CarExpenses Logo

CarExpenses

FeaturesPricingFree ToolsContact
Sign InStart Free

Privacy Policy

Last updated: January 24, 2026

This Privacy Policy ("Policy") describes how CarExpenses ("CarExpenses", "we", "us" or "our") collects, uses, discloses, and protects the personal information of users ("User", "you" or "your") of the car-expenses.com website and CarExpenses application (collectively, "Website" or "Services").

CarExpenses is operated from Calgary, Alberta, Canada. We serve users worldwide and are committed to protecting your privacy in accordance with applicable laws, including:

  • Canada: Alberta's Personal Information Protection Act (PIPA) and the Personal Information Protection and Electronic Documents Act (PIPEDA)
  • European Union: General Data Protection Regulation (GDPR)
  • United Kingdom: UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018
  • United States: California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) for California residents

By using our Services, you consent to the collection, use, and disclosure of your personal information as described in this Policy. If you do not agree with this Policy, please do not use our Services.

Data Controller

CarExpenses is the data controller responsible for your personal information. For any privacy-related questions, concerns, or requests, please contact our Privacy Officer:

Privacy Officer
CarExpenses
Calgary, Alberta, Canada
Email: privacy@car-expenses.com

Personal Information We Collect

We collect personal information that you voluntarily provide to us when you register for an account, use our Services, or contact us. The types of personal information we collect include:

Account Information

  • Email address (required for account creation)
  • Name (optional)
  • Phone number (optional)
  • Profile picture (optional)
  • Password (stored in encrypted form)
  • Language and display preferences

Vehicle Information

  • Vehicle make, model, year, and type
  • License plate number (optional)
  • Vehicle identification number (VIN) (optional)
  • Odometer readings
  • Fuel tank capacity and fuel type
  • Insurance and registration details (optional)

Expense and Financial Data

  • Fuel purchase records (price, volume, station name)
  • Maintenance and repair costs
  • Parking fees, fines, tolls, and other expenses
  • Payment amounts and dates
  • Vendor and service provider names
  • Revenue records for business users (optional)

Location Data

  • Gas station and service location addresses (when you enter them or use location features)
  • Travel start and end points (for mileage tracking)
  • GPS coordinates (only when you explicitly use location-based features and grant permission)

Documents and Files

  • Uploaded receipts, invoices, and expense documentation
  • Vehicle documents (registration, insurance cards)
  • Service records and maintenance documentation
  • Any other files you choose to upload

Technical and Usage Information

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and features used
  • Date and time of access
  • Referring website or source

Purposes and Legal Bases for Processing

We process your personal information for the following purposes. For users in the EU/UK, we have also identified the legal basis for each processing activity under GDPR:

PurposeDescriptionLegal Basis (GDPR)
Account managementTo create and manage your account, authenticate your identity, and communicate with youPerformance of contract
Service deliveryTo provide vehicle tracking, expense management, reports, and other core featuresPerformance of contract
Payment processingTo process subscription payments through third-party processorsPerformance of contract
Location servicesTo auto-fill gas station information and track mileage when you enable location featuresConsent
Service improvementTo analyze usage patterns, fix bugs, and improve our ServicesLegitimate interest
SecurityTo protect against fraud, unauthorized access, and other security threatsLegitimate interest
CommunicationsTo send transactional emails, service notifications, and respond to inquiriesPerformance of contract / Legitimate interest
MarketingTo send newsletters and promotional content (with your consent)Consent
Legal complianceTo comply with legal obligations and respond to lawful requestsLegal obligation

We will not use your personal information for purposes other than those stated above without first obtaining your consent, except where permitted or required by law.

Data Storage and International Transfers

Important: Your personal information is stored on servers located in the United States.

By using our Services, you explicitly acknowledge and consent to the transfer and storage of your personal information in the United States. The privacy laws in the United States differ from those in Canada, the European Union, and other jurisdictions, and may not provide the same level of protection.

