1. Information We Collect

PenniesTrack collects only the information necessary to provide the service:

Account data: name, email address, hashed password (or OAuth provider ID)
Financial data: accounts, transactions, budgets, and goals you create — stored encrypted at rest
Payment data: handled entirely by Dodo Payments; we never store card numbers
Usage data: basic server logs (IP address, timestamps) for security and debugging

2. How We Use Your Information

To provide and maintain the PenniesTrack service
To send transactional emails (email verification, password reset)
To process subscription payments and verify Pro access
To respond to support requests you initiate
We do not sell your data to third parties
We do not use your financial data for advertising

3. Cookies

We use a single session cookie to keep you logged in. We do not use tracking cookies or third-party analytics cookies. No cookie banners needed.

4. Third-Party Services

Supabase (PostgreSQL): hosts your data in a secure, encrypted database
Dodo Payments: processes subscription payments securely
Resend: sends transactional emails only
Google OAuth (optional): if you sign in with Google, we receive your name, email, and profile picture

5. Data Retention

Your data is retained for as long as your account exists. You can delete your account at any time from Settings, which permanently removes all associated data within 30 days.

6. Security

All data is encrypted in transit (TLS) and at rest. Passwords are hashed with bcrypt and never stored in plaintext. We follow industry-standard security practices.

7. Your Rights

You have the right to access, export, correct, or delete your data. To exercise these rights, contact us at support@penniestrack.com.

8. Contact

Questions about this policy? Reach us at support@penniestrack.com or use our contact page.

Privacy Policy