Legal
Privacy Policy
Last updated: March 2026 — view changelog
The short version: Pennyway is a self-hosted desktop application.
Your financial data never leaves your device. The only personal data we collect
is your email address, used exclusively to verify your identity when you register.
We send one type of email: a one-time verification code (OTP). Optionally, you may
connect your WhatsApp number to receive spending notifications — this is entirely
opt-in and you can remove it at any time.
1. Who we are
Pennyway is a personal finance application developed and maintained as an independent
project. The application is distributed free of charge and the releases are published
on GitHub. Questions about this policy can be directed via the
GitHub issues page.
2. Data stored on your device
Pennyway stores the following data locally on your computer only. None of this is transmitted to any server:
- Bank account credentials (encrypted with AES-256, key derived from your password)
- Downloaded transaction history (stored in a local SQLite database)
- Your AI API key, if configured — either a Pennyway managed API key provisioned through OpenRouter, or your own Google Gemini API key (both encrypted at rest)
- Gmail OAuth tokens, if connected (encrypted at rest)
- Application settings and preferences
You have full control over this data. A Factory Reset option in Settings permanently deletes all of it from your machine.
3. Data collected by Pennyway servers
Our license server (hosted on AWS) stores the following minimal data when you register:
- Email address — used only to verify your identity and link your registration
- First and last name — provided during registration
- A cryptographic hash of your installation fingerprint — used to identify the device the app is installed on. This is a one-way hash; the original value cannot be recovered
- Device name — your computer's hostname, used to label your registered devices in the app
- Registration and last-seen timestamps — used to display device activity in the app
We do not collect payment information, IP addresses, usage analytics, or any behavioral data.
The data listed above may be used internally to monitor service health and user engagement.
4. How we use your email address
Your email address may be used for the following purposes:
-
Account verification (OTP): When you register,
we send a one-time password to confirm you own the email address.
This is a transactional message, not a marketing one.
-
Service communications: We may occasionally send
service-related emails, such as a follow-up after registration or an inactivity check-in
if the app hasn't been used for an extended period. These are not marketing emails —
they are sent to offer support or gather feedback to improve the app.
We do not send newsletters, product announcements, or promotional emails.
You can opt out of service communications at any time by clicking the unsubscribe link
included in any such email, or through the Settings screen in the app. Verification (OTP)
emails cannot be opted out of as they are required for account security.
5. Third-party services
-
AWS (Amazon Web Services): Our license server and OTP email delivery run on AWS infrastructure (DynamoDB, Lambda, SES) hosted in IL (Israel).
AWS Privacy Policy
-
AI services (OpenRouter / Google Gemini API): AI features within the app are powered by one of two options you choose in Settings: a Pennyway managed API key (routed via OpenRouter) or your own Google Gemini API key. Either way, AI is used to automatically classify invoices, parse subscription data from your Gmail, categorize transactions, and provide spending insights. These features run entirely on your device — data is sent directly from the app to the AI provider, never via Pennyway servers. Your bank credentials and passwords are never sent to the AI. Your transaction data may be sent to the AI provider when you use features such as transaction categorization or spending insights. If you connect Gmail, email content (such as order confirmations and invoices) may also be sent to the AI to extract invoice data and correlate it with your bank transactions. We may introduce additional AI-powered features in the future, all subject to the same principle. Governed by OpenRouter Privacy Policy and/or Google AI Terms depending on which option you use.
-
Your bank's website: Pennyway scrapes your bank accounts using credentials you provide. This interaction is between the app on your machine and your bank — Pennyway servers are never involved.
6. WhatsApp notifications (optional)
Pennyway offers an optional WhatsApp notification feature powered by the
Meta WhatsApp Business API.
This feature is entirely opt-in — you must explicitly enable it in Settings and verify
your phone number before any messages are sent.
-
Phone number: If you enable WhatsApp notifications,
your phone number is stored securely on Pennyway's cloud infrastructure (AWS, same as the
license system). It is used solely to deliver notifications you have subscribed to.
You can remove your number and disable all notifications at any time from within the app.
-
Notification types: You may subscribe to sync-complete
alerts, large transaction alerts, daily summaries, weekly summaries, and weekly AI insights.
Each type can be enabled or disabled independently.
-
Transaction data and AI insights: The weekly AI
insights notification sends a summary of your transactions (dates, descriptions, amounts, and
categories) to our AI provider (OpenRouter / Google Gemini) to generate personalised financial
insights. This data is transmitted directly from your computer to the AI provider when the
notification is triggered, and is governed by the same AI privacy terms listed in Section 5.
Transaction data is never stored or routed through Pennyway servers.
-
Message delivery via Meta: All WhatsApp messages are
sent through the Meta WhatsApp Business API. Message content (your notification text) is
processed by Meta's infrastructure in accordance with
WhatsApp's Privacy Policy.
If you do not enable WhatsApp notifications, no phone number is collected and no data is sent
to Meta or the AI provider for notification purposes.
7. Data retention
Your registration record (email, name, device fingerprint hash) is retained on our
license server as long as your account is active. Temporary OTP verification codes
are automatically deleted within 10 minutes of creation.
If you enable WhatsApp notifications, your phone number is retained until you remove it
in Settings or request account deletion.
To request deletion of your registration data, please open an issue on our GitHub page.
8. Security
All sensitive data in the application is encrypted using AES-256. Your encryption key
is derived from your password and never transmitted anywhere. The license server uses
HTTPS for all communication. OTP codes are stored as SHA-256 hashes, never in plaintext.
9. Children's privacy
Pennyway is not directed at children under 16. We do not knowingly collect data from anyone under 16 years of age.
10. Changes to this policy
If we make material changes to this policy, we will update the "Last updated" date above and record the change in the public changelog.