Privacy Policy

Introduction

Oditfy ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, request a demo, or use our AI expense audit platform.

Please read this Privacy Policy carefully. By accessing or using Oditfy, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy.

1. Information We Collect

We collect information in various ways, including information you provide directly and information collected automatically.

1.1 Information You Provide Directly

• Demo Request & Contact Form: When you request a demo or contact us, we collect your name, email address, company name, job title, and any additional information you voluntarily provide.
• Account Registration: When you create an account on our platform, we collect your name, email address, password (encrypted), and company information.
• Product Usage Data: When you use our platform, we collect information about the expense records you upload, audit findings, and platform usage patterns.

1.2 Information Collected Automatically

• Analytics Data: We use Google Analytics (GA4) to collect information about how you interact with our website and platform.
• Cookies & Tracking Technologies: We use cookies and similar tracking technologies to enhance your experience, remember preferences, and understand usage patterns.
• Log Data: Our servers automatically log technical information such as IP addresses, browser type, operating system, and access times.

1.3 Third-Party Data

• Integration Data: When you integrate our platform with expense management systems (e.g., SAP Concur, Workday, Oracle, Coupa, NetSuite, Expensify), we collect data from those platforms as necessary to provide our audit services.

2. How We Use Your Information

• Service Delivery: To provide, maintain, and improve our platform and services.
• Communication: To respond to demo requests, answer questions, provide customer support, and send important notices.
• Product Improvement: To analyze usage patterns, troubleshoot issues, and develop new features.
• Marketing & Outreach: To send promotional materials and updates about our services (only with your explicit consent).
• Security & Compliance: To detect fraud, prevent abuse, enforce our Terms of Service, and comply with legal obligations.
• Legal & Business Operations: To establish, exercise, or defend legal claims and comply with regulatory requirements.

3. Cookies & Tracking Technologies

3.1 Types of Cookies

• Essential Cookies: Required for website functionality, security, and authentication.
• Analytics Cookies: Used by Google Analytics to understand user behavior and improve our services.
• Marketing Cookies: Used for advertising and remarketing purposes.
• Preference Cookies: Remember your settings and preferences.

3.2 Consent & Management

We use Google Consent Mode v2 to honor your privacy preferences. When you first visit our website, we provide a consent banner where you can accept or reject non-essential cookies. You can change your preferences at any time.

4. Third-Party Services

4.1 Key Service Providers

• Formspree: Processes demo request and contact forms.
• Google Analytics & Google Ads: Provide analytics and advertising services.
• CookieYes: Manages cookie consent and preferences.
• Cloud Hosting Provider: Hosts our website and platform infrastructure.
• Expense Platform Integrations: SAP Concur, Workday, Oracle, Coupa, NetSuite, Expensify.
• SSO Providers: Google and Microsoft for authentication.

5. Data Sharing & Disclosure

We do not sell, trade, or rent your personal information to third parties for their marketing purposes. We may disclose your information in the following circumstances:

• Service Providers: We share information with service providers who assist us in operating our website and providing services, under confidentiality obligations.
• Legal Compliance: We may disclose information when required by law, court order, or government request.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
• Aggregated Data: We may share aggregated or de-identified data that cannot reasonably identify you.

6. Data Security

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
• Role-based access controls and the principle of least privilege.
• Multi-factor authentication (MFA) for account access.
• Regular security audits and vulnerability assessments.
• Employee training on data protection and confidentiality.

7. Data Retention

• Account Data: Retained for the duration of your account and up to 12 months after closure.
• Demo Request Data: Retained for 12 months for marketing and customer relationship purposes.
• Analytics Data: Typically retained for 14 months before automatic deletion.
• Log Data: Retained for 30-90 days for security and troubleshooting.

You may request deletion of your data at any time by contacting us at hello@oditfy.com. We will comply within 30 days.

8. Your Privacy Rights

8.1 General Rights

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate or incomplete information.
• Deletion: Request that we delete your personal information.
• Opt-out of Marketing: Unsubscribe from marketing communications at any time.

8.2 EU (GDPR Rights)

If you are located in the EU, you have additional rights including data portability, objection, withdrawal of consent, and the right to lodge a complaint with your local data protection authority.

8.3 California (CCPA Rights)

If you are a California resident, you have rights under CCPA including the right to know, delete, opt-out, and non-discrimination. We do not sell your personal data.

8.4 How to Exercise Your Rights

Submit a request to hello@oditfy.com with the subject line "Privacy Request." We will respond within 30 days.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. We implement appropriate safeguards such as Standard Contractual Clauses (SCCs).

10. Children's Privacy

Our website and platform are not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. Contact us at hello@oditfy.com if you believe we have collected information from a child.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the effective date.

12. Contact Us

Email: hello@oditfy.com
Website: www.oditfy.com