This page explains what data ExpenseBiz collects when you visit the site, why we collect it, who we share it with, and what control you have. ExpenseBiz is an editorial publication — we do not sell products and we do not hold user accounts. The data we collect is operational, not commercial.
What we collect
- Analytics cookies. Google Analytics 4 (page views, anonymised geo, device type, referral source). Meta Pixel and LinkedIn Insight Tag (used for retargeting visitors who later see our content on those platforms). These set cookies on first page view.
- IP address. Logged at the Cloudflare edge for security, fraud prevention, and rough geo-routing (currency switcher, regional links). Not stored long-term in a form linked to identity.
- Chatbot transcripts. If you open the Mia chatbot and send a message, the message text and our reply are stored in Cloudflare KV with a timestamp and a session identifier. We use these transcripts to improve Mia's quality and to learn which questions buyers actually ask. We do not link them to any identity.
- Affiliate click metadata. When you click an affiliate link, the destination vendor records the click via their tracking system. We may receive an aggregated report of conversions (e.g. "10 sign-ups this month"), never identifiable purchase data.
We do not collect: payment details, financial data, account credentials, full names, email addresses (unless you contact us at hello@expensebiz.io — in which case your email is stored only in our mail provider's inbox).
Why we collect it
- Affiliate attribution. Without conversion tracking we can't tell which editorial recommendations actually help readers — and we can't get paid by the vendor.
- Site analytics. Page views and bounce rates tell us which articles to invest in and which to retire.
- Fraud prevention. Cloudflare logs IPs to block bot traffic and click-fraud against affiliate links.
- Chatbot improvement. Transcripts let us spot recurring buyer confusion and improve Mia's responses.
Third parties
We share data with the following processors, each under their own privacy terms:
- Google Analytics 4 — page-view analytics (Google privacy policy).
- Meta (Facebook) Pixel — retargeting (Meta privacy policy).
- LinkedIn Insight Tag — retargeting (LinkedIn privacy policy).
- Cloudflare — hosting, DDoS protection, edge logs (Cloudflare privacy policy).
- Affiliate networks — when you click an affiliate link, the destination vendor's tracking system records the click. The specific vendor varies per link.
- LLM provider (for Mia) — chatbot messages are sent to an LLM provider for processing. Messages are not used by the provider to train models.
Cookies
The site sets analytics cookies (Google, Meta, LinkedIn) on first page view. A cookie banner is shown on first visit; declining hides the banner but does not currently block the pixels — we're working on bringing this to full pre-consent compliance and will update this page when that ships. Until then, EU/UK visitors who want full opt-out should use browser-level cookie blocking or a privacy extension.
Your rights
Under GDPR (EU), UK GDPR, and CCPA (California), you have the right to:
- Request a copy of any data we hold linked to you.
- Request deletion of that data.
- Object to processing for marketing purposes.
- Withdraw consent for analytics (browser-level for now; see above).
To exercise any of these, email hello@expensebiz.io. We respond within 30 days.
Data retention
Analytics data is retained for the standard duration set by each provider (Google Analytics: 14 months; Meta and LinkedIn: per their default). Chatbot transcripts in our Cloudflare KV are retained for 12 months and then deleted. Cloudflare edge logs follow Cloudflare's own retention.
Changes to this policy
If we change what we collect or who we share it with, we update this page and bump the "Last updated" date at the top. Material changes get a banner notice on the homepage for at least 14 days.