Expensify
VantaVerified May 2026Expensify Compliance & Certifications
SOC 1 Type IISOC 2 Type IIISO 27001PCI DSSHIPAACSA STARGDPR
Frequently Asked Questions
Does Expensify have SOC 1 Type II?
Yes. Expensify holds SOC 1 Type II, SOC 2 Type II, ISO 27001, PCI DSS, HIPAA, CSA STAR, GDPR certifications. You can view their trust center at trust.expensify.com for full security and compliance documentation.
Where can I find Expensify's security documentation?
Expensify publishes their trust center on Vanta at trust.expensify.com. It includes security policies, compliance certifications (SOC 1 Type II, SOC 2 Type II, ISO 27001, PCI DSS, HIPAA, CSA STAR, GDPR), and other documentation.
Does Expensify have ISO 27001 certification?
Yes, Expensify is ISO 27001 certified. This international standard confirms they have implemented a comprehensive information security management system (ISMS).
Is Expensify HIPAA compliant?
Yes, Expensify is HIPAA compliant and can support healthcare organizations that handle protected health information (PHI).