Navan Expense
Navan Expense unites corporate cards and expense management with our travel solution to give finance leaders real-time control and visibility across all spend. Employees can confidently spend and get reimbursed on the things they need, and finance teams can rest easy knowing that the spend is always within policy. By automating the entire journey — from expense reports to closing the books at the end of the month — everyone can enjoy the gift of time back.With the Navan Expense app for Slack, users can manage virtual card requests and approvals for spend on things like software subscriptions, advertising, WFH expenses, and other spot purchases directly within Slack. Employees can request spend by typing “/liquid-new,” and approvers get instant notifications to take action on these requests directly within Slack.
Permissions
Navan Expense will be able to view:
Navan Expense will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
General
Developer
TripActions Inc.
Company headquarters location
United States
Terms of service
Privacy & data governance
Data retention policy
TripActions retains Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. If you are a Corporate Customer or Traveler, we retain your Personal Information as long as we are providing Services to you. We may retain Personal Information and certain records of your transactions to the extent necessary to comply with our legal and regulatory obligations. We may also retain Personal Information in light of our legal position such as in regard to applicable statute of limitations, litigation, or regulatory investigations.
Data archiving and removal policy
Security logs and security compliance related documentation are kept for at least 24 months. The retention period of all other data such as customer data, PII, booking information, etc., will follow Legal’s Data Retention Policy, Data Retention Schedule and guidance. Please refer to your contract agreement for further details.
Data storage policy
All TripActions employees and vendors are responsible for the secure storage of TripActions’ and TripActions’ customers’ data in compliance with our Data Classification and Handling Policy. All critical data at rest must be encrypted as described in TripActions’ Encryption Management Policy. The use of external mass storage devices (e.g., usb thumb drive, memory sticks, cards, and all removable hard drives) will not be permitted.
Data center location(s)
United States, Germany
Data hosting details
Cloud hosted
Data hosting company
AWS
App/service has sub-processors
yes
Guidelines for sub-processors
Certifications & compliance
Data deletion request procedure
TripActions typically retains client data for 18 months after a period of inactivity before it is deleted. In almost all cases, a client user, admin, delegate, can modify or delete client data directly from the TripActions' platform through the TripActions' apps' User Interface (UI), which includes information about travelers, trips, bookings - everything. If a TripActions' client prefers to formally request deletion of a user from the TripActions system, clients can work with their TripActions' Customer Success Manager (CSM), or send an email to privacy@tripactions.com and TripActions will obfuscate and remove the users information from TripActions' systems.
HIPAA compliant
no
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack Marketplace, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Security
Supports Single Sign On (SSO) with the following providers
Okta among others
Supports Security Assertion Markup Language (SAML)
yes
Has a dedicated security team
yes
Contact for security issues
security@tripactions.com
Has a vulnerability disclosure program
yes
Vulnerability disclosure program URL
Vulnerability disclosure program covers Slack app
no
Has a bug bounty program
yes
Bug bounty program URL
Requires third party authorization/connections
no
Uses token rotation
no