Privacy Policy

Last Updated: March 20, 2026

Welcome to Quick Expense ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our web application available at https://app.q-expense.com and our website at https://q-expense.com (collectively, the "Service").

Quick Expense is operated by , an individual based in Poland. We are committed to protecting your privacy and ensuring transparency about our data practices.

Important: By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Service.

1. Information We Collect

1.1 Information You Provide to Us

Google Account Information: When you sign in using Google OAuth, we receive your Google email address and basic profile information (name, profile picture) from Google.
Google Spreadsheet Link: You provide a link to your Google Spreadsheet where your expense data is stored.
Expense Data: The expense records you create (dates, amounts, categories, comments, etc.) are stored in your own Google Spreadsheet, not on our servers.

1.2 Information Automatically Collected

OAuth Access Tokens: We store OAuth access tokens server-side to facilitate communication with Google Sheets API on your behalf. These tokens are never sent to or stored in your browser.
Session Data: We maintain server-side session information to keep you logged in and to associate your configuration (spreadsheet link) with your account.
Log Data: Our servers may automatically log standard information such as IP addresses, browser types, access times, and pages viewed for security and operational purposes.

1.3 Cookies and Tracking Technologies

We use minimal cookies for session management and authentication purposes. We also use PostHog, a product analytics service, to understand how the application is used (e.g., page views, feature usage, device and browser types, geographic region). PostHog collects only aggregated, non-personally identifiable usage data. We do not use third-party advertising or marketing tracking cookies.

2. How We Use Your Information

We use the collected information for the following purposes:

Authentication: To verify your identity using Google OAuth and maintain your login session.
Service Provision: To enable you to add, view, and search expense records in your configured Google Spreadsheet.
Access Management: To validate your access permissions to the configured Google Spreadsheet.
Communication: To respond to your inquiries, provide support, and send important service-related notifications.
Security: To protect against unauthorized access, maintain data security, and prevent fraud.
Service Improvement: To monitor and analyze usage patterns to improve our Service (only with aggregated, non-personally identifiable data).
Legal Compliance: To comply with applicable laws, regulations, and legal processes.

3. How We Store and Protect Your Information

3.1 Data Storage

Your Expense Data: All your expense records are stored exclusively in your own Google Spreadsheet. We do not store or maintain copies of your expense data on our servers.
Configuration Data: Your spreadsheet link and associated configuration are stored in our backend server located in Frankfurt, Germany.
Access Tokens: OAuth access tokens are stored server-side in encrypted session storage and are never exposed to the browser.
Session Data: Session information is maintained during your active usage (maximum 30 days) and is automatically cleared afterward.

3.2 Data Security

We implement industry-standard security measures to protect your information, including:

HTTPS encryption for all data transmission
OAuth 2.0 with PKCE (Proof Key for Code Exchange) for secure authentication
Server-side session management with secure session tokens
Access tokens stored in memory only, never in browser storage
Regular security reviews and updates

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

4. Data Sharing and Disclosure

4.1 Third-Party Services

Google: We use Google OAuth for authentication and Google Sheets API to access your spreadsheet. Your use of Google services is subject to Google's Privacy Policy.
PostHog: We use PostHog for product analytics to understand usage patterns (page views, feature usage, device types, geographic region). Data is processed on PostHog's servers in the United States. PostHog's privacy policy is available at https://posthog.com/privacy.
Hosting Provider: Our backend infrastructure is hosted in Frankfurt, Germany. The hosting provider may have access to server logs and infrastructure data but not to the content of your expense data.

4.2 We Do NOT:

Sell, rent, or trade your personal information to third parties
Share your expense data with advertisers or marketing companies
Use your data for purposes other than providing the Service
Access or read your expense data unless necessary for technical support (and only with your explicit permission)

4.3 Legal Disclosures

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, or government agencies).

5. Data Retention

Expense Data: Stored indefinitely in your own Google Spreadsheet. You have full control over this data.
Configuration Data: Stored as long as you maintain an active account. You can request deletion at any time.
Access Tokens: Automatically expire according to Google's token expiration policy (typically within 1 hour) and are refreshed only when needed.
Session Data: Automatically deleted after 30 days or when you log out.
Log Data: Retained for up to 90 days for security and operational purposes.

6. Your Rights (GDPR and Other Regulations)

Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, you have the following rights:

Right to Access: You can request information about the personal data we hold about you.
Right to Rectification: You can request correction of inaccurate or incomplete data.
Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data.
Right to Restriction: You can request restriction of processing under certain circumstances.
Right to Data Portability: You can request a copy of your data in a structured, machine-readable format.
Right to Object: You can object to processing of your personal data.
Right to Withdraw Consent: You can withdraw consent at any time by discontinuing use of the Service.

To exercise any of these rights, please contact us using the information provided below.

7. Google OAuth and Permissions

7.1 OAuth Scopes

Quick Expense requests the following Google OAuth scope:

https://www.googleapis.com/auth/drive.file - This provides read and write access only to the specific Google Spreadsheet you select or link in the app. We request only this minimal scope following the principle of least privilege.

7.2 Revoking Access

You can revoke Quick Expense's access to your Google account at any time by visiting your Google Account Permissions page. Note that revoking access will prevent you from using the Service.

7.3 Google's Use of Information

Quick Expense's use and transfer of information received from Google APIs adheres to Google API Services User Data Policy, including the Limited Use requirements.

8. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us so we can delete such information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including Germany (where our servers are located) and the United States (where Google's services may be located). These countries may have data protection laws that differ from those in your country.

When we transfer personal data from the European Economic Area (EEA) to other countries, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

Updating the "Last Updated" date at the top of this Privacy Policy
Posting a prominent notice on our website or app
Sending you an email notification (if we have your email address)

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Controller:

Email:

Location: Poland

Website: https://q-expense.com

12. Additional Information for EEA Residents

12.1 Legal Basis for Processing

We process your personal data based on the following legal grounds:

Consent: You provide consent when you sign in using Google OAuth and configure the Service.
Contract: Processing is necessary to provide the Service you have requested.
Legitimate Interests: We process data for security, fraud prevention, and service improvement purposes.
Legal Obligation: We may process data to comply with legal requirements.

12.2 Supervisory Authority

If you are located in the EEA and believe we have not addressed your concerns adequately, you have the right to lodge a complaint with your local data protection supervisory authority.

For Poland, the supervisory authority is:

Urząd Ochrony Danych Osobowych (UODO)
Website: https://uodo.gov.pl