SOC 2 Type 2

SOC 2 Type 2

At ExpensePoint, we prioritize the security and integrity of your data. We are proud to maintain SOC 2 Type 2 compliance, demonstrating our commitment to implementing robust controls and safeguards to protect your information.

1. What is SOC 2 Type 2 Compliance?

SOC 2 (Service Organization Control 2) is an auditing standard developed by the American Institute of Certified Public Accountants (AICPA). It focuses on the security, availability, processing integrity, confidentiality, and privacy of customer data held by service organizations.

SOC 2 Type 2 compliance specifically validates the effectiveness and durability of these controls over an extended period. It involves an independent audit performed by certified professionals to ensure adherence to stringent security and privacy standards.

2. Our Commitment to Security and Privacy

Maintaining SOC 2 Type 2 compliance requires a comprehensive approach to security and privacy. At ExpensePoint, we follow industry best practices and have implemented robust controls to safeguard your data:

– Security Measures: We employ stringent security measures to protect against unauthorized access, data breaches, and other security threats. This includes utilizing firewalls, encryption, access controls, and regular security assessments to identify and address vulnerabilities.

– Data Confidentiality: We prioritize the confidentiality of your information. All our employees undergo thorough background checks, and access to customer data is strictly limited to authorized personnel with a need-to-know basis.

– Availability and Processing Integrity: We ensure that our systems are available and operate with integrity to provide uninterrupted service. Our infrastructure is designed to handle high volumes of data securely, while maintaining the integrity and accuracy of your information.

– Privacy and Data Protection: We adhere to stringent privacy practices and comply with applicable data protection laws and regulations. Your data is handled with the utmost care, and we do not disclose it to third parties without your consent, except as required by law or outlined in our Privacy Policy.

3. Independent Audits and Assurance

To achieve SOC 2 Type 2 compliance, we undergo regular audits performed by independent certified public accountants (CPAs). These audits evaluate the effectiveness of our controls and validate our adherence to the SOC 2 framework.

The audits assess various aspects, including the design and implementation of controls, incident response procedures, backup and recovery plans, and employee training and awareness programs. By engaging independent auditors, we provide an extra layer of assurance and transparency regarding our security and privacy practices.

4. Partnering with a Compliant Service Provider

Choosing a service provider that is SOC 2 Type 2 compliant offers several benefits:

– Data Security: By partnering with ExpensePoint, you can trust that your data is handled with the highest level of security. Our compliance ensures that appropriate controls are in place to protect your information from unauthorized access, disclosure, or loss.

– Regulatory Compliance: SOC 2 Type 2 compliance helps align your organization with regulatory requirements and industry standards. It demonstrates your commitment to data protection, giving you peace of mind when it comes to regulatory compliance.

– Trust and Confidence: Working with a compliant service provider instills trust and confidence in your stakeholders, including clients, partners, and employees. It assures them that their data is handled with the utmost care and provides a competitive advantage in the marketplace.

5. Continuous Improvement and Risk Management

Maintaining SOC 2 Type 2 compliance is an ongoing commitment for ExpensePoint. We continuously monitor and assess our controls, policies, and procedures to identify areas for improvement and address emerging security risks and threats. This proactive approach ensures that our security practices evolve with the changing landscape of information security.

In summary, our SOC 2 Type 2 compliance demonstrates our dedication to protecting your data and upholding the highest standards of security, availability, processing integrity, confidentiality, and privacy. We strive to provide you with peace of mind, knowing that your information is in safe hands when you choose ExpensePoint as your trusted expense management partner.

PCI-DSS

PCI-DSS
PCI-DSS Compliance: Protecting Your Payment Card Data

At ExpensePoint, we prioritize the security of your payment card data and are fully committed to maintaining PCI-DSS compliance. Our adherence to the Payment Card Industry Data Security Standard (PCI-DSS) ensures that your sensitive card information is protected throughout the payment process.

1. Understanding PCI-DSS Compliance

PCI-DSS is a set of security standards established by major credit card companies, including Visa, Mastercard, American Express, Discover, and JCB International. It aims to safeguard cardholder data and prevent fraud by defining comprehensive security requirements for businesses that handle payment card transactions.

