Versa End User Privacy Policy

Effective Date: Nov 12, 2025
Last Updated: Nov 12, 2025

1. Overview

Versa provides technology that helps you connect your business accounts—such as a bank, card, or expense platform—with merchants and service providers so that itemized receipts, folios, or transaction data can be synced automatically into your account.

When you use Versa Link to establish these connections, Versa acts as a technology provider to the merchant or platform you are connecting. This Policy explains how Versa collects, uses, and protects your information during that process.

2. Information We Collect

When you use Versa Link, we may collect the following information to facilitate your connection:

• Identifiers: such as your name, email address, or account identifiers supplied by the merchant or platform.
• Connection metadata: such as timestamps, IP address, browser or device type, and connection status.
• Transaction or receipt data: itemized folios, transaction summaries, or invoice details supplied by the merchant when you authorize the sync.
• Credentials or tokens: Versa does not collect or store your account passwords. We exchange encrypted tokens with your selected merchant and platform to complete the connection.

3. How We Use Your Information

We use your information only to:

• Establish and maintain the connection you authorize between your merchant and financial account.
• Route and deliver receipt or transaction data between those parties.
• Comply with legal obligations and maintain security, fraud prevention, and audit logs.

We do not sell your personal information or use it for marketing or advertising.

4. How We Share Information

We share data only with:

• The merchant or service provider you select.
• The platform or financial account provider you connect (for example, Ramp, Brex, Navan, Emburse, Expensify).
• Subprocessors that help us securely operate Versa Link (such as hosting or encryption providers, listed at versa.org/legal/subprocessors).

We do not share data with any other third parties.

5. Data Retention

Connection metadata is retained as long as necessary to maintain logs and security records.

Transactional data is retained only as long as necessary to complete delivery or as required by law or by the platform or merchant you connect.

You may revoke access or request deletion by contacting us at security@versa.org.

6. Legal Basis (for EEA/UK Users)

We process your information under one of the following lawful bases:

• Performance of a contract — when providing the Versa Link service you request.
• Legitimate interest — to ensure secure operation and fraud prevention.

You may exercise your GDPR rights (access, correction, deletion, restriction, or portability) by contacting us at security@versa.org.

7. Security

Versa employs encryption, tokenization, and access controls to protect your information. Versa does not store your financial credentials.

8. Updates

We may update this Policy from time to time. When we do, we'll revise the "Last Updated" date above and post the updated version at versa.org/en/legal/end_user_privacy.

9. Contact

Bend Technology, Inc. (DBA Versa)
security@versa.org