Explyra™
🔒 Legal

Privacy Policy

Last Updated: March 8, 2026

We respect your privacy and are committed to protecting your personal data. This policy explains how we collect, use, and protect your information.

Data Collection

Minimal collection for core features and analytics.

Your Rights

Full control: access, export or delete at any time.

Encryption

Military-grade AES-256 for all financial records.

1Introduction

We value your privacy. This Privacy Policy explains how Explyra™ collects, uses, and protects information when you use our platform. By using our services, you agree to the collection and use of information in accordance with this policy.

If you have any questions about this policy, please contact us at the details provided at the end of this document.

2Information We Collect

We collect information to provide better services to all our users. The types of information we collect include:

  • Personal Information: Name, display name, email address, and company details provided during registration.
  • Financial Data: Expense records, receipts, and budget allocations submitted or processed through the platform.
  • Integrations Data: When you connect third-party services like Google Drive or Gmail, we access specific data (files, metadata, or emails) as authorized by your permissions.
  • Technical Usage Data: IP address, browser type, operating system, and device identifiers.
  • Activity Data: Pages visited, time spent on the platform, and feature interaction logs via Google Analytics.

3How We Use Your Data

We use the collected information to:

  • Provide and maintain the Explyra™ platform
  • Improve and personalize our services
  • Provide customer support and respond to queries
  • Send important product updates and announcements
  • Ensure security and prevent fraudulent activity
  • Comply with legal obligations

4Google Analytics 4 (GA4) Disclosure

We use Google Analytics 4 (GA4) to understand how users interact with Explyra™. This service helps us improve our features and provide a better user experience. GA4 collects data through cookies and device identifiers, including:

  • Event Tracking: We track specific actions like clicks, page views, scrolls, form submissions, and search queries within the platform.
  • User Properties: We may collect anonymized user properties such as preferred language, city (broad location), device category, and subscription status to personalize content.
  • Enhanced Measurement: GA4 automatically captures outbound clicks, site search interaction, video engagement, and file downloads.
  • Data Retention: We have configured GA4 to retain user-level and event-level data for 14 months, after which it is automatically deleted.

Note: IP addresses are anonymized by default in GA4. This data is used for internal business analysis and performance optimization only. You can prevent GA4 from using your information by using the Google Analytics Opt-out Browser Add-on.

5Google API Services & Workspace Integration

Explyra™ integrates with Google Workspace APIs to provide a seamless financial management experience. Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Google Drive Integration

When you enable Google Drive integration, we request the https://www.googleapis.com/auth/drive.file scope. This allows us to:

  • Create a dedicated "Explyra Receipts" folder in your Drive.
  • Upload scanned receipts and financial documents directly from our app.
  • Access only the files created by the Explyra™ app or those you specifically select.

Gmail Integration

Our "Smart Invoicing" feature uses the https://www.googleapis.com/auth/gmail.readonly scope to:

  • Scan your inbox for specific keywords related to invoices, billing, and financial receipts.
  • Automatically import relevant invoice details into your Explyra™ Expense dashboard.
  • Security: We do not store your full emails. We only extract the metadata and relevant text content required for document creation. We never read or store personal correspondence beyond financial documentation.

Data Privacy Commitment

We do not use data obtained through Google Workspace APIs to develop, train, or improve generalized AI or machine learning models. Furthermore, this data is never shared with third-party advertisers or data brokers.

6Data Storage & Security

Your data is securely stored using enterprise-grade cloud infrastructure. We retain your information only for as long as necessary to provide our services. Key security measures include:

  • AES-256 encryption at rest for sensitive data
  • Stingent TLS 1.3 encryption for data in transit
  • Regular security audits and vulnerability assessments
  • Multi-factor authentication (MFA) support for user accounts

7Third-Party Services

To provide a high-quality experience, we utilize several third-party providers:

  • Firebase/Google Cloud: Backend infrastructure, authentication, and secure database management.
  • Vercel: Hosting and content delivery network (CDN) for fast performance.
  • Stripe/Razorpay: Secure payment processing for premium subscriptions.

8User Rights (GDPR & CCPA)

Explyra™ is committed to data transparency. Regardless of your location, you have the right to:

  • Access, update, or delete your personal data
  • Request a copy of your stored data in a portable format
  • Revoke third-party app permissions (Google Drive/Gmail) at any time
  • Opt-out of non-essential tracking and marketing emails

9California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: You can request that we disclose the categories and specific pieces of personal information we have collected.
  • Right to Delete: You can request the deletion of personal information we have collected from you.
  • Right to Correct: You can request the correction of inaccurate personal information.
  • Right to Opt-Out: We do not "sell" or "share" your personal information for cross-context behavioral advertising as defined by California law.

10International Data Transfers

Explyra™ is based in India, and your data may be processed on servers located in the United States and other regions. For users in the European Economic Area (EEA), we use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure the protection of your data during international transfers.

11AI Data Processing & Training

To improve our automated features, we may use anonymized and aggregated data to refine our machine learning models. However:

  • We never use your private financial records or personal correspondence from integrated Google accounts to train generalized AI models.
  • Any AI processing for features like "Smart Import" happens in a secure, isolated environment.
  • You can opt-out of sharing anonymized usage statistics in your Account Settings.

12Data Retention Routine

We retain your personal information only for as long as your account is active or as needed to provide you with Services. We also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Anonymized analytics data is stored for up to 14 months.

13Virginia (VCDPA) & Other States

Residents of Virginia, Colorado, Connecticut, and Utah also have specific privacy rights under their respective state laws. Explyra™ offers consistent data rights to all US residents, including the right to access, correct, and delete their data.

14Children's Privacy

Our Service is not directed to anyone under the age of 16. We do not knowingly collect personally identifiable information from children under 16. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us.

15Cookies & Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. For detailed information, please see our Cookie Policy.

16Law Enforcement & Legal Requests

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

17Business Transfers

If Explyra is involved in a merger, acquisition, or asset sale, your personal data may be transferred. We will provide notice before your personal data is transferred and becomes subject to a different Privacy Policy.

18Sub-processors & Data Hubs

We work with trusted third-party sub-processors to ensure global availability and high-performance data processing. These include:

  • Google Cloud Platform (GCP): Primary cloud infrastructure and localized data residency.
  • Cloudflare: Edge security, CDN, and DDoS protection for sensitive endpoints.
  • Postmark/SendGrid: Transactional communications and encrypted email delivery.

Each sub-processor undergoes a rigorous security assessment and is bound by Data Processing Agreements (DPA) that meet or exceed our internal standards.

19Data Resilience & Disaster Recovery

Explyra maintains a robust Disaster Recovery (DR) and Business Continuity Plan (BCP). We perform automated daily backups of all user data using point-in-time recovery (PITR) mechanisms. Our infrastructure is designed for high availability (99.9%+) with multi-region failover capabilities.

20Security Disclaimer

While we use commercially acceptable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee its absolute security.

21DPO & Compliance Officer

We have appointed a Data Protection Officer (DPO) to oversee compliance with this policy. If you have any questions or concerns, please reach out directly.

22Contact & Legal Notices

For any privacy-related inquiries or to exercise your data rights, contact our Data Protection Office:

📧 Email: [email protected]
🏢 Explyra Privacy Dept. · Delhi, India
🌐 Support: explyra.me/support