2. Securing Payment Card Data

As a PCI-DSS-compliant service provider, we employ strict security measures to protect your payment card data:

– Secure Network: We maintain a secure network environment, utilizing industry-standard firewalls and encryption protocols to safeguard cardholder information during transmission.

– Cardholder Data Protection: We implement strong data protection measures, including encryption, to ensure the confidentiality and integrity of cardholder data stored within our systems.

– Vulnerability Management: We regularly update and maintain secure systems and applications, conducting regular vulnerability scans and penetration testing to identify and address potential security vulnerabilities.

– Access Control: We have stringent access control measures in place to restrict access to cardholder data, ensuring that only authorized personnel have the necessary privileges.

– Regular Monitoring and Testing: We continuously monitor and test our systems to detect and respond to any security incidents promptly. This allows us to maintain the highest level of security and promptly address any vulnerabilities.

3. Third-Party Security Assessments

To ensure the utmost security of our systems, maintain monthly system penetration tests conducted by trusted third-party assessment tools. These tests allow us to proactively identify and comprehend any potential system vulnerabilities, empowering us to swiftly address them and maintain the highest level of protection for your sensitive data. Our commitment to regular assessments reinforces our dedication to providing a secure environment for your information.

4. Partnering with a PCI-DSS Compliant Provider

Choosing a PCI-DSS compliant service provider like ExpensePoint offers several advantages:

– Data Protection: By partnering with us, you can trust that your payment card data is handled securely and in accordance with the strict PCI-DSS standards. This protects you and your customers from potential data breaches and associated risks.

– Compliance Assurance: Working with a PCI-DSS compliant provider ensures that your organization meets the necessary requirements for handling payment card data. This demonstrates your commitment to data security and compliance with industry standards.

– Reduced Risk: Our compliance efforts mitigate the risk of data breaches and unauthorized access to payment card information. This not only safeguards your customers’ sensitive data but also helps protect your brand reputation.

5. Continuous Security and Compliance Efforts

Maintaining PCI-DSS compliance is an ongoing commitment for ExpensePoint. We continually assess our security controls, policies, and procedures to identify and address emerging threats and vulnerabilities. This proactive approach allows us to stay at the forefront of payment card data security and ensure the highest level of protection for our clients.

In conclusion, our PCI-DSS compliance underscores our dedication to protecting your payment card data. By partnering with ExpensePoint, you can trust that your sensitive information is handled securely and in accordance with the stringent requirements of the PCI-DSS standard. We prioritize the security and confidentiality of your payment card data, providing you with peace of mind and a foundation of trust in our services.

GDPR

GDPR

At ExpensePoint, we are fully committed to ensuring the privacy and protection of your personal data in accordance with the General Data Protection Regulation (GDPR). Our comprehensive approach to GDPR compliance encompasses various measures and practices to safeguard your information and respect your privacy rights.

One of the key aspects of our GDPR compliance is the implementation of robust technical and organizational measures to secure your data. We employ advanced encryption protocols to safeguard data in transit and at rest, ensuring that it remains confidential and protected from unauthorized access. Our systems undergo regular security assessments and audits to identify and address any potential vulnerabilities, providing a secure environment for your data.

In addition to technical measures, we have strict policies and procedures in place to ensure the lawful and transparent processing of personal data. Our employees are trained on data protection best practices and are bound by confidentiality agreements. Access to personal data is limited to authorized individuals who require it for legitimate business purposes, and we maintain detailed logs and audit trails to monitor data access and usage.

As part of our commitment to GDPR compliance, we respect your rights as a data subject. You have the right to access, rectify, and erase your personal data, as well as the right to restrict or object to its processing. We have established procedures to handle data subject requests and provide timely responses to ensure that you can exercise your rights effectively.

We also understand the importance of data transfer security and comply with GDPR requirements when transferring personal data to countries outside the European Economic Area (EEA). We utilize appropriate safeguards, such as standard contractual clauses or other approved mechanisms, to ensure the protection of your data during international transfers.

Transparency is a fundamental principle of GDPR, and we are committed to providing clear and comprehensive information about our data processing practices. Our Privacy Policy outlines the types of personal data we collect, how we use it, and the legal basis for processing. It also details your rights, how to exercise them, and our contact information should you have any questions or concerns.

