Privacy Policy
Last updated: 21/06/2026
1. Who we are
Expenzez is an expense-tracking mobile application operated by Biszaal Tech Ltd ("Expenzez", "we", "our", or "us"). We are the data controller responsible for your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Controller: Biszaal Tech Ltd (registered in England and Wales)
Company number: 16693100
Registered office: 71-75 Shelton Street, London, WC2H 9JQ, United Kingdom
ICO registration number: ZC055545
Privacy contact: privacy@expenzez.com
This policy explains what personal data we collect, why, the legal bases we rely on, who we share it with, how long we keep it, and the rights you have. By "Service" we mean the Expenzez mobile app and related websites and support channels.
2. What Expenzez does (and does not) do
Expenzez is a tool that helps you record and understand your own spending. You add data manually or by importing a CSV file (for example, a statement you have exported from your bank). Expenzez does not connect to your bank, does not access your bank accounts, and never moves money. We are not a bank, payment service, or regulated financial adviser, and we do not provide regulated financial advice.
3. Information we collect
3.1 Account and identity information
- Name and username
- Email address
- Date of birth (used to confirm you are 18 or over)
- Phone number (optional — used for account security if you provide it)
- Address (optional)
3.2 Financial information you enter
This is data you choose to add or import. It can include:
- Transaction amounts, dates, descriptions and merchant names
- Categories you assign, budgets and savings goals
- Balances and spending summaries derived from the data you enter
Transaction descriptions can sometimes reveal sensitive details about you (for example, a payment to a place of worship or a medical clinic). We only process this data to provide the Service and we do not use it to infer or record special category data about you.
3.3 Subscription and billing information
Paid subscriptions (Expenzez Pro) are purchased and billed through the Apple App Store or Google Play and managed via RevenueCat. We receive your subscription status (for example, active or expired) but we do not receive or store your card or payment details — those are handled by Apple, Google and their payment processors.
3.4 Device and usage information
- Device type, operating system and app version
- App-usage analytics (screens viewed, features used) — only if you consent
- Crash and diagnostic reports — only if you consent
- Advertising identifiers (such as the Apple IDFA or the Google Advertising ID) and limited ad-interaction data — used by our advertising partner to show ads in the free version of the app (see section 7). Expenzez Pro subscribers do not see ads.
Analytics and crash reporting are switched off by default. You can turn them on or off at any time in the app under Settings → Data & Privacy, and via the cookie banner on this website.
4. Why we use your data and our legal bases
Under UK GDPR we must have a lawful basis for each use of your data:
| Purpose | Legal basis |
|---|---|
| Creating and running your account; storing and displaying the data you enter | Performance of our contract with you |
| Categorising transactions and generating AI-powered insights and budgeting tools | Performance of our contract / our legitimate interest in providing core features |
| Verifying you are 18 or over | Legal obligation / legitimate interest in operating an 18+ service |
| Analytics and crash reporting | Your consent (which you can withdraw at any time) |
| Showing ads in the free version of the app | Our legitimate interest in offering a free, ad-supported tier (non-personalised ads); your consent (personalised ads) |
| Account security, preventing fraud and abuse | Our legitimate interest in keeping the Service secure |
| Service emails (e.g. verification, security, important updates) | Performance of our contract |
| Optional marketing messages | Your consent |
| Meeting legal and regulatory obligations | Legal obligation |
5. AI features and automated processing
To categorise transactions and produce insights, some of the text you enter (such as transaction descriptions or questions you ask the in-app assistant) is sent to our AI processor, OpenAI, for processing. This processing is done to provide the feature you have requested; OpenAI does not use API data to train its models.
Our insights and recommendations are produced by automated analysis (profiling) of the data you enter, but they are provided for information only and do not constitute financial advice. We do not make any decision about you that produces legal effects or similarly significant effects solely by automated means.
