Privacy Policy

1. Overview

This Privacy Policy explains what personal information Reimba ("Reimba", "we", "us", "our") collects, how we use it, who we share it with, how long we keep it, and the choices you have. It applies to the Reimba web app, mobile apps, APIs, and related services (the "Service"). We collect only what we need to operate the Service for you and your workspace.

Where Reimba processes information on behalf of a company workspace (such as the expenses, receipts, and payout details its members submit), that company is the controller of the data and Reimba acts as its processor. Workspace administrators decide how their workspace uses the Service and who may access it.

2. Information we collect

• Account data — name, email, workspace role, and authentication identifiers (handled by our identity partner, Clerk).
• Expense data — amounts, currencies, dates, vendors, categories, mileage and trip details, receipts, and any notes you attach.
• Payout data — bank account or payment-method details collected to disburse approved reimbursements, processed through our payment providers.
• Communications — messages you send us (for example, support requests) and your notification and email preferences.
• Usage and device data — logs, device metadata, IP address, and diagnostic information used to keep the Service secure and reliable.

3. How we use information

We use your information to (a) operate the Service and process expenses and reimbursements, (b) enforce approval policies set by your workspace administrator, (c) detect and prevent fraud, abuse, and security incidents, (d) provide support and communicate with you about your account and the Service, (e) improve and develop the Service, and (f) comply with legal, tax, and accounting obligations. We do not use your Customer Data to train third-party advertising models, and we do not sell your personal information.

4. Payment providers and sub-processors

We share information with vetted service providers strictly to operate the Service, under contracts that require them to protect it and use it only on our instructions. These include:

• Payment providers — Paystack and Flutterwave process collections and payouts. When a reimbursement is collected or disbursed, the relevant payout and beneficiary details are shared with the provider handling that transaction, subject to its own privacy terms.
• Identity — Clerk manages sign-in and authentication.
• Object storage — uploaded receipts and exported journal files are stored in secured cloud object storage.
• Email and messaging — providers used to deliver transactional email and SMS one-time codes.
• Cloud hosting and logging — infrastructure that runs and monitors the Service.

Within your workspace, data is visible to other authorised members according to their role — for example, managers and accounting can see expenses routed to them for approval, and administrators can manage workspace settings and members.

5. Retention

We keep expense, payout, and audit records for as long as your workspace requires them or as required by applicable law and tax or accounting rules. If you deactivate your account, your sign-in credentials are removed and you can no longer access Reimba, but expenses and records you previously submitted remain in your workspace's records, attributed to you, for audit and compliance purposes. Workspace owners may request deletion of workspace data subject to these legal retention requirements.

6. Your rights

Depending on where you live, you may have rights to access, correct, export, restrict, or delete your personal information, and to object to certain processing. You can deactivate your own account at any time from the in-app Settings (web) or Profile (mobile) screens. For other requests, contact our privacy team; we may need to verify your identity and, where data belongs to a company workspace, direct your request to the relevant workspace administrator.

7. Security

We use industry-standard safeguards including encryption in transit, encryption of stored payout credentials, role-based access controls, and audit logging of sensitive actions. No system is perfectly secure; please use a strong, unique password and notify us promptly of any suspected compromise.

8. International transfers

Reimba operates across multiple regions and may process information in countries other than the one where you live. Where we transfer personal information across borders, we rely on appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) as required by applicable law.

9. Children

The Service is intended for use by businesses and their personnel and is not directed to children. We do not knowingly collect personal information from children.

10. Changes

We may update this policy from time to time. If we make a material change we will notify you in-app or by email before it takes effect.

11. Contact

Contact our privacy team with any privacy questions or requests.

See also our Terms of Service.