As part of our ongoing commitment to GDPR compliance, we regularly review and update our privacy practices to ensure alignment with evolving regulatory requirements. We engage in continuous staff training and awareness programs to keep our team informed of the latest privacy developments and best practices.

By choosing ExpensePoint, you can trust that your personal data is handled with the highest level of care and protection in accordance with the GDPR. We understand the importance of your privacy and are dedicated to maintaining your trust by upholding the highest standards of data privacy and security.

If you have any questions or would like more information about our GDPR compliance efforts, please don’t hesitate to contact our Data Protection Officer. We are here to provide you with the necessary support and reassurance regarding your data privacy and security.

Data Protection Representatives for UK and EU GDPR Compliance

In compliance with the UK General Data Protection Regulation (UK GDPR) and the European Union General Data Protection Regulation (EU GDPR), we have appointed Data Protection Representatives to ensure the protection of personal data and to act as a point of contact for data subjects and supervisory authorities within the UK and EU.

UK Data Protection Representative

For matters relating to the UK GDPR, our Data Protection Representative in the UK is:

Rickert Services Ltd UK
ExpensePoint
PO Box 1487
Peterborough
PE1 9XX
United Kingdom
art-27-rep-expensepoint@rickert-services.uk

EU Data Protection Representative

For matters relating to the EU GDPR, our Data Protection Representative in the EU is:

Rickert Rechtsanwaltsgesellschaft mbH
GlobalPoint Technologies Incorporated dba ExpensePoint
Colmantstraße 15
53115 Bonn
Germany
art-27-rep-expensepoint@rickert.law

Responsibilities of the Data Protection Representatives

Our Data Protection Representatives are responsible for:

  • Acting as a contact point for data subjects and supervisory authorities on all issues related to processing for the purposes of ensuring compliance with the GDPR.
  •  Cooperating with supervisory authorities, including responding to requests and consultations.

– Providing information and guidance to data subjects regarding their rights under the GDPR, including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object.

How to Contact Our Data Protection Representatives

If you have any questions, concerns, or requests regarding the processing of your personal data or if you wish to exercise any of your rights under the GDPR, please contact the relevant Data Protection Representative listed above.

Our Commitment to Data Protection

We are committed to safeguarding the privacy and personal data of our clients and ensuring that all data processing activities comply with the GDPR. Our Data Protection Representatives play a crucial role in helping us achieve this commitment by providing dedicated support and ensuring that all inquiries and concerns are addressed promptly and effectively.

Data Protection

Data Protection

Data Protection is a top priority at ExpensePoint. We are committed to ensuring the confidentiality, integrity, and availability of your data by implementing robust measures to protect it from unauthorized access, loss, or misuse.

To safeguard your data, we utilize industry-standard security technologies and practices. Our systems are protected by firewalls, intrusion detection systems, and other security measures that help prevent unauthorized access. We employ data encryption during transmission and storage to ensure the confidentiality and integrity of your information. Regular security audits and vulnerability assessments are conducted to identify and address any potential weaknesses in our systems.

Access to your data is strictly controlled and limited to authorized personnel who require it for legitimate business purposes. Our employees undergo comprehensive training on data protection and are bound by confidentiality agreements. We maintain strict access controls and employ role-based permissions to ensure that only authorized individuals have access to specific data.

We have implemented comprehensive backup and disaster recovery processes to mitigate the risk of data loss. Our backup systems are regularly tested and monitored to ensure the integrity of your data. In the event of a disaster or system failure, we have robust recovery procedures in place to minimize any potential impact on your data.

As part of our commitment to data protection, we comply with applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR). We respect your rights as a data subject and provide mechanisms for you to exercise your rights, such as the right to access, rectify, and erase your personal data. Our Data Protection Officer is available to address any concerns or inquiries you may have regarding the processing of your data.

We engage in regular audits and assessments to ensure ongoing compliance with data protection regulations. Our policies and procedures are regularly reviewed and updated to reflect changes in the regulatory landscape. We also work closely with trusted third-party partners and service providers who adhere to strict data protection standards.

In addition to our internal data protection measures, we only store your data for as long as necessary to fulfill the purposes for which it was collected. When data is no longer required, we securely dispose of it in accordance with applicable laws and regulations.

