1. Overview
    1. The Gold Standard of Security
    2. Data and Password Encryption
    3. Account Safety
    4. Our Commitment to GDPR

Encryption and Data Security

Overview

We take security seriously. Our measures align with what banks use to protect sensitive financial data. We regularly test and update our security to stay ahead of any threats. Plus, we’re checked daily by McAfee for extra reassurance against hackers. You can verify our security strength below or on the McAfee SECURE site.

Discover how Expensify safeguards your information below!

The Gold Standard of Security

Expensify follows the highest standard of security, known as the Payment Card Industry Data Security Standard. This standard is used by major companies like PayPal, Visa, and banks to protect online credit card information. It covers many aspects of how systems work together securely. You can learn more about it on the PCI-DSS website. And, Expensify is also compliant with SSAE 16!

Data and Password Encryption

When you press ‘enter,’ your data transforms into a secret code, making it super secure. This happens whether it’s moving between your browser and our servers or within our server network. In tech talk, we use HTTPS+TLS for all web connections, ensuring your information is encrypted at every stage of the journey. This means your data is always protected!

Account Safety

Protecting your data on our servers is our top priority. We’ve taken strong measures to ensure your data is safe when it travels between you and us and when it’s stored on our servers. In our first year, we focused on creating a super-reliable, geographically redundant, and PCI compliant data center. This means your data stays safe, and our systems stay up and running. We use a dual-control key, which only our servers know about. This key is split into two parts and stored in separate secure places, managed by different Expensify employees. With this setup, sensitive data stays secure and can’t be accessed outside our secure servers.

Our Commitment to GDPR

Expensify is fully committed to meeting the requirements of the General Data Protection Regulation (GDPR). We have implemented robust privacy, security, and data governance measures to protect personal data and uphold the rights of our EU customers.

Our commitment to protecting the privacy of our customer’s data includes:

  • Undergoing annual SOC 1 Type 2 and SOC 2 Type 2 audits by qualified, independent third-party auditors.
  • Maintaining PCI-DSS compliance.
  • Leveraging third-party experts to conduct yearly penetration tests.
  • All employees and contractors are subject to background checks (refreshed. annually), sign non-disclosure agreements, and are subject to ongoing security and privacy training.
  • We’ve signed Data Processing Addendums (DPAs) with all our vendors to ensure your data is handled safely during onward transfers.
  • Our product tools allow users to export data, manage preferences, and close accounts anytime.

For more detail, review our privacy policy.

Disclaimer: Please note that the information on this page is for informational purposes only and is not intended as legal advice. It’s essential to consult with legal and professional counsel to understand how GDPR may apply to your specific situation.

Didn't find what you were looking for?

Concierge is here to answer all your questions.