Privacy Policy
Last updated: March 26, 2026
We don't collect, sell, or even look at your sensitive financial information. Everything flows through audited third-party APIs (Intuit, Google, Telegram) — your data stays in your accounts, not ours.
Penni ("we", "us", or "our") operates penni.so and the Penni AI bookkeeping service. This policy explains what data we collect, how we use it, and your rights.
What We Collect
When you connect Penni to your accounts, we access and process:
- Gmail email content — we read emails to identify financial transactions (receipts, invoices, subscription charges). We do not store email content permanently; we extract transaction data and discard the raw email.
- Accounting platform data — we read your chart of accounts, vendors, invoices, bills, and bank balances to power bookkeeping, cash flow forecasting, and invoice tracking. Today we connect to QuickBooks Online; additional platforms are in development.
- Account identifiers — your email address, business name, and accounting platform company ID to associate your data and deliver your service.
- Usage data — basic logs of interactions with Penni for debugging and service improvement.
How We Use Your Data
Your data is used exclusively to provide the Penni service:
- Automated bookkeeping — categorizing and posting expenses to your accounting platform
- Invoice tracking and AR aging alerts
- Cash flow forecasting
- Tax deadline reminders
- Delivering summaries and alerts via Telegram
We do not use your financial data to train AI models, sell to third parties, or for any purpose beyond operating your account.
We Do Not Sell Your Data
We never sell, rent, or share your personal or financial information with third parties for their own commercial purposes. Period.
Data Storage & Security
- Email content is processed in memory and not stored permanently. Only extracted transaction fields (vendor, amount, date, category) are retained.
- Accounting platform and Gmail OAuth tokens are stored securely and used only to access your accounts on your behalf.
- All data is encrypted in transit (TLS) and at rest.
- We use Supabase for data storage with row-level security.
Third-Party Services
Penni integrates with the following services to operate:
- Google Gmail API — to read your email for transaction detection. Governed by Google's Privacy Policy.
- Intuit QuickBooks Online API — to read and write your accounting data. Governed by Intuit's Privacy Statement.
- Telegram — to deliver alerts and receive instructions. Governed by Telegram's Privacy Policy.
Disconnecting Your Accounts
You can revoke Penni's access at any time:
- QuickBooks Online: Settings → Apps → disconnect Penni.
- Gmail: https://myaccount.google.com/permissions → find Penni → Remove.
- Telegram: block the Penni bot or send
/stop. - Cancel subscription: manage from your billing portal or email connor@penni.so.
Once disconnected, Penni can no longer access or process your data.
Data Deletion
You can request full deletion of your data at any time. Email connor@penni.so with the subject "Delete my data" from the email associated with your account.
- Account data, OAuth tokens, vendor mappings, and customer memory deleted within 30 days.
- Some operational logs (billing, security audits) retained as required by law for up to 7 years.
- Once deleted, your data cannot be recovered.
Your accounting data remains in your accounting platform regardless — your books are always yours.
Children's Privacy
Penni is a business financial service and is not directed to individuals under 18. We do not knowingly collect data from minors.
Changes to This Policy
We may update this policy as the service evolves. We'll notify active users of material changes via Telegram or email. The "last updated" date at the top reflects the most recent revision.
Contact
Questions about this policy or how we handle your data? Email connor@penni.so directly. Connor reads every privacy email personally.