Penny: Friendly Finances

Penny Privacy And Security Policy

Hey there,
Thanks for taking the time to read our Privacy Policy. We care deeply about respecting your privacy, and strive to uphold the trust that you place in us when you use Penny. This Privacy Policy, among other things, describes how we protect your privacy and access your information when you use Penny. We know you probably don't want to read all of this legalese, so for easy digestion, we'll summarize our policy here in a non-legally binding way:
We collect a little personal information from you like your first name and email, but only with your explicit consent. Though we collect credentials to log in to your bank accounts, we never save your credentials anywhere in our system—we use them to connect to your bank account, then forget them. Besides your personal information, we also track and store your usage of the app for internal analytics purposes. Finally, we store the transaction and balance information retrieved from your bank account.
We only collect information when we think it would truly benefit your experience. We prefer to not know more about you unless we have to, since it makes our lives easier too! We protect the personal information you provide us by using industry-standard security practices such as encryption, firewalls, and access controls. We take security very seriously and have secured financial systems in past professional roles. However, we can't guarantee that such practices will be sufficient to protect your data, any more than a safemaker could guarantee that their safes were uncrackable.
We will never sell any information that could identify you for marketing purposes, and we only share limited amounts of information with third-party services on a need-to-know basis. For example, we may share your name with customer support systems to better assist you or with bug tracking services to more efficiently track and fix potential issues with your account. These services are bound by their own privacy policies to protect your information. Most notably, we work with the service Plaid to retrieve transactions from your account. Plaid may store your bank account credentials or use other means to retrieve transactions from your bank account. You can review their policy here.
Finally, if we make any changes to this privacy policy, we will email you or let you know through the app before the changes go into effect.
Hope that helps! If you need clarification, you can refer to the actual legalese below, or contact us at support@pennyapp.io—we love hearing from you! As always, thanks for using and supporting Penny. Cheers!
—Alex & Mitch

Please note: This is our Privacy and Security Policy. To see our Terms of Use, please see https://www.pennyapp.io/tos.html.

(Last updated: July 13, 2015)

We at Friendly Finances Inc. (“Friendly Finances,” “Penny,” “we,” “us,” or “our”) created this privacy and security policy (“Policy”) because we know that you care about how information you provide to us is used and shared. This Policy relates to the information collection and use practices of Penny in connection with our Services which are made available to you through our Platform.

The terms of this Privacy Policy are incorporated by reference in the Terms of Use that you accept when you register to use our Services (the “Terms of Use”). By accepting the Terms of Use, you accept the terms of this Policy. Capitalized terms not defined in this Policy shall have the meaning set forth in our Terms of Use. We reserve the right, at our discretion, to change this Policy at any time, with or without notice. If we make any material changes to this Policy we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on the Platform prior to the change becoming effective. Continuing to use the Services after such notification by Penny or posting of changes on the Platform will indicate your acceptance of the amended terms, regardless of if you opened or viewed any notice, email, or postings. If you do not agree with any of the amended terms, you must avoid any further use of the Services. We encourage you to periodically review this Policy for the latest information on our privacy practices.

What Information Do We Collect and/or Receive?

In the course of operating the Platform, Penny will collect (and/or receive) the following types of information. You authorize us to collect and/or receive such information.

Personal Information. When you register to use the Services, we will ask you to provide your email address. Based on the Services you choose, you may be asked to provide additional personal details to complete your registration. In addition, and in order for Penny to provide you with the transactions from your financial account, credit card and/or debit card statements, you will need to provide us with financial account information, including the credentials required by your financial institution, your financial institution’s name, and which financial accounts, credit and/or debit card names you wish to monitor in the Platform (collectively, the “Account Credentials”). You may also be asked to provide your contact information (such as name, address, phone number, and e-mail address), sensitive information (such as date of birth, driver’s license number and social security number), and personal information to verify your identity and financial information (such as credit card number) (collectively, the “Additional Personal Information”). All information we collect and/or receive under this section, together with Account Credentials and Additional Personal Information is collectively referred to herein as the “Personal Information.” We do not collect any Personal Information from Visitors when they visit the Platform, unless they provide such information voluntarily, such as by registering or contacting us through the Contact Us section of the Platform.

Billing Information. Depending on the products and services we provide and the products and services you use, you may be required to provide certain information in addition to the Personal Information noted above. Such information may include a debit card number, credit card number, expiration date, billing address, and other payment related information. Such information is collectively called the “Billing Information”.

Geolocational Information. Certain location-based features and functionalities of the Services in connection with the App are dependent on the data related to the geographic location of the mobile device on which the App is installed. In order to provide these features and functionalities while a User is using a mobile device, we may, with the User’s consent, automatically collect geolocational information from that User’s mobile device. Such information is collectively called the “Geolocational Information.” Collection of such Geolocational Information occurs only when the Services are running on a User’s mobile device. Users may decline to allow us to collect such Geolocational Information, in which case we will not be able to provide certain features or functionalities to that User.

