1. Who We Are

GreenLight is an expense reimbursement and approval platform operated by BizApps. When you or your employer uses GreenLight, BizApps acts as a data processor on behalf of your employer (the data controller).

Contact: privacy@bizapps.app

2. What Data We Collect

• Account data — name, email address, username, password (hashed, never stored in plaintext)
• Expense data — expense reports, amounts, categories, dates, notes
• Receipt files — documents and images you upload as receipts (stored securely in AWS S3)
• Usage data — login timestamps, IP addresses, browser type (for security and audit purposes)
• Authentication data — if you use Google Sign-In, we receive your name and email from Google; if you use two-factor authentication, we store an encrypted TOTP secret

3. How We Use Your Data

• To operate the expense management and approval workflow service
• To authenticate your identity and keep your account secure
• To allow your employer to review, approve, and export expense data
• To send transactional emails (password resets, approval notifications)
• To comply with legal obligations

We do not sell your data to third parties. We do not use your data for advertising.

4. Data Sharing

We share data only with:

• Your employer — admins and approvers in your workspace can see your expense reports
• AWS — our cloud infrastructure provider (servers in us-east-1, USA). Receipt files are stored in Amazon S3
• Google — only if you choose to sign in with Google OAuth
• Legal authorities — if required by law or court order

5. Data Retention

We retain your data for as long as your workspace account is active. If your employer deletes the workspace, all associated data (users, reports, receipts) is permanently deleted. You may request deletion of your personal account data by contacting privacy@bizapps.app.

6. Cookies & Sessions

We use a single session cookie to keep you signed in. This cookie is HTTP-only, secure (HTTPS only in production), and expires when you log out or after a period of inactivity. We do not use tracking cookies or third-party analytics cookies.

7. Security

We protect your data using industry-standard measures including:

• Passwords hashed using PBKDF2-SHA256
• HTTPS-only access in production
• Encrypted TOTP secrets for two-factor authentication
• Access-controlled receipt storage via time-limited presigned URLs
• Strict multi-tenant data isolation — users can only access their own company's data

8. Your Rights

Depending on your location, you may have rights under GDPR (EU), CCPA (California), or other laws, including:

• Right to access the personal data we hold about you
• Right to correct inaccurate data
• Right to request deletion of your data
• Right to data portability
• Right to object to processing

To exercise any of these rights, contact privacy@bizapps.app.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect any changes. Continued use of the service after changes constitutes acceptance of the updated policy.