6. Who we share your data with
We do not sell your personal data. We share it only with service providers who process it on our behalf under contract, and only as needed to run the Service:
- Amazon Web Services (AWS) — secure cloud hosting and database storage (London / UK region)
- OpenAI — AI transaction categorisation and insights (United States)
- Google / Firebase — app analytics and (where used) sign-in and address lookup (only with your consent for analytics)
- Sentry — crash and error diagnostics (only with your consent)
- RevenueCat, Apple and Google — subscription management and billing
- Google AdMob — advertising in the free version of the app (see section 7)
We may also disclose data where required by law, to protect our rights or users' safety, or in connection with a business sale or reorganisation.
7. Advertising
The free version of Expenzez is supported by ads. We use Google AdMob to show ads in the app. Expenzez Pro subscribers do not see any ads.
To show ads, Google AdMob and its partners may collect and use a mobile advertising identifier (the Apple IDFA on iOS or the Google Advertising ID on Android), together with limited information about your device and how you interact with ads. Google acts as an independent controller for ad delivery and measurement; see Google's policies for details. We never share the financial data you enter with advertisers, and your transactions are never used to target ads.
Your choices:
- Personalised vs non-personalised ads. In the UK and EEA we ask for your consent (via Google's consent prompt) before showing personalised ads. If you decline, you will still see ads, but they will be non-personalised.
- iOS App Tracking Transparency. On iOS we ask permission before using your advertising identifier (IDFA). If you decline, ads are non-personalised. You can change this under iOS Settings → Privacy & Security → Tracking.
- Android. You can reset or delete your Advertising ID, or opt out of ad personalisation, under Android Settings → Privacy → Ads.
- Remove ads entirely. Upgrade to Expenzez Pro to use the app with no ads.
8. International data transfers
Your data is stored in the United Kingdom. However, some of our service providers (including OpenAI, Google, Sentry and RevenueCat) process data in the United States or other countries outside the UK. Where data is transferred outside the UK, we rely on appropriate safeguards, such as the UK International Data Transfer Agreement (IDTA), the EU Standard Contractual Clauses with the UK Addendum, or the UK Extension to the EU–US Data Privacy Framework where the provider is certified.
9. How long we keep your data
We keep your personal data for as long as your account is active. When you delete your account, we permanently delete your personal data and the financial data you entered, normally immediately and in any event within 30 days, except for limited records (such as records of a transaction or information we are legally required to retain) which we keep only for as long as the law requires.
10. How we protect your data
- Encryption of data in transit (TLS) and at rest
- Optional PIN and biometric (Face ID / fingerprint) lock on your device
- Access controls limiting who can access systems and data
- Filtering of sensitive values out of diagnostic logs
No method of transmission or storage is completely secure, but we take reasonable steps to protect your information.
11. Your rights
Under UK GDPR you have the right to:
- Access a copy of your personal data
- Have inaccurate data corrected
- Have your data erased (you can delete your account in the app, or contact us)
- Restrict or object to processing
- Data portability
- Withdraw consent at any time (for example, for analytics) without affecting prior processing
To exercise any of these rights, contact privacy@expenzez.com. We will respond within one month.
You also have the right to complain to the Information Commissioner's Office (ICO), the UK data protection regulator, at ico.org.uk or on 0303 123 1113. We would, however, appreciate the chance to address your concerns first.
12. Children
Expenzez is intended only for adults. You must be 18 or over to create an account, and we ask for your date of birth at sign-up to confirm this. The Service is not directed at children, and we do not knowingly collect personal data from anyone under 18. If you believe a person under 18 has provided us with personal data, please contact privacy@expenzez.com and we will delete it.
13. Cookies and similar technologies
Our website uses only essential cookies by default. Analytics cookies are set only after you accept them via the cookie banner. In the app, analytics and crash-reporting identifiers are used only if you opt in under Settings → Data & Privacy. You can change your choice at any time. In the free version of the app, advertising identifiers are also used to show ads — see section 7. Expenzez Pro removes ads.
14. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version here and change the "Last updated" date. Where changes are significant, we will take reasonable steps to notify you.
15. Contact us
Company: Biszaal Tech Ltd
Privacy & data requests: privacy@expenzez.com
General support: support@expenzez.com
Address: 71-75 Shelton Street, London, WC2H 9JQ, United Kingdom