Other Information. In addition to the Personal Information, the Billing Information, and the Geolocational Information, we may collect or receive additional information (collectively, the “Other Information”). Such Other Information may include:

From Your Activity. In an ongoing effort to improve the Services, we may automatically collect certain information when Visitors visit the Platform and when Users use the Services. For example, this information may include the frequency and scope of your use of the Services, transactions that you made, the Internet protocol (IP) address, or mobile device ID, and the name of the domain that serves you to access the Services, your browser type and the geographic location of the computer system or mobile device that you are using to log-in to the Services.

From cookies and other tracking technologies. We may use cookies with the Services. Cookies are packets of information sent by the Services’ servers to your web browser and then sent back by your browser each time you access the Services’ servers. The cookies may contain a variety of information, such as the content of search queries, the Services’ pages you have accessed, session durations and IP addresses or mobile device ID. The Services may use cookies for various purposes, such as to save you the need to re-enter your user name and password each time you log-in, to facilitate the use of the Services, to collect statistical information with respect to the use of the Services, to verify information, to customize the Services to your personal preferences and for information security purposes. Some of the cookies may expire when your browsing session ends and you exit your browser, however other cookies are saved on your computer's or mobile device’s hard drive. If you wish to block the cookies, then please use the help button in your browser, or use the “settings” function in your mobile device, and follow the necessary instructions. However, bear in mind that disabling cookies may complicate or even prevent your use of the Services’ or certain features and functions thereof. In addition, we may make use of web beacons on the Services for user security purposes and in order to improve product service and evaluation. A web beacon is an object that is inserted in an e-mail or web page and is usually invisible to the user. The beacon allows checking that a user has viewed the page or e-mail, allowing us to track user services and website traffic more effectively. In addition to the above, we may collect limited information from your mobile device in order to provide the App. Such information may include your mobile device type, mobile device id, and date and time stamps of App use. We may deploy tracking technologies within the App to help us gather aggregate statistics, but we do not use Personal Information for such purposes.

We do not collect Personal Information in this way, but if you’ve provided us with Personal Information we may associate that information with the information that is collected automatically and use such information to improve the Services. Automatic data collection may be performed on our behalf by our services providers who may provide us with reports about the data collected by such service providers.

What Information Do We Pass to Third Party Providers?

We may offer certain features or services within the Service that are provided by Third Party Providers. We will pass your Personal Information to such Third Party Providers who will use your Personal Information to provide you with such features or services. Such use will be for the benefit of your use of the Services and the Platform.

How Do We Use the Information?

Your privacy is our priority. We will use your Personal Information, Billing Information, Geolocational Information and Other Information (collectively, the “Information”) for the following purposes:

to provide you with the Services and enable you to use the Services;
to improve and customize your experience on the Platform;
to retrieve your User Accounts statements and information regarding your transactions in order to provide you with the Services.
to provide you with support, handle complaints and collect fees and to conduct administrative activities necessary to maintain and provide our Services;
to send you Services-related updates, notices and announcements;
to provide you with information related to the Services;
to conduct surveys and questionnaires;
to enforce Penny's Terms of Use;
to contact you regarding service and administration related issues as and when Penny believes it to be necessary;
to comply with any applicable law and assist law enforcement agencies under any applicable law, when Penny has good faith to believe that Penny's cooperation with the law enforcement agencies is legally mandated or meets the applicable legal standards;
to prevent fraud, misappropriation, infringements, identity theft and other illegal activities and misuse of the Services;
to take any action in any case of dispute, or legal proceeding of any kind between you and Penny, or between you and any other third parties or users with respect to, or in relation with the Services;
for any other purposes disclosed at the time the Information is collected or to which you consent; and
as otherwise specifically described in this Policy.

How Do We Use Non-Personal Aggregated Information?

We may aggregate your Information (including data regarding activity in your User Accounts) in a form that does not identify you personally (“Aggregated Non-Personal Information”). We may use such Aggregated Non-Personal Information to properly operate the Services, to improve the quality of the Services, to enhance your experience, to create new services and features, including customized services, to change or cancel existing content or service, for further internal, commercial and statistical purposes. To the extent permitted by law, we may also use, sell, license, distribute and disclose such Aggregated Non-Personal Information to third parties.

How Do We Share the Information With Others?

We do not sell, rent or lease your Information to third parties for any of their marketing purposes.

We will share your Information with third parties to the extent required to operate our Services and to facilitate your use of them. Except as expressly set forth herein, the use of your Personal Information by such third parties is subject to this Policy. These third parties are authorized to use your Personal Information only as necessary to provide their services to us. Specifically, we work with a company called Plaid (www.plaid.com) to gather data for you about your accounts at other financial institutions from those financial institutions and from Plaid. By using the Services, you grant Plaid and any other Third Party Provider the right, power, and authority to act on your behalf to access and transmit your personal and financial information from the relevant financial institution according to the terms of Plaid’s privacy policy, available at www.plaid.com/legal, or that of any other Third Party Provider.

