Privacy Policy

Effective Date: May 25, 2021

Protecting your private information is our priority. This privacy policy applies to the collection, use and disclosure of personal information we receive from users of Stampli website and our AP invoices approvable process services offered through the website application collectively called “Website”.

What Information Stampli Collects and How We Use It

We collect and use the following data:

Account Information. When you sign up for us to provide Services, our Website asks you to choose a username and password and to provide various types of information, some of it relating to the corporate entity on behalf of which you will be using Stampli, some of it related to individuals. Some of the latter is personal information (“Personal Information”) about:

  • you, either in your personal capacity or in your role of administering a Stampli account for a corporate entity;
  • your employees who will be using the Website; and/or
  • anyone you sign up to interact with your company on Stampli.

The provided information includes:

  • Your company’s name, business information (number of employees, accounting system(s), etc.), billing and mailing address, phone and fax number, LinkedIn and Twitter profile, contact person
  • The names, work phone numbers, department, title and work email addresses of your employees who will be using the Website and Services.
  • Suppliers’ information, name, title, email, phone number billing address and for those of US customers that are using the payment application add Bank Account information.
  • Other specified information by your specific request for the automatization process.
  • A credit card to pay for your subscription to Stampli.

If you enroll an individual on the Stampli app, we will ask that person to provide a name and email address and to choose a password. In addition, if you invite a vendor to connect to the service, we will ask the vendor to provide the same types of information that we asked you to provide.

Stampli uses contact information to provide you with updated information and service your account in other ways. We may also use this information to contact you about additional products or services that may be of interest to you. You will have an opportunity to “opt out” of such offers in the future, if you so choose, upon request.

Use of Cookies.

The Stampli Website may use “cookies” to help you personalize your online experience with us. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.

One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize Stampli pages, register on the Stampli Website or request Services, a cookie helps Stampli to recall your specific information on subsequent visits. This simplifies the process of recording your information, such as billing addresses, shipping addresses, and so on. When you return to the same Stampli website, the information you previously provided can be retrieved, so you can easily use the Stampli features that you customized.

You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Stampli Services or websites you visit.

For detailed information go to Cookies Policy.

Information from other sources. We may obtain information about you from third parties from time to time. We use this information to help us improve our products and services that may be of interest to you and to validate the information you have provided to us. This helps us maintain the accuracy of the information we collect about you in order to provide you with better service.

Non-Personal Information. We may also collect other non-identifying information as part of the registration and personalization process (e.g., zip code and individual preferences). Certain non-identifying information would be considered a part of your Personal Information if it were combined with other identifiers (e.g., combining your zip code with your street address) in a way that enables you to be identified. However, the same pieces of information are considered non-identifying information when they are taken alone or combined only with other non-identifying information (e.g., your viewing preferences). We may combine your Personal Information with non-identifying information and aggregate it with information collected from other users to attempt to provide you with a better experience, to improve the quality and value of the Website and to analyze and understand how the Website is used.

Aggregate Website Visitor Information: Stampli collects the name of the domain through which you access the internet; the date and time you access our Website; the internet address from which you linked to our Website; and the individual address of the computer you used to access our Website. We use this information in the aggregate to administer our Website, to help diagnose and troubleshoot potential server malfunctions, and to gather broad demographic information about usage of our Website.

How Information May Be Shared

We will only share Personal Information with third parties in the ways that are described in the privacy policy or as permitted by law.

Service Providers. We share your Personal Information with third parties as needed to maintain, support and operate the Website, to perform website-related services, to undertake the Services we are providing and to assist us in analyzing how our Website is used (e.g., maintenance services, database management, payment processing, web analytics and improvement of the Website’s features). These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. We may provide Personal Information to your suppliers who are party to your Stampli transaction for the purpose of providing Services to you.

Third Parties Unaffiliated with Stampli. We may provide Personal Information to your suppliers who are a party to your Stampli transaction for the purpose of providing Services to you. Additionally, Stampli may permit you to use third party services whose products can be supported through the Stampli Website, such as third-party data entry service or accounting software providers. Stampli will share Personal Information and support the third parties’ services on the Stampli Website at your direction. When you direct Stampli to share Personal Information with third parties, you agree that Stampli is not responsible for the third parties’ use, misuse, or handling of that Personal Information.

Compliance with Laws and Law Enforcement. Stampli cooperates with government and law enforcement officials or private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of Stampli or a third party, to protect the safety of the public or any person, or to prevent or stop any illegal, unethical or legally actionable activity.

Business Transfers/Transactions. Information, including Personal Information, that we collect from our users is considered to be a business asset. As a result, if we go out of business or enter bankruptcy or if we are acquired as a result of a transaction such as a merger, acquisition, reorganization or asset sale, your Personal Information may be disclosed, sold or transferred to the third-party acquirer in connection with the transaction.

Aggregate Information and Non-Identifying Information. We may share aggregated information which does not include Personal Information and we may otherwise disclose non-identifying information and log data with third parties for industry analysis, demographic profiling and other purposes. Any such aggregated information will not contain your Personal Information. Stampli does not share, rent, or trade Personal Information with third parties for their promotional purposes.

The Website may provide links to other sites. If you choose to visit another site by “clicking on” an external link, you will be directed to that party’s site. We may track whether these links have been followed to improve the quality of the Website and Stampli partnership activities. The fact that we link to another site is not an endorsement, authorization or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise control over third party sites. These other sites may place their own cookies or other files on your computer, collect data or solicit Personal Information from you. This privacy policy addresses the use and disclosure of information that we collect from you through this Website. Other sites follow different rules regarding the use or disclosure of the Personal Information you submit to them. We encourage you to read the privacy policies or statements of the other sites you visit.

Data Retention

We will retain and use your information in accordance with our internal retention, archiving and back-up regimens. We may retain certain Personal Information about you for as long as necessary for the purposes described in this Privacy Policy, which includes keeping contact information after you have cancelled your service with us for the period of time needed for us to pursue legitimate business interests, conduct audits, comply with and/or demonstrate our legal obligations, resolve disputes and enforce our agreements. If you have any questions about data retention policy please contact us by e-mail at

Social Media Widgets

Our Website includes social media features, such as the Facebook Like button and widgets, such as the Share this button or interactive mini-programs that run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Website. Your interactions with these features are governed by the privacy policy of the company providing it.

Declining to provide your personal information

If you do not provide information indicated as required or mandatory within the Service, or that is otherwise necessary to provide a requested service or feature within the Service, that portion or all of the Service may be unavailable to you and we may deactivate your account.

Your Rights

The Stampli app enables you to update, correct, and delete/remove Personal Information regarding you, your employees at any time on the Website app. If you want to cancel our service, contact us by e-mail at at any time. This privacy policy will continue to apply if you cancel our service, or if you are no longer our customer for any reason. If you have any concerns about how Stampli stores or uses Personal Information, please contact us by e-mail at

Stampli has no direct relationship with the individuals whose personal information is contained within the Customer Data processed by the Services. An individual who seeks to access, correct or delete this information should direct their request the Customer. Then if the Customer send us the request for fulfilling, we proceed as in this policy after receiving a direct request from the Customer.

GDPR Rights

To the extent that Stampli’s processing of your Personal Information is subject to the General Data Protection Regulation (“GDPR”), Stampli processes Personal Information to provide the Services and for our legitimate interests, such as improving the Services.

The GDPR grants individuals located in the European Union, UK and Switzerland certain rights regarding their Personal Information. For example, under the GDPR, you have the right to access, correct, receive a copy of, and delete your Personal Information. You also have a right to object to our use of your Personal Information for direct marketing purposes and the right to request that we restrict further processing of your Personal Information under certain situations. Subject to applicable law, you may also have the right to lodge a complaint with your local data protection authority.

If you would like to exercise and of your rights under the GDPR, please feel free to reach out to us via one of the means set out in the “Contact Us” section below.

DPA – Data Processing Agreement

According to GDPR our EU Customers are defined as Controllers and Stampli as Processor. A Data Processing Agreement is a contract between a data controller and a data processor, which describes the roles and responsibilities of the parties when personal data is processed. Article 28 of the GDPR sets out a number of requirements that a Data Processing Agreement must satisfy in order to be compliant with European data privacy law. We have made a Data Processing Agreement available to Stampli Customers. In order review and accept the Stampli DPA please contact us by e-mail at

CCPA Rights

If you are a resident of the state of California, please refer to our Privacy Policy for California Residents part, located at this CCPA link.

International Transfers

Our servers are located in Europe and the United States and to provide you with the Services, we may store, process and transmit information to the United States. We may transfer information that we collect about you, including Personal Information, to affiliated entities, or to other third parties (as provided herein) across borders and from your country or jurisdiction to other countries or jurisdictions around the world. If you are located in the European Union or other regions with laws governing data collection and use that may differ from laws of the United States and state law, please note that you are transferring information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction, and you consent to the transfer of information to the United States and the use and disclosure of information about you, including personal information, as described in this Privacy Policy.

Protection of Children’s Personal Information

To the extent prohibited by applicable law, Stampli does not allow our Services to be used by anyone younger than 16 years old and further does not knowingly collect Personal Information from children.

Changes to This Privacy Policy

If we decide to change our privacy policy, we will post those changes to this privacy policy page, the home page, and other places we deem appropriate, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We reserve the right to modify this privacy statement at any time, so please review it frequently. If we make material changes to this policy, we will notify you here, by email, or by means of a notice on our home page prior to the change becoming effective. Any modifications to this Privacy Policy will be effective upon our posting of the new terms and/or upon implementation of the new changes in the Service (or as otherwise indicated at the time of posting). If you disagree with any changes to this Privacy Policy, you should terminate your Services with us and contact us if you want to exercise any of your rights described in this Privacy Policy.

Stampli Data Security and Protection

Stampli is committed to protect the security and privacy of your information. We know that information regarding you and your company is extremely important and confidential. We are committed to protect your Personal Information. We have adopted commercially reasonable technical, administrative, and physical procedures to help protect your Personal Information from loss, misuse, unauthorized access, and alteration. This includes, among other things, using industry standard techniques such as firewalls, encryption, intrusion detection and Website monitoring. In addition, we use standard security protocols and mechanisms to exchange the transmission of sensitive data such as credit card details. When you enter sensitive Personal Information such as your credit card number on our Website, we encrypt it using secure socket layer (SSL) technology.

Stampli uses reasonable measures – consistent with industry standard practices – as well as some advanced security and process controls designed to ensure that the security, confidentiality, integrity and availability of your data are protected. However, no method of transmission over the Internet or electronic storage is one hundred percent secure. Therefore, we cannot guarantee its absolute security. Stampli may store and process data in the US as well as other jurisdictions where our service providers may be located.

In the event that personal information is compromised as a result of a breach of security, Stampli will promptly notify those persons whose personal information has been compromised in accordance with the notification procedures set forth in this Privacy Policy and as required by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Information and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), or any other applicable law.


When you sign up for Stampli, you provide an email address and password to access our Website. You can help protect your information by using a strong password, keeping your password secret and by changing it from time-to-time.

Contact Us

If you have any questions about this Privacy Policy or if you would like to exercise any of your rights described in this Privacy Policy, you can contact us by any of the means below.


Stampli, Inc.
191 Castro Street,
Mountain View, California 94041

Privacy Policy for California Residents

Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“Personal Information”). Personal Information we have collected from you over the past twelve-month period may include the following categories:

CategoryExamplesCollected by Stampli
IdentifiersName, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.Yes
Categories of Personal Information described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).Name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories.Yes
Protected classification characteristics under California or federal law.Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information
(including familial genetic information).
Commercial information.Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.No
Biometric information.Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.No
Internet or other similar network activity.Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.Yes
Geolocation data.Physical location or movements.Yes
Sensory data.Audio, electronic, visual, thermal, olfactory, or similar information.No
Professional or employment-related information.Current or past job history or performance evaluations.Yes
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.No
Inferences drawn from other Personal Information.Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.No

Personal Information does not include:

  • Publicly available information from government records.
  • De-identified or aggregated consumer information.
  • Information specifically excluded from the scope of the CCPA such as health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (CFIPA), and the Driver’s Privacy Protection Act of 1994.

Categories of Sources of Personal Information

We collect Personal Information relating to you from the following categories of sources:

  • Directly from you. For example, the information you provide when you sign up for our Services or request that we contact you by filling out one of the forms on our website.
  • Indirectly from you through the Services. The Services collect certain information automatically and stores it in log files. The information may include (i) internet protocol (“IP”) addresses, (ii) the region or general location where your computer or device is accessing the internet, (iii) browser type, (iv) operating system, and (v) other usage information about the use of the Services, including a history of the pages you view.
  • Third parties. For example, you may provide us with information so we can deliver our Services to you, which may include Personal Information that belongs to someone else, such as one of your vendors.

