Privacy Policy

Last updated: April 4, 2026

1. Introduction

Penno ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Penno mobile application and related services.

By using Penno, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Account Information

  • Email address — Required for account creation and authentication
  • Display name — Optional, used for personalization within the app
  • Password — Encrypted and stored securely

2.2 Financial Data

  • Transaction records — Amounts, dates, categories, descriptions, and notes
  • Category information — Custom categories and subcategories
  • Recurring rules — Templates for automatic transaction generation
  • Settlement records — Payment records between connected users

Important: We do not collect or store any bank account numbers, credit card details, or other payment instrument information. All financial data in Penno is manually entered by you.

2.3 Social & Connection Data

  • Connection relationships — Links between you and other users
  • Shared category configuration — Categories shared and split percentages

2.4 Service Data

  • Push notification tokens — For sending notifications about shared expenses
  • Notification history — Records of notifications sent

3. How We Use Your Information

  • To provide and maintain our expense tracking and sharing services
  • To calculate and display balances between connected users
  • To generate recurring transactions based on your rules
  • To send push notifications about shared expenses, connections, and settlements
  • To manage your account and authenticate your identity
  • To comply with legal obligations and protect our legal rights

4. Data Retention

4.1 Account Data

  • Your account information is retained until you delete your account
  • You can request account deletion by writing to michele.lucchese@outlook.it
  • Upon deletion, all your data is permanently removed

4.2 Transaction and Financial Data

  • Transaction records are retained as long as your account is active
  • You can delete individual transactions at any time from the app

5. Data Storage and Security

  • Database: Data stored in secure cloud databases with Row Level Security (RLS)
  • Encryption: All data encrypted in transit (TLS) and at rest
  • Authentication: Secure token-based authentication

6. Your Rights (GDPR & CCPA)

Under the GDPR and CCPA, you have the following rights:

  • Right to Access — Request access to your personal data
  • Right to Deletion — Delete your personal data at any time
  • Right to Data Portability — Receive your data in a structured format
  • Right to Rectification — Update your personal information through the app
  • Right to Object — Opt out of non-essential data processing
  • Right to Withdraw Consent — Withdraw consent at any time

7. Data Sharing and Third Parties

We do not sell your personal information to third parties. We share data only:

  • With your connected users: For shared categories
  • Service Providers: Database, authentication, and push notification services
  • Legal Requirements: If required by law

8. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal information from children.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

Contact Us

For questions or to exercise your rights: michele.lucchese@outlook.it