Privacy Policy — PennyBot
Effective Date: April 21, 2026 Version: 1.1
1. Introduction
PennyBot ("we," "us," or "our") operates PennyBot (the "Service") at https://pennybot.io. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service, including the website, web application, and mobile app.
By using the Service, you agree to the collection and use of information in accordance with this Policy.
2. Information We Collect
2.1 Information You Provide Directly
- Account information: Name, email address, and password at registration. Passwords are hashed using bcrypt and are never stored in plaintext.
- Profile information: Time zone, business type (personal or business), accounting method, and fiscal year preferences.
- Contact information: Phone number, if optionally provided.
- Financial account connections: When you connect a bank account or accounting platform, we receive and store an access token from that provider — we never receive or store your bank username or password.
- Chat and voice input: Text messages and voice recordings you submit to the AI chat and voice features.
- Receipts: Images you capture or upload for expense tracking.
- Trip data: Start/stop location, route, and distance when you record a mileage trip.
- Support communications: Messages you send us.
2.2 Information Collected Automatically
- Usage data: Pages and features accessed, actions taken, and time spent in the Service.
- Device and connection data: Browser type, operating system, IP address, device type, and general location derived from IP.
- Error and diagnostic data: Application errors, crash reports, and performance data collected via Sentry (see Section 4).
- Session data: Session identifiers stored in server-side memory to keep you logged in.
2.3 Financial Data from Connected Accounts
When you connect a financial account or accounting platform, we receive:
- Bank accounts (via Teller): Account names, account types, balances, and transaction history including dates, amounts, merchant names, and categories.
- Accounting software (via QuickBooks, Xero, FreshBooks, Zoho Books, or Wave): Chart of accounts, transactions, invoices, vendors, and customers.
- Stripe: Products, prices, and invoice data for invoicing features.
We use this financial data only to provide the Service. We do not sell it or use it for advertising. We do not store your bank login credentials.
2.4 Location Data (Mobile App)
If you use the mileage tracking feature, we access your device's GPS to record trip routes while a trip is actively in progress. We do not access location in the background. Location access stops when you end the trip. You can deny location permission and still use all other features of the app.
2.5 Camera and Microphone (Mobile App)
- Camera: Used only when you choose to capture a receipt photo.
- Microphone: Used only when you activate the voice chat feature.
Neither the camera nor microphone is accessed passively or in the background.
3. How We Use Your Information
We use your information to:
- Create and maintain your account and authenticate your identity.
- Connect to and sync data from your linked financial accounts and accounting platforms.
- Automatically categorize transactions and provide AI-powered bookkeeping suggestions.
- Provide conversational AI financial guidance through text chat and voice.
- Generate invoices, financial reports, budget summaries, and mileage logs.
- Send transactional emails: account verification, security alerts, budget notifications, and system announcements.
- Respond to support requests.
- Detect and prevent fraud, abuse, and security incidents.
- Monitor and fix application errors.
- Analyze aggregate usage patterns (without identifying individuals) to improve the Service.
- Comply with legal obligations.
We do not use your financial data to train AI models. We do not sell your personal information to third parties.
4. How We Share Your Information
We share your information only as described below.
4.1 AI Processing Providers
To provide AI features, we transmit relevant data to:
- Anthropic, PBC — Transaction descriptions, amounts, and categories are sent to Anthropic's API to power automatic transaction categorization. Anthropic processes this data under their API terms and does not use API data to train public models.
- OpenAI, LLC — Your chat messages and voice audio are sent to OpenAI to power conversational financial guidance and voice responses. OpenAI processes this data under their API terms. Voice audio is transcribed and not retained beyond the session per OpenAI's data deletion policy.
We do not send your bank login credentials, full account numbers, Social Security numbers, or passwords to any AI provider.
4.2 Bank and Accounting Integration Providers
- Teller, Inc. — Provides secure read-only access to your bank accounts via their API. Teller does not store your bank login credentials either; authentication uses a one-time OAuth grant.
- Intuit (QuickBooks Online), Xero, FreshBooks, Zoho Books, Wave — We read and write accounting data on your behalf when you connect these accounts.
- Stripe, Inc. — For invoice and payment features.
- Google LLC — Address autocomplete (Google Places API) and mileage distance calculation (Google Maps Distance Matrix API) are used when you enter addresses or log trips. No user identity is sent to Google for these calls.
4.3 Infrastructure and Operations Providers
- Render — Cloud hosting provider where the Service runs.
- Resend — Email delivery service. We send them your email address and email content to deliver account notifications.
- Whop, Inc. — Our Merchant of Record for subscription payments. Handles payment card data directly; we do not receive your card number.
- Sentry — Application error monitoring. Sentry may receive user identifiers (your internal user ID, not email) and stack traces from application errors. We configure Sentry to strip request bodies, auth headers, cookies, and breadcrumb data from error reports. 4xx (client) errors are filtered and not sent.
- Go High Level — CRM platform used for customer communications and business operations. When you create an account, your name and email are synced to Go High Level for operational purposes.
4.4 Analytics
- Umami — We use a self-hosted instance of Umami Analytics to track aggregate usage of the Service. Umami does not use cookies for tracking, does not collect personal information, and does not share data with third parties. We collect page views and feature interactions on an anonymized basis.
4.5 Legal Requirements
We may disclose your information when required by law, subpoena, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
4.6 Business Transfers
In the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will notify you via email or in-app notice before your information becomes subject to a different privacy policy.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until you delete your account |
| Transaction and financial data | Until you delete your account |
| Receipt images | Up to 7 years (IRS record-keeping standard); deletable anytime |
| AI conversation history | Until you delete your account |
| Mileage and trip logs | Until you delete your account |
| Error logs (Sentry) | 90 days (Sentry default retention) |
| Email logs | 1 year |
| Admin audit trail | 1 year |
Upon account deletion, we delete or anonymize your personal information within 30 days, except where retention is required by law (e.g., tax records, fraud prevention).
6. Data Security
We implement the following security measures:
- Encryption in transit: All data is transmitted over TLS 1.2 or higher.
- Encryption at rest: Database data is encrypted at rest by our cloud hosting provider.
- Password security: Passwords are hashed with bcrypt. Plaintext passwords are never stored or logged.
- Row-Level Security (RLS): Our PostgreSQL database enforces Row-Level Security on all 91 user data tables, ensuring your data is isolated from other users at the database level — not just at the application level.
- Authentication: Optional two-factor authentication (TOTP) with backup codes.
- Access controls: Employee access to production data is restricted and logged.
- Session management: Sessions are stored server-side and expire on logout.
- OAuth tokens: Provider access tokens are stored encrypted and refreshed automatically.
No method of security is 100% foolproof. In the event of a breach affecting your data, we will notify you as required by applicable law.
7. Cookies and Tracking
We use a minimal number of cookies:
- Session cookie: A single server-side session cookie is used to keep you logged in. This cookie contains only a session identifier — no personal information.
- Preference cookies: Used to remember UI preferences (e.g., dark mode).
We do not use third-party advertising cookies or cross-site tracking pixels. Our analytics (Umami) are cookie-free.
8. California Privacy Rights (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request the categories and specific pieces of personal information we have collected about you.
- Right to Delete: Request deletion of your personal information, subject to certain exceptions.
- Right to Opt-Out of Sale: We do not sell personal information. There is nothing to opt out of.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
To exercise your rights, contact us at [email protected] or delete your account directly in Settings.
9. Your Rights and Choices
You may:
- Access and update your profile information through your account settings.
- Delete your account directly in the app or web app under Settings > Danger Zone > Delete Account. This immediately initiates deletion of your data. Account deletion completes within 30 days.
- Disconnect integrations at any time from your account settings, revoking our access to those accounts.
- Request a data export by contacting us at [email protected].
- Opt out of marketing emails via the unsubscribe link in any marketing email.
- Deny or revoke location permission on your mobile device at any time. This disables mileage tracking but does not affect other features.
10. Geographic Scope — United States Only
PennyBot is intended for use by residents of the United States only. The Service is not directed to users outside the United States and is not designed to comply with the laws of other jurisdictions (including GDPR, UK GDPR, PIPEDA, or similar frameworks). If you are located outside the United States, you may not use the Service. All data is stored and processed in the United States.
11. Children's Privacy
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact us at [email protected] and we will promptly delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notification at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.
The current version and effective date are displayed at the top of this document. Previous versions are available upon request.
13. Contact Us
For privacy-related questions, data requests, or to exercise your rights:
PennyBot Email: [email protected] Website: https://pennybot.io