This website requires JavaScript.
Skip to content

Spendesk privacy policy

We value the integrity of your personal data and aim to process your personal data fairly and transparently. This Privacy Policy aims to describe how we process your personal data in the context of your use of the Spendesk website, and to inform you on the rights you hold as a result.

Subscription and use of the services

In subscribing to our services, filling in a contact form on our website ( or other sites owned by us (Spendesk SAS), or otherwise using our services, you acknowledge that we have access to the information contained in the entries you create in your account, as well as certain information on the payments made directly with your Spendesk card or otherwise recorded on our website, and may gather, process, store and/or use any personal data thus provided in accordance with the policy set out below.

We may process the personal data we collect for the limited purposes described in the Privacy Policy below, and thereby act as data controller for those limited purposes. However your company is considered the data controller within the meaning of the General Data Protection Regulation (known as the “GDPR”), and we act only as a data processor, as regards the processing of your information for the purpose of providing the services subscribed by your company.

In that capacity and within the scope of the services, your company is responsible in particular for:

  • making any declarations necessary to the relevant data protection authority
  • complying with its obligations as data controller under all applicable laws and regulations informing you about their data processing practices and, if required, obtaining your explicit consent when collecting your personal data,
  • ensuring they have the authority to use the personal data collected in accordance with the defined purposes and refraining from any unauthorised use.

Your company is also responsible for providing you with information on how they process your personal data for their own purposes, including for the administration and management of expenses and reimbursements. This information may be included in your company’s HR privacy policy or any other policy provided to you before you use the website. Any claims against your company should be made using the procedure described in your company’s policy.

The payment cards the Spendesk services allow you to use are issued by Transact Payments Limited, licensed by the Gibraltar Financial Services Commission with its registered office at 6.20 World Trade Center, 6 Bayside Road, Gibraltar, GX11 1AA and company registration number 108217, who will also receive your personal data as data controller for that purpose. For more information on their use of your personal data, please see their privacy policy available here.

Identity and contact details

Personal data is collected on our website by Spendesk SAS, a company registered under the laws of France under number 821 893 286 with the Paris Trade & Companies Register, and having its registered office at 28 rue d'Hauteville, 75010 Paris, France.

You may lodge any complaints on the manner in which we handle your personal data with your local supervisory authority (for France, the CNIL).

Data collected on the site

Personal data is collected when you register as a user and use our services. This may include information about who you are and how to contact you, browsing data and other technical data collected automatically through your activity on the website, information on the transactions you record through your Spendesk card and/or the website (including purchase history, receipts, amounts, etc.), professional information about identification within your company, your role and team, any requests, information on your subscription and/or account and any cards you hold, any expense policies applicable to you, and your communication with our teams.

Please ensure any information or documents you upload to the website does not include any sensitive personal data, such as Government identifiers (i.e. social security, driving licence, or taxpayer identification numbers), complete credit card or complete personal bank card numbers, medical records or particulars connected with applications for care or treatment associated with private individuals. By way of exception, if you are a manager or a business account holder, we may need to collect proof of your identity, as per our Terms, in order to verify your identity and deliver our services to you securely and in compliance with applicable laws.

You are responsible for ensuring that any third party whose personal data is entered into our services by you or through your use of a Spendesk card has been adequately informed and has consented to their personal data being collected.

The principal purpose of collecting your personal data is to offer you an optimum, efficient and personalised experience when you use our services. To this end, you acknowledge that we may use your personal data, on the basis of our legitimate interest in offering high quality services and developing our customer relationships to:

  • personalise, assess, and improve our services, content and materials;
  • analyse the volume and history of your use of our services;
  • suggest tips custom to your usage;
  • inform you about our services, any updates, and any new services that may be of interest to you

Newsletter and marketing emails

You may unsubscribe from receiving any newsletter and marketing emails we may send you at any time by following the unsubscribe link included in every newsletter and marketing email sent to you by Spendesk.

Email tracking

Without systematically doing so, we may analyse and track the click rates and the number of emails sent which you open to assess performance rates on our emailing campaigns.


With your consent, Spendesk may publish a list of Customers & Testimonials on its site with information on your company and with reference to your name and your job title. Spendesk will only publish any such testimonial on its website with your express consent.

Third party disclosures

Certain personal data relating to you collected on our website may be forwarded to Spendesk’s partner companies or third party providers so that we may obtain assistance and support in the context of carrying out our services. Spendesk ensures that it has in place clear data protection requirements for all of its third party providers.

Spendesk does not sell or rent your personal data to third parties for their own marketing purposes.

Spendesk does not otherwise disclose your personal data to third parties, except if: (1) you (or your account owner acting on your behalf) requests or authorises disclosure thereof; (2) the disclosure is required to process transactions or supply services which you have requested; (3) Spendesk is compelled to do so by a government authority or a regulatory body, in the case of a court order, a summons to appear in court or any other similar requisition from a government or the judiciary, or to establish or defend a legal application; or, (4) the disclosure is necessary to comply with Spendesk’s legal and/or regulatory obligations.

Spendesk will inform you immediately, to the extent we are legally authorised to do so, in case of any application or order originating from an administrative or judicial authority relating to your personal data.

Your data protection rights

You can modify your identifying personal data (title, first name, last name, email, phone number, password) at any time by logging onto your account’s “My profile” section.

