Privacy Policy - Deductably

Deductably, a trade name of ENTERPRISE MANAGEMENT AND HOLDINGS, LLC ("we," "our," or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services (collectively, the "Service").

By using Deductably, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Email address — Used for account authentication, password recovery, and important service communications
Password — Stored securely using industry-standard hashing (never stored in plain text)
Name (optional) — Used for personalization and report generation
Subscription plan — To provide appropriate features for your plan level

1.2 Location Information

To provide mileage tracking and property visit verification, we collect:

GPS coordinates — Location data for trip tracking and geofencing
Route data — Location points during active tracking
Location timestamps — When you arrive at or leave locations

Background Location: With your explicit permission and only when enabled by you, we may collect location data when the app is in the background to enable automatic trip detection. You control this permission entirely through your device settings and can disable it at any time without affecting other app features.

Important: We only collect location data necessary to provide the services you've requested. Location tracking can be paused or disabled at any time in app settings.

1.3 Trip and Activity Data

Trip records — Distance, duration, purpose (business/personal), dates
Activity logs — Property maintenance hours, repair work, management activities
Time tracking data — Start/end times, durations, timer usage

1.4 Financial Information

Expense records — Amounts, categories, dates, vendor names
Receipt images — Photos of receipts you upload for documentation
Deduction calculations — Computed mileage deductions based on current IRS rates
Income records — Rental income tracking (if entered)

Note: We do NOT collect, store, or have access to: credit card numbers (processed by Apple, Google, or Stripe), bank account details, Social Security Numbers, or Tax ID numbers (EIN/ITIN).

1.5 Photos and Media

When you grant permission, we access:

Camera — To capture photos of receipts, properties, and work documentation
Photo library — To select existing photos for upload
Voice recordings — Speech-to-text for faster data entry (processed on-device when possible)

1.6 Device and Usage Information

Device identifiers — For multi-device sync and security
App version — To provide support and updates
Timezone — For accurate time tracking
Error logs — Crash reports and performance data (with personal information automatically removed)
Usage analytics — How you interact with features (aggregated and anonymized)

2. How We Use Your Information

2.1 Provide Core Services

Track mileage and calculate tax deductions
Record and categorize expenses
Generate reports consistent with IRS documentation guidelines
Sync data across your devices
Verify property visits with location data

2.2 Improve Our Services

Analyze usage patterns (in aggregate, anonymized form)
Fix bugs and improve performance
Develop new features
Optimize user experience

2.3 Communicate With You

Send password reset emails
Notify you of important account or service updates
Respond to your support requests
Send administrative notices as permitted by law

2.4 AI-Powered Features

We offer optional AI-assisted features to:

Automatically categorize expenses from receipt photos
Suggest trip purposes and categorization based on your patterns
Suggest expense categories based on patterns

How AI Features Work: When you choose to use AI features, the data necessary to perform the requested function (such as a receipt image) is sent to our secure AI service providers. These providers:

Process your data solely to perform the requested function
Do not retain your data after processing is complete
Do not use your data to train their models
Are contractually bound to our data protection standards

You Control AI Usage: AI features are entirely optional. You can disable AI features in settings at any time, manually enter all information without using AI, and delete any AI-generated suggestions you don't want.

Third-Party AI Processing: Receipt images and text may be processed by third-party AI service providers that comply with SOC 2, ISO 27001, or equivalent security standards. We carefully vet all AI providers and require them to meet our security and privacy requirements. Our AI service providers may change over time as we optimize for accuracy, speed, and security.

3. How We Share Your Information

3.1 Third-Party Service Providers

We share data with carefully selected service providers who assist in operating our Service. All service providers are contractually required to:

Use your data only for providing services to us
Maintain security standards equivalent to or exceeding our own
Comply with applicable data protection laws (GDPR, CCPA)
Delete or return data upon termination of service

Categories of Service Providers:

Infrastructure Services — Cloud hosting, data storage, and backup services. Data shared: encrypted user data, receipt images. Security: SOC 2 Type II or equivalent, encryption at rest and in transit.

Communication Services — Transactional email delivery (password resets, notifications). Data shared: email addresses only. Security: TLS encrypted transmission.

Error Monitoring — Crash reporting and app stability. Data shared: anonymized error logs with personal information automatically removed. Security: data minimization, no raw user data.

Mapping Services — Address validation, geocoding, and route calculation. Data shared: GPS coordinates and addresses. We use third-party mapping and location intelligence services. By using our Service, you consent to their respective privacy policies.

