This policy sets out how we use your information and provides you with information about the personal data we collect, how we keep it secure, how we ensure your privacy is maintained and your rights relating to the personal information we hold about you.

This policy applies to you if you use any of the services of CostPocket OÜ either on your computer or on your mobile device and if you contact CostPocket via email or phone to in person to enquire about CostPocket’s services or have phone or email contact with CostPocket for support and incident resolving purposes.

If you use CostPocket’s services to send receipts to accounting since the company you work for has signed up to CostPocket, we refer to you in this policy as “company’s employee” or “you”.


CostPocket OÜ is a company incorporated in Estonia (referred to as “we” or “us” in this policy) that enables companies to streamline their expense reporting processes by enabling companies to collect, digitalize, sort, archive and send company and employee receipts to accounting software via CostPocket’s webpage or mobile application solution. CostPocket enables the company’s employees access to CostPocket’s mobile application for sending their receipts to the company's accounting software. For a more thorough description of our services and how we provide them, please refer to the Terms & Conditions of CostPocket OÜ available on our cloud environment and in our application.

We understand that privacy and the security of the company’s employees’ personal information is extremely important and we are committed to maintaining the trust and confidence of the visitors to our cloud environment and application.

It is our goal to always keep the personal data secure and respect all privacy rights.

We will always handle personal data fairly and legally and are committed to being transparent about the data we collect and how we use it.

This document regulates processing personal data in the CostPocket application and cloud environment at the date of accepting this Privacy Policy and is in effect for the following CostPocket cloud environments/ applications:
  • CostPocket iPhone app
  • CostPocket Android app
  • app.costpocket.com
  • cloud.wizard.finance
  • cloud.costpocket.com
  • cloud.tsekk.ee
  • digi.costpocket.com
We don't sell any information to other organisations and businesses.


We may process the following information about the company’s employees:
  1. first name and last name
  2. contact details (telephone numbers and e-mail address)
  3. information on purchases made by the employee, as available on the receipt (for example: name of supplier, supplier registration number, supplier VAT code, VAT amount, net amount, amounts paid, document data, document number, currency. In case of invoices, reference number, payment date and payment IBAN are processed)
  4. general high level payment information such as bank or payment solution provider’s name used by the employee, as available on the receipt
  5. employee's bank account details, in case the employee has voluntarily submitted such information in order to receive compensation for receipts automatically onto their bank account
  6. account login details, including user name(s), company ID and similar
  7. correspondence and communications with us
  8. device ID and other details such as make and model and the version numbers of the operating system and application you use
  9. your preferences in using the application (language, etc)
  10. geolocations and addresses for milage calculation
  11. IP address
We may collect some of the above personal data directly, for example when the company or the employee sets up an account on our cloud environment or in our application, or send an email or online or in-app enquiry to our customer success team. Other personal data is collected indirectly, for example, browsing or order activity. We also may consult publicly available sources, if this is necessary to provide Services to you, such as Commercial Registers or for fraud prevention and security purposes. We do not process all of the personal data listed above for all cases, instead the above is a comprehensive list of data CostPocket may process, depending on the type of Services requested by you and/ or type of receipts submitted.


Our legal basis for processing your personal data set out in 1-8 above is that it is necessary to fulfil our agreement with you, provide services to you as you requested and to comply with our legal obligations.

Our legal basis for processing your personal data for personal data set out in 9-10 above is our legitimate interest in enabling your access to our site, presenting relevant products and content to you, giving you a pleasant user experience and our legitimate interest in business development.


The information we collect may be used to:
  • provide products and services to you
  • process your orders/ subscription
  • take payment from you or provide you with a refund
  • manage any account(s) that you hold with us
  • verify your identity and ensure that our customers are genuine
  • detect and/or prevent crime or fraud, and related purposes
  • carry our statistical analysis
  • conduct market research
  • help us understand more about you as a customer
  • personalise your experience with CostPocket
  • tailor our cloud environment to you
  • improve our services, apps and cloud environment
  • contact you about products and services
  • provide online advertising
  • help answer your questions and solve any issues you have
  • manage customer service interactions with you.
We will only use your personal data for marketing purposes with your consent. We may do this by post, email, text message, by phone, online or through social media, push notifications via apps, or other electronic means and will aim to update you about those products and services you are interested in or which are relevant to you.

