BaseRally

Privacy Policy

Last updated: January 2, 2026

This Privacy Policy explains how BaseRally ("we," "us," or "our") collects, uses, and protects your personal information when you use our expense tracking and compliance reporting service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Username and password (encrypted)
  • Organization name and type
  • State jurisdiction for compliance purposes

1.2 Financial Data

To provide our expense tracking service, we process:

  • Expense records (amounts, dates, vendors, categories)
  • Receipt images and attachments
  • Donation records (for campaign mode)
  • Donor/contributor information you provide
  • Mileage and travel expense data

1.3 Payment Information

Payment processing is handled by Stripe. We do not store your full credit card numbers. Stripe's privacy policy governs their handling of your payment data.

1.4 Usage Data

We automatically collect:

  • Log data (IP address, browser type, pages visited)
  • Device information (operating system, device type)
  • Feature usage patterns
  • Error reports

2. How We Use Your Information

We use your information to:

  • Provide and improve our expense tracking service
  • Process receipts and categorize expenses
  • Generate compliance reports
  • Send service notifications and deadline reminders
  • Process payments and manage subscriptions
  • Respond to support requests
  • Prevent fraud and ensure security
  • Comply with legal obligations

3. How We Share Your Information

3.1 Service Providers

We share data with third-party providers who help us operate our service:

  • Stripe - Payment processing
  • Amazon Web Services - Cloud hosting and storage
  • SendGrid - Email delivery
  • Google Cloud - Receipt image processing (Vision API)

3.2 Legal Requirements

We may disclose information when required by law, legal process, or government request.

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

3.4 With Your Consent

We share information when you give us explicit permission.

We do NOT sell your personal information. We do not rent, trade, or sell your data to third parties for marketing purposes.

4. Data Retention

  • Active accounts: We retain your data for the duration of your subscription plus 90 days
  • Financial records: 7 years (to comply with legal requirements)
  • System logs: 90 days
  • Deleted accounts: Data permanently deleted after 30-day grace period, except as required by law

5. Your Rights (GDPR)

If you are in the European Union, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restrict processing: Limit how we use your data
  • Data portability: Receive your data in a portable format
  • Object: Opt out of certain processing activities

To exercise these rights, contact us at privacy@baserally.com.

6. Your Rights (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Request correction of inaccurate information
  • Opt-out of the sale of personal information (we do not sell your data)
  • Non-discrimination for exercising your privacy rights

7. Cookies and Tracking

We use cookies and similar technologies to provide and improve our service. See our Cookie Policy for details.

8. Data Security

We protect your data with:

  • Encryption in transit (TLS/SSL) and at rest
  • Secure access controls and authentication
  • Regular security assessments
  • Employee security training
  • Incident response procedures

While we implement robust security measures, no system is 100% secure. We cannot guarantee absolute security.

9. International Transfers

Your data is processed and stored in the United States. If you are outside the US, your data will be transferred internationally. We use appropriate safeguards, including standard contractual clauses where required.

10. Children's Privacy

BaseRally is not directed at children under 13. We do not knowingly collect personal information from children. If we learn we have collected data from a child under 13, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification. The effective date is shown at the top of this page.

12. Contact Us

For privacy-related questions or to exercise your rights:

Email: privacy@baserally.com