For Users in Canada

Under Alberta's PIPA, we are required to notify you that your personal information is stored outside of Canada. While your information is in the United States, it may be subject to lawful access requests by US courts, law enforcement, and government authorities, including under the USA PATRIOT Act.

For Users in the European Union and United Kingdom

When we transfer your personal data outside the European Economic Area (EEA) or the United Kingdom, we ensure appropriate safeguards are in place to protect your data. These safeguards include the use of Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on other lawful transfer mechanisms. You may request a copy of the relevant safeguards by contacting our Privacy Officer.

We take reasonable steps to protect your information regardless of where it is stored, including encryption of data in transit (TLS/SSL) and at rest, access controls, and regular security assessments.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our retention practices are as follows:

  • Active accounts: We retain your data for as long as your account is active and you continue to use our Services.
  • Account deletion: When you request account deletion, we will delete or anonymize your personal information within 30 days, except where we are required to retain certain information by law.
  • Backup copies: Residual copies in our backup systems may persist for up to 90 days before being overwritten.
  • Legal requirements: We may retain certain information longer if required for legal compliance, dispute resolution, or enforcement of our agreements.
  • Aggregated data: We may retain anonymized, aggregated data indefinitely for statistical and analytical purposes. This data cannot be used to identify you.

Disclosure of Personal Information

We do not sell, rent, or trade your personal information to third parties. We may disclose your personal information only in the following circumstances:

Service Providers

We use trusted third-party service providers to help us operate our Services. These providers process your personal information only on our behalf and are contractually obligated to protect your information. Our service providers include:

  • Hosting provider: Servers located in the United States for data storage and processing.
  • Payment processors: Third-party payment processors handle subscription payments. We do not store your credit card information on our servers.
  • Email service providers: For sending transactional emails and notifications.
  • Google Maps Platform: For location autocomplete and mapping features. Subject to Google's Privacy Policy.

Account Sharing

If you invite other users to your account (with Driver, Admin, or Viewer roles), those users will have access to vehicle and expense data within the account according to their permission level. You are responsible for managing who has access to your account.

Legal Requirements

We may disclose your personal information if required to do so by law or in response to valid legal requests, such as a court order, subpoena, or government investigation. We may also disclose information when we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, or investigate fraud.

Business Transfers

If CarExpenses is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Website before your personal information is transferred and becomes subject to a different privacy policy.

Your Privacy Rights

Depending on your location, you have certain rights regarding your personal information. We honor these rights for all users regardless of location where technically feasible.

Rights for All Users

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information.
  • Data portability: Receive your data in a structured, machine-readable format. Our export feature allows you to download your data at any time.
  • Withdraw consent: Withdraw consent for processing based on consent at any time.

Additional Rights for EU and UK Users (GDPR)

If you are located in the European Economic Area or the United Kingdom, you have the following additional rights under GDPR:

  • Right to object: Object to processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Right to restriction: Request restriction of processing in certain circumstances.
  • Right not to be subject to automated decision-making: We do not make automated decisions that produce legal or similarly significant effects.
  • Right to lodge a complaint: File a complaint with your local data protection authority (see below).

Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

  • Right to know: Request information about the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties with whom we share it.
  • Right to delete: Request deletion of your personal information.
  • Right to correct: Request correction of inaccurate personal information.
  • Right to opt-out of sale: We do not sell your personal information.
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

California "Shine the Light" Law: California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

How to Exercise Your Rights

To exercise any of these rights, please contact our Privacy Officer at privacy@car-expenses.com. We will respond to your request within the following timeframes:

  • Canada (PIPA): Within 45 days
  • EU/UK (GDPR): Within 30 days (may be extended by 60 days for complex requests)
  • California (CCPA/CPRA): Within 45 days (may be extended by an additional 45 days)

We may request verification of your identity before processing your request to protect your privacy and security. We will not charge a fee for processing your request unless it is manifestly unfounded or excessive.

