10. Cookies

Xpendee uses session cookies to maintain your login state and platform preferences. We do not use third-party advertising or tracking cookies.

11. Children's Privacy

Xpendee is a business-to-business (B2B) platform intended for users who are 18 years of age or older. We do not knowingly collect information from minors. If we become aware that a minor has registered, we will delete their account immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of Xpendee after changes constitutes acceptance of the updated policy.

13. Contact Us

For any privacy-related questions or requests: