Expensify outsources all data extraction offshore and already experienced multiple breaches exposing customer data to hackers. Some articles are listed below. The rest are being removed by Expensify staff from the internet to hide this fact.

Expensify sent images with personal data to Mechanical Turkers, calls it a feature
https://arstechnica.com/information-technology/2017/11/expensify-acknowledges-potential-privacy-problem-by-calling-it-a-feature/

Expensify CEO says its ‘automated’ service is ‘proud’ to use humans to process receipts
http://www.businessinsider.com/expensify-is-proud-to-use-humans-in-its-automated-service-2017-11

"TL;DR: Expensify’s deceptive mechanical turk army may have resulted in me coming within seconds of losing $30k, and almost certainly leaves them exposed to massive liabilities as they wantonly give away personally identifiable information to low-paid contract workers that are not bound to confidentiality."
https://news.ycombinator.com/item?id=15796189

Technology companies serving CPAs in California not disclosing offshore labor are causing these CPAs to fall out of compliance. Ref AICPA regulation.

More information comparing Expensify to Veryfi can be located here https://www.veryfi.com/expensify/