Right to Complain

If you are not satisfied with how we handle your personal information or our response to your privacy request, you have the right to file a complaint with the appropriate supervisory authority:

Canada (Alberta)

Office of the Information and Privacy Commissioner of Alberta
410, 9925 - 109 Street NW
Edmonton, Alberta T5K 2J8
Phone: 780-422-6860
Toll-free: 1-888-878-4044
Website: www.oipc.ab.ca

European Union

You may lodge a complaint with the data protection authority in your EU member state. A list of EU data protection authorities is available at: European Data Protection Board

Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL protocols
  • Secure storage of data on protected servers with access controls
  • Secure password storage using industry-standard hashing algorithms
  • Regular security assessments and updates
  • Access controls limiting who can view your information
  • Regular backups to prevent data loss
  • Monitoring for suspicious activities

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

Data Breach Notification

In the event of a data breach involving your personal information that poses a real risk of significant harm to you, we will:

  • Notify you without unreasonable delay via email and/or notice on our Website
  • Report the breach to the relevant supervisory authorities as required by law, including the Office of the Information and Privacy Commissioner of Alberta (for Canadian users) and applicable EU/UK data protection authorities (within 72 hours where required by GDPR)
  • Provide information about the nature of the breach, the types of information involved, and steps you can take to protect yourself
  • Take appropriate measures to contain and remediate the breach

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve our Services. Cookies are small text files stored on your device that help us recognize you and remember your preferences.

Types of Cookies We Use

  • Essential cookies: Required for the Website to function properly, including authentication and security. These cannot be disabled.
  • Preference cookies: Remember your settings and preferences, such as language and display options.
  • Analytics cookies: Help us understand how visitors use our Website so we can improve it.

Cookie Consent (EU/UK Users)

For users in the European Union and United Kingdom, we will request your consent before placing non-essential cookies on your device. You can manage your cookie preferences at any time through our cookie settings or by adjusting your browser settings.

Managing Cookies

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse cookies or alert you when cookies are being sent. However, disabling essential cookies may affect your ability to use certain features of our Services.

Do Not Track

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. There is no uniform standard for how websites should respond to DNT signals. Our Website does not currently respond to DNT signals but we limit our tracking to what is necessary for operating and improving our Services.

Third-Party Services

Our Services may integrate with or contain links to third-party websites and services. This Privacy Policy does not apply to those third-party services. We encourage you to review their privacy policies.

  • Google Maps Platform: Used for location autocomplete and mapping features. Google Privacy Policy
  • Payment processors: Used to process subscription payments securely. Your payment information is handled directly by the payment processor and is not stored on our servers.

Children's Privacy

Our Services are not intended for children under the age of 13 (or 16 in the EU/UK). We do not knowingly collect personal information from children under these ages. If you are a parent or guardian and believe that your child has provided us with personal information, please contact our Privacy Officer immediately. If we become aware that we have collected personal information from a child under the applicable age, we will take steps to delete that information promptly.

Email Communications

We may send you the following types of email communications:

  • Transactional emails: Account verification, password resets, payment confirmations, and other service-related messages. These are essential and cannot be opted out of while you have an active account.
  • Service notifications: Maintenance reminders, feature updates, and important announcements about your account.
  • Marketing emails: Newsletters, tips, and promotional content. You may opt out at any time by clicking the unsubscribe link in any marketing email or by contacting us.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this Policy
  • Notify you via email or a prominent notice on our Website at least 30 days before the changes take effect
  • Obtain your consent where required by applicable law

Your continued use of our Services after the effective date of the revised Policy constitutes your acceptance of the changes. We encourage you to review this Policy periodically.

The current version of this Privacy Policy is always available at: https://car-expenses.com/privacy

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Privacy Officer
CarExpenses
Calgary, Alberta, Canada
Email: privacy@car-expenses.com

For general support inquiries (non-privacy related), please contact: support@car-expenses.com

BY USING OUR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL INFORMATION AS DESCRIBED HEREIN, INCLUDING THE TRANSFER AND STORAGE OF YOUR INFORMATION IN THE UNITED STATES.