Privacy Policy

Geecon Global Limited ("SpendGenie", "we", "us", or "our") is a company registered in England and Wales. We operate the SpendGenie expense management platform, accessible at spendgenie.com and app.spendgenie.com. For the purposes of the UK GDPR and EU GDPR, Geecon Global Limited is the data controller for personal data collected through our website and platform. Contact: privacy@spendgenie.com

We collect the following categories of personal data: Account and identity data: Name, email address, job title, company name, and profile information provided at registration. Expense and financial data: Expense amounts, merchant names, categories, dates, business purpose notes, and receipt images uploaded by users. Usage data: Information about how you use our platform, including pages visited, features used, and session duration. Device and technical data: IP address, browser type and version, operating system, device identifiers, and cookies. Communications data: Messages sent through our support channels, feedback forms, and email correspondence. Payment data: Payment method information for subscription billing (processed by our payment provider; we do not store raw card numbers).

We use personal data for the following purposes: Providing our service: To operate the SpendGenie platform and deliver the features you use, including expense logging, approvals, reporting, and notifications. Account management: To manage your account, authenticate your identity, and communicate about your account status. Improving our product: To analyse usage patterns and improve the SpendGenie platform. This analysis uses aggregated and anonymised data where possible. Customer support: To respond to your enquiries, troubleshoot issues, and provide assistance. Marketing communications: To send product updates, feature announcements, and relevant content — only with your consent, and with easy unsubscribe at any time. Legal compliance: To comply with applicable laws, regulations, and legal proceedings.

We process personal data on the following legal bases under UK GDPR: Contract performance: Processing necessary to provide the SpendGenie service you have subscribed to. Legitimate interests: Processing for product improvement, fraud prevention, and customer support, where our interests are balanced against your rights. Consent: For marketing communications and non-essential cookies, where you have given explicit consent. Legal obligation: Processing required to comply with applicable law.

We retain personal data for as long as necessary to provide our service and meet our legal obligations: Active accounts: Data is retained for the duration of your subscription. After cancellation: Account data is retained for 30 days following account cancellation, after which it is permanently and securely deleted. You can export your data at any time before deletion. Financial records: Transaction and expense records may be retained for up to 7 years to comply with HMRC and accounting requirements. You can request earlier deletion of your data by contacting privacy@spendgenie.com, subject to any legal retention obligations.

We do not sell, rent, or trade your personal data to third parties. We share data with the following categories of service providers who process data on our behalf: Cloud infrastructure (Amazon Web Services): For hosting and data storage. Payment processing (Stripe): For subscription billing. Email services: For transactional and marketing communications. Analytics (anonymised): For product improvement analytics. All processors are bound by data processing agreements and may only process data for the purposes we specify. We may share data with legal authorities when required by law or to protect our rights.

Under UK GDPR and EU GDPR, you have the following rights: Right of access: Request a copy of the personal data we hold about you. Right to rectification: Request correction of inaccurate or incomplete data. Right to erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements. Right to restrict processing: Request that we limit how we process your data. Right to data portability: Receive your data in a structured, machine-readable format. Right to object: Object to processing based on legitimate interests, including direct marketing. Rights related to automated decision-making: Request human review of any automated decisions. To exercise any of these rights, contact us at privacy@spendgenie.com. We will respond within 30 days.

We use cookies and similar tracking technologies. Please see our Cookie Policy for full details on what cookies we use, why, and how to control them. Essential cookies are necessary for the platform to function. You can control non-essential cookies through our cookie preference centre.

We implement appropriate technical and organisational measures to protect your personal data, including 256-bit AES encryption at rest, TLS 1.3 for data in transit, access controls, and regular security testing. See our Security page for full details. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay.

SpendGenie primarily stores and processes data within the UK and EU. Where data is transferred outside these regions (for example, to third-party service providers), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or prominent notice on our platform. The "last updated" date at the top of this page reflects the most recent revision.

For privacy-related enquiries, to exercise your rights, or to raise a concern: Email: privacy@spendgenie.com Post: Geecon Global Limited, Privacy Team, [Address], London, United Kingdom You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data appropriately.