← Back to Home
Privacy Policy
Effective Date: February 10, 2025
PennyHelm ("we," "us," or "our") is a personal finance management application. We take your privacy seriously and are committed to protecting the personal and financial information you entrust to us. This Privacy Policy explains what data we collect, how we use it, how we store and protect it, and your rights regarding your information.
1. Information We Collect
1.1 Account Information
- Email address — used for authentication and account recovery
- Display name — a name you choose to personalize the app
- Authentication credentials — managed securely by Firebase Authentication (we never store your password in plaintext)
1.2 Financial Data You Enter
All financial data is entered voluntarily by you. This may include:
- Bills, recurring payments, and payment history
- Bank account names, types, and balances
- Debts (credit cards, loans, mortgages) with balances and interest rates
- Income information and pay schedules
- Credit scores
- Tax deduction records and document metadata
- Savings goals
- Vehicle mileage and trip logs
- Custom bill categories
1.3 Bank Data via Plaid
If you choose to connect a bank account, we use Plaid Inc. to securely retrieve:
- Account names and types (checking, savings, credit, etc.)
- Account balances (current and available)
- Last four digits of account numbers (mask)
- Institution name
We do not access or store your bank login credentials. Plaid handles authentication directly with your financial institution. We do not currently import or store transaction history.
Plaid's access tokens (used to refresh your balances) are stored securely on our servers and are never exposed to your browser or device. For more information, see Plaid's End User Privacy Policy.
1.4 Notification Preferences (Mobile App)
If you enable bill reminders on the mobile app, we store your preferences:
- Whether notifications are enabled
- Reminder timing (how many days before a due date)
- Preferred notification time
- Whether to include auto-pay bills
Notifications are scheduled locally on your device. We do not use push notification servers or send notifications from our servers.
1.5 App Telemetry (Mobile App Only)
The mobile app collects limited usage telemetry to help us identify bugs and improve the experience:
- Screen navigation events
- App lifecycle events (open, background, foreground)
- Error reports (error type, message, and a brief stack trace)
- App version, platform (Android/iOS), and OS version
Telemetry data is associated with your user ID for debugging purposes, is accessible only to administrators, and is automatically deleted after 30 days. No financial data is included in telemetry events.
1.6 Information We Do NOT Collect
- We do not use cookies for tracking or advertising
- We do not use third-party analytics services (no Google Analytics, Mixpanel, etc.)
- We do not display advertisements
- We do not collect location data
- We do not access your contacts, camera, or photos
- We do not sell or share your data with advertisers or data brokers
2. How We Use Your Information
We use your information solely to provide and improve the PennyHelm service:
- Authentication — to verify your identity and secure your account
- Financial tracking — to display your bills, accounts, debts, and budgets within the app
- Bank balance refresh — to fetch updated account balances from connected banks (once daily via Plaid)
- Bill reminders — to schedule local notifications on your device
- Shared access — to allow people you explicitly invite (partner, financial planner, CPA) to view or edit your data
- Bug diagnosis — to identify and fix app issues using telemetry data
- Email communication — to send invite notifications and account setup emails
3. Data Sharing
3.1 People You Invite
You can invite others (a partner, financial planner, or CPA) to access your financial data. When you send an invite:
- The invitee receives an email with a link to access your data
- You choose whether they get view-only or edit access
- You can revoke access at any time from Settings
We never share your data with anyone you have not explicitly invited.
3.2 Third-Party Services
| Service |
Purpose |
Data Shared |
| Firebase (Google Cloud) |
Authentication, data storage, cloud functions |
Email, display name, encrypted financial data |
| Plaid |
Bank account linking and balance retrieval |
Bank credentials (handled by Plaid, not PennyHelm) |
| SMTP Email Provider |
Sending invite and account setup emails |
Recipient email address, email content |
We do not sell, rent, or trade your personal information to any third party.
4. Data Storage and Security
4.1 Where Your Data Is Stored
- Cloud: Your financial data is stored in Google Cloud Firestore, secured by Firebase Authentication and Firestore Security Rules
- Device: The mobile app may cache data locally for offline access using device storage
- Plaid tokens: Bank access tokens are stored server-side only and are never sent to your browser or device
4.2 Security Measures
- All data transmitted between your device and our servers is encrypted in transit (HTTPS/TLS)
- Firebase Authentication manages credentials with industry-standard security
- Firestore Security Rules enforce that only you (and people you invite) can access your data
- Admin access is restricted via Firebase custom claims
- Plaid access tokens are stored in a separate, protected collection inaccessible to client applications
5. Data Retention
- Financial data: Retained as long as your account is active. You can delete your data at any time from the Settings page
- Telemetry data: Automatically deleted after 30 days
- Plaid connections: Active until you disconnect your bank or delete your account
- Invite records: Retained while active; revoked invites are marked as revoked
6. Your Rights and Controls
You have full control over your data:
- Export: Download all your financial data as a JSON file from Settings at any time
- Delete: Clear all financial data or reset your account entirely from Settings
- Revoke sharing: Remove any shared access at any time
- Disconnect banks: Remove connected bank accounts
- Disable notifications: Turn off bill reminders at any time
- Account deletion: Contact us to request full account deletion, including all associated data
7. Children's Privacy
PennyHelm is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete it promptly.
8. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the effective date at the top of this page. We encourage you to review this policy periodically.
9. Contact Us
If you have questions about this Privacy Policy or your data, please contact us: