Pennyweightpennyweight

Privacy Policy

Last updated: April 30, 2026

Who we are

Pennyweight is a personal finance application operated by Pennyweight LLC, a Delaware limited liability company ("Pennyweight," "we," "us"). This policy explains what we collect, how we use it, and the choices you have. It applies to pennyweight.ai and the Pennyweight application.

Information we collect

We collect the information needed to operate the service:

  • Account information. Your email address and authentication credentials when you create an account.
  • Financial data via Plaid. When you link a financial institution, we receive transaction history, account balances, account names, masked account numbers, and institution names from Plaid Inc. on your behalf. We never see, receive, or store your bank login credentials.
  • Usage and device information. Standard server logs (IP address, user agent, timestamps) needed to operate and secure the service.
  • Communications. Messages you send to us through email or in-app support, and our responses.
  • Billing information. When paid plans are introduced, our payment processor (Stripe) will collect payment method details on our behalf. We do not store full card numbers ourselves.
  • Cookies and similar technologies. Strictly necessary cookies used by our authentication provider to maintain your session, and minimal first-party logs used to diagnose errors. We do not use advertising trackers or cross-site tracking pixels.

How we use Plaid data

We use Plaid solely to read transaction and balance data on your behalf, in order to provide the categorization, search, and natural-language insights that make up the Pennyweight product. Specifically:

  • We do not sell your Plaid-derived data, or any other personal data, to anyone.
  • We do not share your Plaid-derived data with advertisers, data brokers, or marketing partners.
  • We do not use your data to train machine-learning models that span across users. AI features operate only on your own data, in your own session.
  • We retain Plaid-derived data only as long as your account is active, plus a short window to honor deletion requests and meet legal obligations.
  • You can disconnect a linked institution at any time, which stops further data retrieval through Plaid. You can request account deletion at any time through the app or by emailing privacy@pennyweight.ai; previously collected data is then handled according to the retention rules below.

Plaid is itself a service provider. Plaid's use of information received from your financial institutions is governed by the Plaid End User Privacy Policy.

How we use other information

We use account information to authenticate you, provide and improve the service, send important transactional emails (security alerts, billing notices), and respond to your support requests. We use server logs to diagnose problems, prevent abuse, and meet our security obligations.

Data retention

We retain Plaid-derived data while your account is active and for a short window after account deletion needed to honor the deletion in backups and meet legal obligations. Account information is retained for the life of the account. Server logs are retained for up to 90 days for security and troubleshooting. Support communications and billing records are retained as required by law.

International transfers

Pennyweight is operated from the United States and our service providers are primarily located in the United States. If you access the service from outside the United States, your information will be transferred to and processed in the United States. Where required, we put in place appropriate safeguards for cross-border transfers.

Service providers

We rely on a small number of vetted infrastructure providers to run Pennyweight: Plaid (bank connectivity), Amazon Web Services (hosting and storage), Clerk (authentication), and Stripe (billing, when introduced). We share only the information these providers need to deliver their service, under contracts that require confidentiality and prohibit secondary use.

Security

All traffic uses TLS 1.2 or higher. Data at rest is stored in AWS with KMS-managed encryption. Sensitive fields are additionally encrypted at the application layer. We follow the principle of least privilege internally, log administrative actions, and maintain a documented incident-response process. Report security issues to security@pennyweight.ai.

Your rights

Subject to applicable law, you have the right to access, export, correct, or delete your personal information, and where processing is based on consent, to withdraw that consent. Send requests to privacy@pennyweight.ai. If you are a California resident, you have additional rights under the CCPA/CPRA, including the rights to know, delete, correct, and to opt out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising). If you are in the EEA or UK, you have the rights described under GDPR/UK GDPR. We respond to verified requests within the timeframes required by applicable law.

Security incidents

If we become aware of a security incident affecting your personal information, we will notify affected users and relevant regulators as required by applicable law and within the timeframes those laws require.

Children

Pennyweight is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided information to us, contact privacy@pennyweight.ai and we will delete it.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated through the app or by email at least 30 days before they take effect.

Contact

Pennyweight LLC
8 The Green, Ste B
Dover, DE 19901
privacy@pennyweight.ai