Privacy Policy

Last updated: March 2026

Introduction

ExpatFolio ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our financial dashboard service designed for US expats in Europe.

Information We Collect

Personal Information

  • Name and email address (for account creation and communication)
  • Profile information you provide during onboarding
  • Household member information (when you add family members)

Financial Data

  • Bank account information and balances
  • Investment holdings and portfolio data
  • Property values and mortgage information
  • Transaction history and cash flow data
  • Tax compliance information (FBAR, FATCA, PFIC)

Technical Information

  • Device information and browser type
  • IP address and location data
  • Usage patterns and feature interactions
  • Session data and preferences

How We Store Your Data

Your data is stored securely using Supabase (PostgreSQL database) in the EU region. All data is encrypted at rest using industry-standard AES-256 encryption. Financial data is additionally encrypted using application-level encryption before storage.

We implement Row Level Security (RLS) to ensure that users can only access their own household data. Database backups are encrypted and stored in geographically separate locations.

Third-Party Services

We work with trusted third-party services to provide our platform:

  • Clerk: Authentication and user management
  • Stripe: Payment processing and subscription management
  • Plaid: Secure bank account connections (when available)
  • Resend: Transactional email delivery

These services may have access to limited personal information as necessary to provide their functions. We have data processing agreements with all third-party providers.

Your Rights (GDPR Compliance)

As a user, you have the following rights regarding your personal data:

  • Access: Request a copy of all personal data we hold about you
  • Rectification: Correct any inaccurate or incomplete information
  • Erasure: Request deletion of your account and all associated data
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit how we process your personal data
  • Objection: Object to certain types of data processing

To exercise these rights, please contact us at privacy@expatfolio.com. We will respond within 30 days of receiving your request.

Data Retention

We retain your data as follows:

  • Account Data: Stored until you request account deletion
  • Financial Data: Deleted immediately upon account closure
  • Usage Logs: Retained for 90 days for security and debugging purposes
  • Communication Records: Retained for 2 years for support purposes

Cookies and Tracking

We use the following types of cookies and local storage:

  • Session Cookies: Managed by Clerk for authentication (essential)
  • Preferences: Stored in localStorage for currency and filter settings
  • Security: CSRF tokens and session management

We do not use advertising cookies or third-party analytics. All cookies are functional and necessary for the service to operate properly.

Security Measures

We implement multiple layers of security to protect your data:

  • End-to-end encryption for data transmission (TLS 1.3)
  • Application-level encryption for sensitive financial data
  • Regular security audits and penetration testing
  • Multi-factor authentication options
  • Automated threat detection and monitoring

Data Breaches

In the unlikely event of a data breach, we will notify affected users within 72 hours via email and through the platform. We will also report the breach to relevant supervisory authorities as required by law.

Children's Privacy

ExpatFolio is not intended for use by children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us immediately.

International Transfers

Your data is primarily stored within the EU. When data is transferred outside the EU (such as for payment processing), we ensure adequate safeguards are in place through Standard Contractual Clauses or adequacy decisions.

Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be communicated via email and through the platform. Continued use of our service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@expatfolio.com
Subject: Privacy Inquiry
Response Time: Within 2 business days