How We Use and Disclose Personal Information

Use of Personal Information

Except as described in this CCPA Privacy Notice, we will not disclose information about you that we collect on the Services to third parties without your consent. We may use and/or disclose the Personal Information described above for one or more of the following business purposes:

  • To fulfill or meet the reason for which the information is provided;
  • To provide you with information, products or services that you request from us;
  • To provide you with email alerts, event registrations and other notices concerning our products or services, or events or news, that may be of interest to you;
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections;
  • To improve our Services;
  • For testing, research, analysis and product development;
  • As necessary or appropriate to protect the rights, property or safety of us, our clients or others;
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
  • As described to you when collecting your Personal Information or as otherwise set forth in the CCPA; and
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us is among the assets transferred.

We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Disclosure of Personal Information to Third Parties

We disclose your Personal Information to the following categories of third parties for a business purpose:

  • Our affiliates.
  • Service providers.
  • Third parties to whom you or your agents authorize us to disclose your Personal Information in connection with the Services.

Categories of Personal Information Disclosed to Third Parties

We have disclosed the following categories of Personal Information in the preceding twelve-month period:

  • Identifiers.
  • Characteristics of protected classifications under California or federal law (Cal. Civ. Code § 1798.80(e)).
  • Protected classification characteristics under California or federal law.
  • Internet or other similar network activity.
  • Geolocation data.

Sale of Personal Information

We do not sell your Personal Information. We have not sold any Personal Information in the preceding twelve-month period.

Your Rights Under the CCPA

The CCPA providers California residents with specific rights regarding their Personal Information. The following is a description of your rights under the CCPA and how you can exercise such rights.

Access and Data Portability

You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we verify your request, we will disclose to you:

  • The categories of Personal Information we have collected about you.
  • The categories of sources from which the Personal Information about you is collected.
  • The business or commercial purpose for collecting or selling Personal Information.
  • The categories of third parties with whom we share Personal Information.
  • The specific pieces of Personal Information we have collected about you.
  • If we sold or disclosed your Personal Information for a business purpose:
    • the categories of Personal Information that we have collected about you;
    • the categories of Personal Information that we have sold about you and the categories of third parties to whom the Personal Information was sold, by category or categories of Personal Information for each category of third parties to whom the Personal Information was sold;
    • the categories of Personal Information that the business disclosed about you for a business purpose.

Right to Deletion

You have the right to request that we delete any of your Personal Information that we have collected from you and that we retain, subject to the limitations set forth below. Once we can verify your consumer request (as described below), we will delete your Personal Information from our records and direct any service providers to do the same, if applicable, unless an exception applies.

We may deny your request to delete your Personal Information if we need that information for any of the following purposes:

  • To complete the transaction for which the Personal Information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business’ ongoing business relationship with you, or otherwise perform our contract with you.
  • To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for that activity.
  • To debug to identify and repair errors that impair existing intended functionality.
  • To exercise free speech, ensure the right of another consumer to exercise that consumer’s right of free speech, or exercise another right provided for by law.
  • To comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
  • To engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the business’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent.
  • To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business.
  • To comply with a legal obligation.
  • To otherwise use your Personal Information, internally, in a lawful manner that is compatible with the context in which you provided the information.

Exercising your Rights – Consumer Requests

To exercise any of your rights described in this CCPA Privacy Notice, please submit a consumer request by emailing us at (in your request, please note you are writing about “Personal Information” in the subject or body of the email).

Only you or an agent registered with the California Secretary of State who is authorized by you can submit a consumer request relating to your Personal Information. You, or your agent, may only make two consumer requests within a twelve-month period. You must provide us with information that is sufficient to allow us to reasonably verify your identity, or to confirm that you are an authorized representative of that person. You must describe your request in enough detail to allow us to properly evaluate and respond to your request.

If we cannot verify your identity or verify the authenticity of your representative then we will be unable to respond to your request. You do not need an account with us in order to submit a consumer request. We will limit the use of any information provided to verify a consumer request to verification purposes only.


We will work to respond to a verified consumer request within 45 days of receipt of the request. We may reasonably require additional time to comply with your request. In such a case, we will notify you in writing within the initial 45-day period that we require additional time (up to 90 days where necessary). If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Disclosures will only cover the twelve-month period preceding your request. Where necessary, we will explain the reasons we cannot comply with a request. For data portability requests, we will select a format to provide your Personal Information that is readily useable and transferable.

We do not normally charge a fee for processing or responding to consumer requests. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.


We will not discriminate against you for exercising any of your rights under the CCPA. Unless permitted by the CCPA, we will not:

  • Deny you services.
  • Charge you different prices or rates for services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of services.
  • Suggest that you may receive a different price or rate for services or a different level or quality of services.