Expensify is committed to keeping your data secure and transparent. You can access our latest SOC reports and compliance documentation below.

Expensify SOC 1 and SOC 2 reports

You can view or download the following audit documents to verify our security and operational controls:

• Bridge Letter for SOC 1 and SOC 2 – June 2025
• SOC 1 Type 2 Report – September 30, 2024
• SOC 2 Type 2 Report – September 30, 2024

Note: If you need additional details for vendor security reviews or procurement, reach out to your Account Manager or Concierge.

Additional Expensify legal resources

You can find more information about our legal and compliance commitments here:

• Expensify Terms of Service
• Expensify Privacy Policy
• List of Subprocessors

FAQ

Who can access Expensify’s SOC 1 and SOC 2 reports?

Anyone evaluating Expensify for security and compliance purposes can access these reports using the links above. If you’re a current customer, you can also request them from your Account Manager.

What is the bridge letter for?

The bridge letter explains the period between the last audit date and the current date to maintain coverage while a new audit is underway.