We are committed to transparency regarding our data protection practices. Our Privacy Policy outlines the types of data we collect, how we use it, and the legal basis for processing. It also provides information on your rights and how to exercise them. We encourage you to review our Privacy Policy to understand how we protect your data and respect your privacy.

At ExpensePoint, we recognize the importance of maintaining the trust and confidence of our customers. We continuously strive to enhance our data protection measures to adapt to evolving threats and technologies. Your data is our responsibility, and we take it seriously.

If you have any questions or concerns about our data protection practices or would like further information, please contact our Data Protection Officer. We are here to assist you and ensure that your data remains secure and protected throughout your interaction with ExpensePoint.

Privacy Policy

Privacy Policy (1)

At ExpensePoint, we value your privacy and are committed to protecting your personal information. This Privacy Policy outlines how we collect, use, and disclose your data when you interact with our website, services, and products.

1. Information We Collect

We collect various types of information to provide and improve our services. This may include:

– Personal Information: When you sign up for an account, we collect your name, email address, and other contact details. We may also collect additional information you choose to provide, such as your company name and job title.

– Usage Information: We collect information about how you use our website and services, including your IP address, browser type, device information, and browsing behavior.

– Payment Information: If you make a purchase or subscribe to our services, we collect payment information, such as credit card details or other billing information.

2. Mileage Tracker™ Location Services Usage

ExpensePoint’s Mileage Tracker™  feature uses location services to accurately track and record your travel distances. Here’s how we handle location data for this feature:

– Purpose: The Mileage Tracker™ uses your location to automatically log your trips, calculate distances travelled, and generate detailed mileage records.

– Type of Data: We only process and present location data that your device has collected to ensure accurate tracking of your journeys and only once the trip is expensed. Trips and trip data that are not expensed will always remain on your device.

– Collection Method and Frequency: Location data is collected continuously while the Mileage Tracker™ feature is active. This allows us to record the start and end points of your trips and calculate the distance travelled in real-time and only once the trip is expensed.

– User Permissions and Control: You will be prompted to grant location access when you first enable the Mileage Tracker™ feature. You can change these permissions anytime in your device’s privacy settings.

– Data Usage and Sharing: When you expense your trip the location data is used solely to track and report your mileage. We do not share your location data with third parties.

– Privacy and Security: We prioritize your privacy and protect your data with industry-standard encryption. Our practices comply with GDPR and CCPA regulations to ensure your information is handled securely.

– Transparency and Updates: For more information, please review our Privacy Policy. We will inform you of any significant changes to our location data practices.

Your trust is important to us, and we are committed to ensuring your data is used responsibly and transparently.

3. How We May Use Your Information

We use the information we collect for various purposes, including:

– Providing and Improving Services: We may use your information to deliver our services, respond to your inquiries, and personalize your experience. We also use it to improve our products, features, and overall user satisfaction.

– Communication: We may send you important updates, announcements, and administrative messages related to your account and our services. We may also send you promotional and marketing communications, but you can opt-out at any time.

– Analytics and Research: We may analyze user behavior and preferences to understand how our services are used, identify trends, and improve our offerings. This data is aggregated and does not personally identify you.

– Compliance and Legal Obligations: We may use your information to comply with applicable laws, regulations, and legal processes. We may also share your data with law enforcement authorities or government agencies as required by law.

4. Information Sharing and Disclosure

We may share your information with third parties in the following circumstances:

– Service Providers: We work with trusted service providers who assist us in delivering our services. These providers have access to your information only to perform tasks on our behalf and are obligated to keep it confidential.

– Business Partners: We may share information with our trusted business partners for joint marketing efforts or to provide you with additional products or services.

– Legal Requirements: We may disclose your information if required to do so by law or if we believe that such action is necessary to comply with a legal obligation, protect our rights, or investigate potential violations.

5. Data Security

We implement industry-standard security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. We use encryption, firewalls, and other security technologies to safeguard your data. It is important to emphasize that despite our rigorous security measures, no method of transmission over the Internet or electronic storage can be guaranteed to be 100% secure. We strive to employ industry-standard security protocols and continuously update our systems to protect your information. However, it is essential to acknowledge that there are inherent risks associated with online data transmission, and we cannot provide an absolute guarantee of security. We are committed to minimizing risks and maintaining the highest possible security standards to protect your data.