AI Processing Services — Optional receipt classification and text processing. Data shared: receipt images only when you use AI features. Security: SOC 2 Type II or equivalent, no data retention post-processing.

Authentication Services — Social login (Google, Apple). Data shared: OAuth tokens only (we never receive your password). Security: OAuth 2.0 standard protocol.

Payment Processing — Subscription billing. Data shared: billing information (handled by Apple, Google, or Stripe — we do not have access to payment card details). Security: PCI DSS compliant processors.

Important: Our service providers may change as we optimize our technology stack. All providers must meet our security and privacy standards before processing any user data.

3.2 We Do NOT and NEVER Will:

Sell your personal information to third parties
Share your data for advertising or marketing purposes by third parties
Provide your information to data brokers
Share your trip or expense data with anyone without your explicit permission
Access your data except as necessary to provide services, ensure security, or comply with law

3.3 Legal Requirements

We may disclose your information if required by law, such as:

To comply with a subpoena, court order, or legal process
To protect our rights, property, or safety, or that of others
To investigate fraud, security issues, or violations of our terms
In connection with legal claims or regulatory investigations

4. Data Storage and Security

4.1 Where Your Data Is Stored

Locally on your device — Trips, activities, and expenses are stored in an encrypted local database for offline access
Cloud infrastructure — Synced data is stored on secure cloud servers operated by trusted infrastructure providers
File storage — Receipt images and photos are stored in secure, encrypted cloud storage

All data storage complies with applicable data protection laws and industry security standards.

4.2 Security Measures

We implement comprehensive security measures designed to protect your information:

Data Protection:

All data transmitted between your device and our servers is encrypted using industry-standard protocols
Data stored on our servers is encrypted at rest
Receipt images and sensitive documents are stored in encrypted cloud storage with server-side encryption at rest

Access Security:

Authentication tokens stored using platform-secure storage (iOS Keychain / Android Keychain)
Password-based authentication uses industry-standard hashing
Multi-device authentication with secure session management

Operational Security:

Periodic security reviews and automated vulnerability scanning
Automated vulnerability monitoring and patching
Personal information automatically removed from error logs
Role-based access controls limiting employee data access
All access to production data is logged and audited

No security measures are perfect, and we cannot guarantee absolute security. However, we continuously work to protect your information using commercially reasonable security practices.

4.3 Data Retention

Active accounts — We retain your data while your account is active and for a reasonable period thereafter to provide services
Deleted accounts — We delete your data within the timeframes required by applicable law (typically 30–90 days)
Backups — Encrypted backups may persist longer as necessary for disaster recovery and business continuity
Legal requirements — Data may be retained longer if required by law, to resolve disputes, or enforce our agreements

Upon account deletion, your data is removed from active systems in accordance with applicable data protection laws.

5. Your Rights and Choices

5.1 Access and Export Your Data

You can:

View all your data within the app
Export your data as PDF or CSV reports
Request a full copy of your data by contacting privacy@deductably.com

Data exports are typically completed within 2 business days and include all trips, expenses, activities, and reports.

5.2 Delete Your Data

You can:

Delete individual trips, activities, or expenses in the app at any time
Delete your entire account (Settings → Account → Delete Account)
Request deletion by emailing privacy@deductably.com

When you delete your account, your data is removed from active systems within the timeframes required by applicable law. Backups containing your data are purged during our regular backup rotation. Some information may be retained as required by law or to resolve disputes.

5.3 Control Permissions

You can manage permissions in your device settings:

Location — Disable background location tracking (Settings → Deductably → Location)
Camera/Photos — Revoke access to camera or photo library
Microphone — Disable voice input features

5.4 Communication Preferences

You can unsubscribe from non-essential emails using the link in any email and adjust notification settings in the app. Note: We must send certain administrative emails regardless of preferences (e.g., security alerts, required legal notices).

6. Children's Privacy

Deductably is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from minors.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@deductably.com. Upon verification, we will promptly delete such information in accordance with applicable law.

In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect information from children under 13.

7. International Users

Deductably is operated from the United States. Our infrastructure providers may store and process data at data center locations globally. If you are accessing the Service from outside the US, please be aware that your information may be transferred to and processed in multiple locations.

By using our Service, you consent to the transfer of your information to the United States and other locations where our infrastructure providers operate, and acknowledge that data protection laws in these locations may differ from those in your country.