You may amend your marketing preferences and have the right to opt-out of receiving promotional communications at any time, by:
  • clicking the “unsubscribe” link in our emails or using the “STOP” number for texts
  • contacting us.
We won't send you marketing messages if you tell us not to, but we will still need to send you occasional service-related messages.


We share personal data with subprocessors listed below. We share personal data with other service providers to the extent that this is necessary to provide our services to the company. We may also share personal data with other entities within our group for processing of data within the scope of this Privacy Policy. Personal data may be disclosed to authorities if required by law.

With the employee’ consent, we may share personal data with other third parties. We may share personal data with third parties when a person enter’s CostPocket’s website - this is regulated through our Cookie Policy, which you find here.

As the recipients mentioned below may be established anywhere in the world, the personal data may be transferred globally. If data originating from the EEA is transferred to countries outside the EEA, we will adopt appropriate safeguards, including using European Commission Standard Contractual Clauses, if necessary.

Purpose Service used EU data center used
Microsoft Ireland Operations Limited Infrastructure Azure Cogniticve Sercices (OCR), data and app hosting Germany
Google Cloud EMEA Limited Business communications, text-recognition Google Vision, Business suite - Gmail, Calendar, etc, Maps, Maps Distance Matrix API Germany
Slack Inc Productivity Work communication Germany
SendGrid Inc Infrastructure E-mail sending API. Read Read Data Protection Addendum
Hubspot Inc Productivity Customer support tool. Germany
SternDigital OÜ human digitisation partner Germany
OpenAI Inc Our ChatGPT based customer support bot "Eevald" uses OpenAI API. Completions.


We store personal data with the following hosting providers:

EU data center used
Digital Ocean Personal data stored and processed in the EU only under applicable safeguards in compliance with EU regulations. Data porcessing agreement Germany
Microsoft Ireland Operations Limited Personal data stored in EU, might be processed outside of EU. More information here. Germany
Google Cloud EMEA Limited Personal data stored in EU, might be processed outside of EU. More information here Germany
Slack Inc Personal data stored in EU, might be processed outside of EU. More information here Germany

Please note that the company you work for, which has signed up to CostPocket may also choose to share your personal data with other third party service providers in order to make the receipt collection and compensation process more efficient. CostPocket takes no liability over such third party providers and shares personal data with such processors only in case of the company’s explicit request. The company is responsible for signing up such third party service providers and their proper storing, using and processing personal data. If you as an employee of the company want to receive more information on how such third party service providers process your personal data, kindly request this information from the company itself directly.


Although we will do our best to protect personal data, we cannot guarantee the security of your data transmitted to our site. Any transmission is at your own risk. We recommend that you:
  • keep your account passwords private
  • change your password often
  • do not use the same password for multiple accounts, applications or websites.


We will store personal data for as long as necessary to fulfil the purposes described in this Privacy Policy. These are the criteria that we use to determine when we will delete personal data:
  • We retain data to the extent required by law (such as tax/bookkeeping laws)
  • We retain data such as contact data, subscription and order data and communication data to the extent relevant for limitation periods for potential claims (typical five to seven years after the date of purchasing services from CostPocket)
  • We respect your marketing preferences. In case you subscribe to our newsletter, we retain your personal data as long as you have consented to receive marketing communications from us.


Within the conditions/limitations set out in applicable law, you have the following privacy rights:

Right to information. You have the right to obtain further information on our use of your personal data.

Right of access. You have the right to receive a copy of your personal data.

Right to rectification. You have the right to ask us to correct your personal data if it is incorrect or incomplete, such as by changing your details on your account.

Right to be forgotten. You have the right to request the erase of your data if we do no longer need them.

Right to data portability. You have the right to obtain personal data that you have provided to us in a format that enables you to transfer that personal data to another organization. You may also have the right to have your personal data transferred directly from us to such organization.

Right to object to processing of personal data. You have the right to object to our use of your personal data, such as to unsubscribe to marketing emails.

You can exercise your rights by contacting us.

If you think that we have processed your personal data in a manner that is not in accordance with data protection law, we hope that you contact us, so that we can provide answers and correct any misunderstandings. You have the right to make a complaint to the relevant data protection authority), which is the authority in the EEA country where you live and work.


This Policy was last updated in 06. March 2023.