In accordance with the French Data Protection Law of 6 January 1978 as amended, and, as of May 25th 2018, the GDPR, you have the right to access, correct, request the portability, request the deletion, and/or oppose the processing of your personal data, under the conditions provided by the GDPR.

You may request to exercise your rights by sending us an email at We will acknowledge receipt of your request within a few days of receiving it, but may need up to 30 days to inform you of our decision to process it or not (unless specific circumstances justifying a longer processing time apply, in which case you will be notified). We may require that your request be accompanied by a photocopy of proof of identity or authority.

In addition, in the event a third party whose personal data you have included in data you enter into our services makes a request to exercise his/her data protection rights, we will honor that request after proper verification and will inform you of any consequences on the data available to you.


As a general rule, Spendesk uses cookies to improve and personalise its Website and/or measure its audience. Cookies are files saved on your computer’s hard drive when browsing on the Internet and in particular on our site. A cookie is not used to gather your personal data without your knowledge but instead to record information on site browsing which can be read directly by Spendesk on your subsequent visits and searches on the site.

The cookies used by Spendesk are intended to enable or facilitate communication, to enable the services requested by users to be supplied, to recognise users when they revisit the site, to store the first referrers of traffic, to register logged-in sessions, to measure impact of ad campaigns and to enable Spendesk, internally, to carry out analyses on hit rates and browsing experience so as to improve content, and to track email opening rates, click rates and bounce-back rates at individual levels.

By default, cookies are not installed automatically (with the exception of those cookies needed to run the site and Spendesk’s services), and your consent is sought prior to heir installation by way of a banner, in compliance with applicable regulations. You may provide your consent implicitly by continuing your navigation on the website after having been informed of the use of cookies.

You can choose to decline acceptance of any or all cookies, but depending on the cookies you choose to decline, your experience of the website may be deteriorated.

To oppose the use of the cookies used on our Website, please refer to the links provided in the table below:

Analytics and customisation cookies.

These cookies collect information that is used either in aggregate form to help us understand how our websites is being used or how effective our marketing campaigns are, or to help us customise our website for you.

Served by Purpose Opt-out
Google Analytics Used to measure how you interact with our website. Opt-out
Mixpanel Used to measure how you interact with our website. Opt-out
Fullstory Used to record logged-in sessions and help debugging and improving our website. Opt-out
Hubspot Used to measure how you interact with our website. Opt-out
Salesloft Used to remember the first visits UTMs. Opt-out link inside every email
Segment Used to enable analytics and functionalities of all the other tools, including Segment. Opt-out
Spendesk Used to remember the first visits UTMs. Opt-out
Appvizer Used to measure how you interact with our website. Opt-out

Performance and functionality cookies.

These cookies are used to enhance the performance and functionality of our website.

Served by Purpose Opt-out
Intercom Used to enable customised chat conversations Opt-out
Wootric Used to enable satisfaction surveys Opt-out

Advertising cookies.

These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously re-appearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

Served by Purpose Opt-out
Linkedin Retargeting Pixel Opt-out
Facebook Retargeting Pixel Opt-out
Adwords Advertising cookie Opt-out

Data retention period

Spendesk retains the personal data it collects about you in active databases, log files or other types of files so long as you use our services, and in accordance with the current regulations in force.

Spendesk in no way undertakes to store all your data indefinitely. You are able to access some data so long as you hold an active account with us and for a period that varies depending on the type of data concerned and the subscribed plan, as well as your employer’s instructions, but, in no event for longer than one year after closing of your account. The data may be deleted at any time during active use of your account in accordance with the provisions set forth above and/or as set out in our terms of use. We may continue to use non-identifiable data that has been aggregated for analytical purposes beyond this period.

Location of data storage and transfers

The host servers on which Spendesk processes and stores its databases are located exclusively within the European Union (in Ireland). However, some data might transit and be stored outside of the European Union via the usage of certain third party processors located in the United States. Any transfers towards such third-parties will be protected by adequate frameworks such as a Privacy Shield certification or a data transfer agreement based on the EU Commission’s model clauses.


Within the framework of its services, Spendesk attributes the very highest importance to the security and integrity of its customers’ personal data.

Thus and in accordance with the GDPR, Spendesk undertakes to take all pertinent precautions in order to preserve the security of the data and, in particular, to protect them against any accidental or unlawful destruction, accidental loss, corruption, unauthorised circulation or access, as well as against any other form of unlawful processing or disclosure to unauthorised persons.

To this end, Spendesk implements industry standard security measures to protect personal data from unauthorised disclosure.

Moreover, in order to avoid in particular all unauthorised access, to guarantee accuracy and the proper use of the data, Spendesk has put the appropriate electronic, physical and managerial procedures in place with a view to safeguarding and preserving the data gathered through its services.

Notwithstanding this, there is no absolute safety from piracy or hackers. That is why in the event a breach of security were to affect your rights, Spendesk undertakes to inform you thereof without undue delay and to use its best efforts to take all possible measures to neutralise the intrusion and minimise the impacts.

Privacy policy changes

This Privacy Policy may change at any time, in particular pursuant to any changes made to the laws and regulations in force, or if we make any substantial improvements, additions or changes to our practices regarding your personal data. We will ensure we keep you informed of any substantial changes in due course.

If you have any questions regarding this Privacy Policy, feel free to email us directly at: or contact us by mail to: Spendesk SAS, 51 rue de Londres, 75008 Paris.undefined

🍪 We use cookies to optimize your user experience. By browsing our website, you agree to the use of cookies.

Read our cookies policy