8. Disclaimer of Warranties Regarding Tax Compliance

While Deductably is designed to help you maintain records consistent with IRS documentation requirements, we do not provide legal, tax, or accounting advice.

Important: Our reports are tools to assist with recordkeeping, not tax advice. We make no guarantees that using our Service will result in IRS audit protection or approval. Tax laws vary by jurisdiction and change frequently. We recommend consulting a qualified tax professional regarding your specific situation. The determination of Real Estate Professional Status (REPS) eligibility is made by you and your tax advisor, not by our Service. We are not responsible for any tax penalties, audits, or disputes arising from your use of the Service.

While we design our features based on IRS Publication 463, Publication 925, and related guidance, ultimate responsibility for tax compliance rests with you and your tax advisor.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Notice of Changes:

Material changes will be announced through the app or via email
Non-material changes may be posted directly to this page
Continued use of the Service after changes constitutes acceptance

If you disagree with changes to this Privacy Policy, you may stop using the Service, delete your account, or contact us with concerns at privacy@deductably.com.

We will provide reasonable advance notice for material changes that affect your rights, through the app or via email.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@deductably.com
Security: security@deductably.com
Website: https://deductably.com/privacy

Mail:
ENTERPRISE MANAGEMENT AND HOLDINGS, LLC
d/b/a Deductably
32 N Gould St
Sheridan, WY 82801

11. California Privacy Rights (CCPA)

For California Residents

Under the California Consumer Privacy Act (CCPA), California residents have specific rights regarding their personal information.

Categories of Personal Information We Collect:

Identifiers — Email, name, device ID
Commercial information — Subscriptions, usage data, purchase history
Geolocation data — GPS coordinates, addresses
Internet/network activity — App usage, feature interactions
Audio/visual information — Photos, voice recordings (with your permission)
Professional information — Property data, business activities (as you provide)

Your California Rights:

Right to Know (Access): Request what personal information we've collected, used, disclosed, or sold
Right to Delete: Request deletion of your personal information
Right to Correct: Request correction of inaccurate information
Right to Opt-Out: We do not sell your personal information
Right to Non-Discrimination: We won't discriminate against you for exercising your rights
Right to Data Portability: Receive your data in a portable, readily usable format

Important: We do not and will not sell your personal information. We do not share personal information for cross-context behavioral advertising.

How to Exercise Your Rights: Contact us at privacy@deductably.com with "CCPA Request" in the subject line. We will verify your identity and respond within 45 days as required by law. You may only make a verifiable consumer request for access twice within a 12-month period.

You may designate an authorized agent to make a request on your behalf. The authorized agent must provide written authorization or a power of attorney.

12. European Users (GDPR)

For European Economic Area (EEA) Residents

If you are in the EEA, you have additional rights under the General Data Protection Regulation (GDPR).

Legal Basis for Processing:

Processing Activity	Legal Basis
Account creation and service delivery	Contract performance
Trip/expense tracking	Contract performance
Location tracking	Consent
AI receipt processing	Consent
Error reporting and service improvement	Legitimate interest
Security and fraud prevention	Legitimate interest
Email communications	Consent / Legitimate interest

Your GDPR Rights:

Right of Access — Request a copy of your data
Right to Rectification — Correct inaccurate data
Right to Erasure — Request deletion ("right to be forgotten")
Right to Restrict Processing — Limit how we use your data
Right to Data Portability — Receive your data in a portable format
Right to Object — Object to processing based on legitimate interest
Right to Withdraw Consent — Withdraw consent at any time (where consent is the legal basis)

Data Transfers: Your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission, contractual commitments with service providers, and your explicit consent when you use the Service.

For GDPR inquiries: privacy@deductably.com. You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.

13. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:

Deductably provides the Service on an "AS IS" and "AS AVAILABLE" basis. While we strive to maintain accurate and reliable records:

We Do Not Guarantee:

That the Service will meet all IRS or state tax requirements for your specific situation
That mileage tracking will capture 100% of trips with perfect accuracy
Uninterrupted or error-free operation of the Service
That the Service will be compatible with all devices or operating systems

We Are Not Responsible For:

Data loss due to device malfunction, user error, or circumstances beyond our control
Tax audits, penalties, or disputes arising from use of our Service
Decisions made by tax authorities regarding your tax status
Third-party service interruptions or data breaches

Our total liability to you for any claims arising from the Service shall not exceed the amount you paid us in your current subscription period, as defined in our Terms of Service, Section 12.5.