Security & GDPR

Your privacy, security and trust are an integral part of our service.


Secure accounts

Every ExpenseIn account is secured with a password, with the option to enforce two-step authentication for your organisation.

We follow industry standards, such as encrypting traffic and passing passwords through a one-way cryptographic hash algorithm before storing them to ensure bank level security.

The image shows the security 99.9 up icon

We’re ready when you are

With an uptime that exceeds 99.99%, ExpenseIn is ready anytime that you are. We achieve this by limiting partnerships to premium providers, having robust, tested recovery procedures and redundancy.

Take a look for yourself at

The image shows the safe data icon

We keep your data safe

Every receipt and record that you entrust to us is yours. We’ll keep it safe, we’ll never share it, and it’s easy for you to retrieve and download anytime you need to access it again.

Our staff are trained in data protection, understanding and following best practices to keep your data safe. This training is both CPD accredited and IIRSM approved.

The image shows the security privacy icon

Your data integrity is our priority

We leverage industry leading providers and the latest in cloud technology to ensure that your data is always available.

Data replication ensures that there’s always a mirror image of your records.

The image shows the GDPR icon

GDPR compliant

At ExpenseIn, we take your data security very seriously, and we are fully committed to ensure that our internal processes, policies and our platform remain GDPR compliant.

The image shows the security cloud backup icon

Our hosting partner

Our hosting partner Amazon AWS enables us to ensure that your data is processed and stored in the UK to industry-leading standards. And with Amazon’s certifications, including ISO 27001, you can rest assured that your information is secure.

Certified and proven security

ExpenseIn has been awarded Cyber Essentials certification, a scheme backed by the UK Government and the National Cyber Security Centre. In order to achieve certification our systems have been independently evaluated by a certified accreditation body.

Cyber Essentials

Frequently Asked Questions

Our hosting partner Amazon AWS enables us to ensure that your data is processed and stored in the UK to industry leading standards. And with Amazon’s certifications, including ISO 27001, you can rest assured that your information is secure.

Yes, ExpenseIn is fully GDPR compliant. Protecting our customer’s data is of the utmost importance to us and is our number one priority.

ExpenseIn utilises a 3rd party to scan all public endpoints every 14 days. The system is tested against a range of known threats, including all known threats identified by the latest OWASP publications.

We follow industry best practices and use the latest cloud technology to ensure data security, integrity and service uptime.

See our Technical Security Measures for further details.

Yes, ExpenseIn is hosted in the London UK AWS Region across multiple availability zones. Each zone is backed by one or more physical data centres.

We never store payment details. Instead, our carefully chosen partner Opayo and GoCardless store your payment details.

Yes, we take data protection and privacy very seriously. All of our staff receive training in data protection and fully understand your need for privacy. Further details are available in our privacy policy.

ExpenseIn works with a small number of trusted and GDPR-compliant sub-processors to provide the service.

See our list of Sub-Processors for further details.

Our carefully selected partners

Exceptional service, performance and security is in our DNA. That’s why we only partner with industry leaders who have proven track records and meet our own exacting standards.

Amazon AWS, one of the largest managed cloud providers, manage the servers and data centres that power ExpenseIn. And with Amazon’s certifications, including ISO 27001 and PCI Data Security Standard, you don’t just have to take our word for it.

Payments are processed by Opayo and GoCardless. Additionally, we are also PCI DSS certified, so you can rest assured that your payment information is protected.

Amazon & Opayo text logos

What our customers say about ExpenseIn

ExpenseIn was so easy to navigate and use. They really understood the needs of a busy finance team and also what the end user wants as well.

We’re really pleased we made the decision to roll out ExpenseIn at Ascot Racecourse and the system has been widely embraced by our employees.

After seeing the demo, we knew that ExpenseIn was the system we needed to streamline our expense management process.

Get started with ExpenseIn today

Explore our faster, simpler and smarter approach to expense management.

Book a demo