We may disclose your Information to government authorities, and to other third parties when compelled to do so by government authorities, at our discretion, or otherwise as required by law, including but not limited to in response to court orders and subpoenas.

We also may disclose your Information to government authorities, and to other third parties when we have reason to believe that someone is or may be causing injury to or interference with our rights or property, other users of the Platform, or anyone else that could be harmed by such activities.

If we transfer our business relating to the Services, or any part thereof, to an affiliated company or a third party, including, but not limited to, by merger, sale of equity interests, sale of all or substantially all assets or other change of control transaction involving such business, then we will transfer your Information as part of the transferred assets to the acquirer of such business and you hereby give your prior consent thereto.

We, like many businesses, sometimes hire other companies to perform certain business-related functions. Examples include mailing information, maintaining databases, hosting services, and processing payments. When we employ another company to perform a function of this nature, we provide them with the information that they need to perform their specific function, which may include Personal Information. Such companies are authorized to use your information only for the purpose of performing their specific function on behalf of Penny and under obligations similar to those in this Policy.
If you are paying for a good or service through Penny, we will share your credit card and other payment related information with a Third Party Payment Processor as necessary to process your payment. The Third Party Payment Processor stores your credit card information; we do not store this information. Storage by the Third Party Payment Processor of your credit card and other payment relating information is subject to the privacy policies and practices of the Third Party Payment Processor and is not subject to the terms of this Policy. By providing your credit card and other payment related information, you acknowledge and agree to use of such information by the Third Party Payment Processor for purposes of processing your payment to us.
User Generated Content is viewable by other Users of the Platform. We are not responsible for any User’s use of such information and their use of the information is not subject to this Policy. Please take care with the information, particularly any Personal Information, which you include in your User Generated Content.

Accessing Your Personal Information

You may update the information that is stored in your user account by accessing your account through the Platform. If you find that the information in your account is not accurate, complete or updated, then you should make all necessary changes to correct it. Please keep in mind that false, incorrect, or outdated information may prevent you from registering with the Services and impair our ability to provide you with the Service through the Platform. If you are unable to update your information via your user account, you may submit an access request to us by sending an email to support@pennyapp.io. Your email should include adequate details of your request. You should be aware, however, that it is not always possible to update the information stored in your user account. If we are unable to provide you the necessary access to update your information we will let you know.

Data Retention

When your account is terminated, we will use commercially reasonable efforts to delete your Personal Information and discontinue any connection with your financial institution regarding your account. Naturally, once disconnected, you will no longer have access to your account or the Service. However, due to periodical backups and safety mechanisms meant for your information protection and for our administrative purposes, certain Personal Information from your account may remain in our systems for an indefinite time. We will not knowingly keep this in a way that could identify you. If you have a query about any such Personal Information that we may be storing, please email us at support@pennyapp.io. Your email should include adequate details of your query.

Links to Other Sites

The Platform and the Services may contain links to Third Party Sites. We do not endorse such Third Party Sites and we are not responsible for the privacy practices of such Third Party Sites. Please refer to the privacy policies of such Third Party Sites for more information on how the operators of those sites collect and use your Personal Information.

Social Media Features and Widgets

Our Website includes or may include social media features and widgets, including but not limited to the Facebook Like button. These features may collect information, including but not limited to, your IP address, the page you are visiting on our Website, and may set a cookie to enable the feature to function properly. All such social media features and widgets are either hosted by a third party or hosted directly on our Platform. Your interactions with these social media features and widgets are governed by the privacy policy of the company providing it.

Information Security

We use commercially reasonable efforts to safeguard your Information from any unlawful interceptions or access, or other kinds of abuse and misuse. We implement a variety of systems, applications and procedures to do this. Among such security methods is the storing of your Information on cloud services, firewalls, encryption codes, authentication procedures and multi layer passwords. Furthermore, we implement employee supervision and prevent unnecessary access to data. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the Information that you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail sent to or from the Platform may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail. Please also be aware that certain Personal Information and other information provided by you in connection with your use of the App may be stored on your mobile device (even if we do not collect that information). You are solely responsible for maintaining the security of your mobile device from unauthorized access.

Children’s Privacy

We do not knowingly collect Personal Information from children under the age of 18 through the Platform. If you are under 18, please do not give us any Personal Information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Policy by instructing their children never to provide Personal Information through the Platform without their permission. If you have reason to believe that a child under the age of 18 has provided Personal Information to us, please contact us, and we will endeavor to delete that information from our databases.

Contacting Us

You may send us requests, responses, questions and complaints with respect to our Policy and privacy practices by using the form in the App or by emailing us at support@pennyapp.io.