Privacy Policy
Introduction
ExpireMate respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and protect your data when you use our application.
Data We Collect
We collect the following data:
- Information about your account (email address)
- Information about your documents (document type, expiration date, notes)
- Notification settings
- Information about app usage and errors
Important: We do not collect or store images of your documents or other sensitive information such as document numbers.
Customer data entered by Business users. If you use ExpireMate Business, you may enter contact details (such as the name and phone number) of your own customers in order to send them service reminders. For this data, you act as the data controller and ExpireMate acts as the data processor, processing it only to deliver the reminders you schedule. You are responsible for having a lawful basis to provide us with this data.
How We Use Your Data
We use your data to:
- Provide the service of tracking document expiration dates
- Send notifications about document expiration
- Improve and maintain the application
- Resolve technical issues
Legal Basis for Processing
We process your personal data on the following legal bases:
- Performance of a contract — to provide the service you signed up for (account, document tracking, notifications, billing).
- Legitimate interest — to maintain, secure and improve the application, and to prevent abuse.
- Consent — where required, for example optional communications; you may withdraw consent at any time.
- Legal obligation — where we are required to retain certain records (e.g. billing) under applicable law.
Data Retention
We keep your personal data only as long as necessary for the purposes described in this policy:
- Account and document data — for as long as your account is active. If you delete your account, this data is removed within 30 days, except where we must retain limited records to comply with legal obligations (e.g. billing records).
- Usage and error logs — kept for a limited period and then deleted or anonymised.
Your Rights
Under applicable data protection law (including the Serbian Law on Personal Data Protection and, where applicable, the GDPR), you have the right to:
- access the personal data we hold about you;
- request correction of inaccurate data;
- request deletion of your data (the “right to be forgotten”);
- request a copy of your data in a portable format;
- object to or restrict certain processing;
- withdraw consent at any time, where processing is based on consent.
To exercise any of these rights, contact us at privacy@expiremate.com. You also have the right to lodge a complaint with the competent supervisory authority (in Serbia, the Commissioner for Information of Public Importance and Personal Data Protection).
Third-Party Service Providers (Data Processors)
We rely on a small number of specialized providers to operate the service. They process data only on our behalf and only for the purposes listed here:
- Supabase — authentication and database hosting (account and application data)
- Paddle — payment processing and billing (we never see or store your full card number)
- OneSignal — delivery of push and email notifications
- BudgetSMS — delivery of SMS reminders (recipient phone number and message text)
- Cal.com — scheduling of demo calls booked through our website; the name, email address and time slot you enter in the booking form are processed by Cal.com and the appointment is synced to our Google Calendar
On our public marketing pages we record anonymous, first-party usage events (for example, that a "book a demo" button was clicked). These events contain no personal data, are stored on our own infrastructure, and use no cookies or cross-site tracking.
Contact
If you have questions regarding our privacy policy, you can contact us at privacy@expiremate.com.