6. Your Rights and Choices

You have certain rights regarding your personal information. You can access, update, or delete your information by logging into your account or contacting us directly. You can also choose to unsubscribe from marketing communications or modify your preferences.

7. International Data Transfers

Your information may be transferred to and processed in countries outside of your own, including countries that may have different data protection laws than your jurisdiction. By using our services, you consent to the transfer of your information to these countries.

8. Children’s Privacy

Protecting the privacy of vulnerable individuals, including children, is of utmost importance to us. Our services are not intended for children under the age of 18, and we do not knowingly collect personal information from them. If we become aware that we have inadvertently collected personal information from a child, we will take immediate steps to delete it from our records. We encourage parents and guardians to supervise their children’s online activities and help us create a safe and secure online environment for all users.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the revised policy on our website or through other communication channels. We encourage you to review this policy periodically.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the provided contact information. Our dedicated team will be happy to assist you.

By using our services, you agree to the terms and conditions outlined in this Privacy Policy. We are committed to protecting your privacy and ensuring the security of your information.

Terms of Use

Terms of Use

Welcome to the ExpensePoint website. These terms of use (“Terms”) govern your access to and use of our website, including any content, functionality, and services provided through the website.

By accessing or using our website, you agree to be bound by these Terms. If you do not agree with any part of these Terms, you should not access or use the website.

1. Use of the Website

a. Eligibility: You must be at least 18 years old to use our website. By using the website, you represent and warrant that you meet the age requirement.

b. Account Creation: Certain features of the website may require you to create an account. You are responsible for providing accurate and up-to-date information during the account registration process. You are also responsible for maintaining the confidentiality of your account credentials and for any activities that occur under your account.

c. Acceptable Use: You agree to use the website in compliance with applicable laws and regulations. You shall not engage in any activity that may interfere with or disrupt the functioning of the website or its associated services.

2. Intellectual Property

a. Ownership: The website and its contents, including but not limited to text, graphics, images, logos, and software, are the property of ExpensePoint or its licensors and are protected by intellectual property laws. You may not use, reproduce, distribute, modify, or create derivative works of any part of the website without prior written consent from ExpensePoint.

b. Trademarks: ExpensePoint, the ExpensePoint logo, and other marks used on the website are trademarks or registered trademarks of ExpensePoint. You may not use these trademarks without our prior written permission.

3. Third-Party Links

The website may contain links to third-party websites or resources. These links are provided for your convenience, and ExpensePoint does not endorse or assume any responsibility for the content, privacy practices, or availability of such external sites or resources. You access and use third-party websites at your own risk.

4. Disclaimer of Warranties

a. General: The website and its content are provided on an “as is” and “as available” basis. ExpensePoint makes no warranties, express or implied, regarding the accuracy, completeness, reliability, or suitability of the website for any particular purpose.

b. Limitation of Liability: ExpensePoint shall not be liable for any direct, indirect, incidental, consequential, or punitive damages arising out of or in connection with your use of the website. This includes any loss of data, profits, or business opportunities, even if ExpensePoint has been advised of the possibility of such damages.

5. Indemnification

You agree to indemnify and hold ExpensePoint and its officers, directors, employees, and agents harmless from and against any claims, liabilities, damages, losses, or expenses, including reasonable attorneys’ fees, arising out of or in connection with your use of the website or any violation of these Terms.

6. Modifications

ExpensePoint reserves the right to modify, suspend, or terminate the website or any part thereof at any time without prior notice. We may also update these Terms from time to time. It is your responsibility to review the Terms periodically for any changes. Your continued use of the website after the posting of any modifications constitutes your acceptance of the revised Terms.

7. Governing Law and Jurisdiction

These Terms shall be governed by and construed in accordance with the laws of Canada. Any dispute arising out of or in connection with these Terms shall be subject to the exclusive jurisdiction of the courts of Manitoba, Canada.

8. Severability

If any provision of these Terms is found to be unlawful, void, or unenforceable, that provision shall be deemed severable and shall not affect the validity and enforceability of the remaining provisions.

By using our website, you acknowledge that you have read, understood, and agree to be bound by these Terms of Use. If you have any questions or concerns about these Terms, please contact us at 204.452.3614.

Effective Date: July 1st 2023

Ready to save time?

*See why we are the highest-ranked expense report management system.