Privacy Policy

Account information. When you create an account, we collect your name, email address, and a hashed version of your password. We never store your password in plain text.

Transaction data. The expenses, income, categories, accounts, and budgets you enter into Pennify. This data belongs to you. You can export it or delete it at any time.

Usage data. Basic analytics such as which features you use and how often the app is opened. We use this to improve the product. We do not track individual behaviour for advertising purposes.

Device information. Your device type, operating system version, and app version. Used for debugging and compatibility.

Payment information. If you subscribe to Pro or Family, payments are processed by LemonSqueezy. We do not store your credit card number. We only receive confirmation of successful payment and your subscription status.

We do not collect or access your bank credentials directly. If you use bank account linking (a Pro feature), that connection is handled by a regulated third-party banking aggregator using read-only, tokenised access. We cannot move or modify your money.

We do not use advertising trackers, third-party analytics SDKs that profile users, or any technology designed to build a behavioural profile of you for marketing purposes.

Your data is used exclusively to provide and improve the Pennify service:

• To power your dashboard, reports, budgets, and transaction history.
• To sync your data across your devices.
• To send you account-related emails (receipts, password resets, security alerts).
• To debug errors and improve product quality.
• To process your subscription payment and manage your plan.

We do not use your data to train AI models, sell insights to third parties, or show you advertisements.

Your data is stored on servers located in the European Union. It is encrypted at rest using AES-256 and in transit using TLS 1.3.

We use industry-standard security practices including access controls, audit logging, and regular security reviews. We will notify you promptly if we become aware of a breach that affects your data.

Offline data is stored locally on your device using IndexedDB. This data is only accessible to the Pennify app on your device.

We retain your data for as long as your account is active. If you delete your account, we permanently delete all your personal data within 30 days, except where we are legally required to retain records (for example, records of payments for tax purposes, retained for 7 years as required by law).

You can request deletion of your account and data at any time by emailing hello@pennify.app.

We use a small number of third-party services to operate Pennify:

• LemonSqueezy: Payment processing for Pro and Family subscriptions.
• Hostinger: Database hosting. Your data is stored on their servers under strict data processing agreements.
• Vercel: Application hosting. The Pennify web app is deployed on Vercel's infrastructure.

We do not sell your data to any of these services or any other party.

Depending on your location, you may have the following rights under GDPR, CCPA, or similar laws:

• Access — request a copy of all data we hold about you.
• Correction — request that we correct inaccurate data.
• Deletion — request that we delete your data.
• Portability — request your data in a machine-readable format (available via CSV export in-app).
• Objection — object to how we process your data.

To exercise any of these rights, email hello@pennify.app. We will respond within 30 days.

Pennify uses only essential cookies required for authentication (keeping you logged in) and security (CSRF protection). We do not use advertising cookies, tracking cookies, or any cookies that profile your behaviour across websites.

Pennify is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has created an account, please contact us and we will delete the account immediately.

If we make material changes to this privacy policy, we will notify you by email and display a notice in the app at least 14 days before the changes take effect. The current version will always be available at pennify.app/privacy.