Privacy Policy

We respect your privacy and are committed to protecting your personal data.

Last updated: March 2026

1. Information we collect

When you create a Penny Point account, we collect:

  • Account information: your name, email address, and password (stored as a bcrypt hash — we never store your plain-text password).
  • Financial data you enter: transactions, accounts, budgets, recurring items, categories, and any other data you add to the app. This data belongs to you.
  • Usage data: basic logs of actions taken within the app to help us diagnose issues and improve the product. This data is not sold or shared with third parties for advertising.
  • Payment information: processed by Paddle (see Section 4). We do not store your card number or payment details.

2. How we use your information

We use the information we collect to:

  • Provide, maintain, and improve the Penny Point service.
  • Send you account-related emails (e.g., password resets, subscription receipts).
  • Respond to your support requests.
  • Comply with legal obligations.

We do not sell your personal data. We do not use your financial data to serve you advertisements.

3. Cookies

Penny Point uses cookies for authentication (to keep you logged in) and for session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. You can disable cookies in your browser settings, but doing so will prevent you from remaining logged in.

4. Third-party services

We use the following third-party services:

  • Paddle: our payment processor. When you subscribe, Paddle collects and processes your payment information directly. Paddle is PCI-DSS Level 1 certified. See Paddle’s Privacy Policy for details.
  • Hosting infrastructure: we use cloud infrastructure providers to host and run the Penny Point service. These providers may process data on our behalf under data processing agreements.

5. Data retention

We retain your account and financial data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain it longer (e.g., billing records).

You can export all your transaction data as a CSV at any time before deleting your account.

6. Your rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (“right to be forgotten”).
  • Export your data in a portable format.
  • Object to or restrict certain processing activities.

To exercise any of these rights, please contact us using the form on our About page.

7. Security

We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. Passwords are hashed using bcrypt. Data in transit is encrypted via HTTPS. However, no system is 100% secure, and we cannot guarantee absolute security.

8. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a prominent notice in the app. The “Last updated” date at the top of this page reflects the most recent revision.

9. Contact

If you have any questions or concerns about this Privacy Policy, please reach out via our contact form.