Privacy Policy for ExpenseIQ by Muze.Digital

Last Updated: June 7, 2025

1. Introduction

Welcome to ExpenseIQ by Muze.Digital (the "Service"), a Telegram bot operated by muze.digital OÜ ("we," "us," or "our"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your information when you interact with our bot on Telegram.

Our registered address is:
muze.digital OÜ
Sepapaja 6,
15551 Tallinn
Estonia

By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

To provide our service, we need to collect specific information. We do not collect any information that is not essential for the bot's operation.

Telegram User Information: When you interact with our bot, we automatically receive your Telegram User ID and your public Telegram username/name. We use your Telegram User ID as a unique identifier to manage your connection and settings. Google Account Authorization Data: To connect to your Google Sheets, we use Google's OAuth 2.0 protocol. During this process, we collect and store: Google OAuth Tokens (Access and Refresh Tokens): These are digital keys that you authorize us to use. They allow our bot to perform actions on your behalf, specifically to write data to your Google Sheet, without us ever seeing your Google password. The refresh token allows us to maintain the connection over time without you needing to re-authorize frequently. User-Provided Configuration Data: To make the bot functional for you, we ask for and store: Google Spreadsheet ID: The unique ID of the specific Google Sheet you want us to write data to. Google Sheet Name: The name of the specific tab (e.g., "Expenses") within your spreadsheet where data should be saved.

3. What We DO NOT Collect or Store

We believe in data minimization and user privacy. Our bot's architecture is designed to handle your expense data without storing it on our servers.

We DO NOT store your expense details: When you provide an expense (e.g., "Coffee, 5.50, Morning meeting"), this information is transmitted directly to your Google Sheet via the Google Sheets API. It is never saved in our database or logs.

We DO NOT store your Google password: The entire authentication process is handled by Google's secure OAuth flow. Your password is never exposed to us.

4. How We Use Your Information

We use the information we collect solely for the following purposes:

To Provide and Maintain the Service: Your Telegram ID, Google Tokens, and Sheet configuration are essential for the bot to identify you and save your expenses to the correct location in your Google account.

To Manage Your Connection: We use your Telegram User ID to associate it with your Google OAuth tokens and sheet settings.

To Authenticate with Google: We use the stored OAuth tokens to make authorized API calls to the Google Sheets API on your behalf.

To Respond to You: We may use your Telegram ID to send you service-related messages, confirmations, error notifications, or respond to your support requests.

5. Legal Basis for Processing (GDPR)

As an Estonian company, we comply with the General Data Protection Regulation (GDPR). Our legal basis for processing your personal data is:

Performance of a Contract: Your use of our bot constitutes an agreement (a contract) between you and us. We process your data to fulfill our obligations under that agreement—namely, to provide you with the expense tracking service you requested.

6. Data Sharing and Third Parties

We do not sell, trade, or rent your personal information to others. We only share data with the following essential third-party services:

• Telegram: Our bot operates on the Telegram platform. Your interactions are inherently processed by Telegram as per their bot policy.
• Google: We use Google's API services to connect to your account and write data to your Sheets. Our use of this data is strictly governed by the permissions you grant during the OAuth authorization process. All data transmitted to Google is subject to the Google Privacy Policy.
• We do not use any other third-party analytics, advertising, or tracking software.

7. Data Storage, Security, and Retention

Storage: Your Telegram User ID, Google OAuth Tokens, Spreadsheet ID, and Sheet Name are stored on our secure servers. We take reasonable measures to protect this data from unauthorized access, alteration, or destruction. Retention: We retain your stored data for as long as you use our Service. If you wish to delete your data, you can use the /disconnect_google command within the bot. This will permanently delete your Google tokens and sheet configuration from our systems. Please note that this action does not revoke the bot's permission from your Google Account settings; you must do that manually for complete revocation.

8. Your Rights

Under GDPR, you have the following rights regarding your data:

• The right to access: You can request a copy of the data we hold about you using the /my_status command.
• The right to rectification: If you believe any data we hold is inaccurate (e.g., your sheet name), you can use the provided commands (/set_sheet_name) to correct it.
• The right to erasure (Right to be Forgotten): You can delete your data from our service at any time using the /disconnect_google command.
• The right to object to processing: You can object to processing by discontinuing the use of the Service and deleting your data.

9. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and/or through a notification within the bot. You are advised to review this Privacy Policy periodically for any changes.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at support[at]muze.digital or by mail:

muze.digital OÜ
Sepapaja 6,
15551 Tallinn
Estonia