Last updated: March 2026
PennyPath is built with privacy at its core. We believe you should be able to manage your money without handing over personal information. We store the absolute minimum data needed to make the app work, and we never sell, share, or monetise your data.
When you create an account, we store:
Your email address is held by Firebase Authentication (operated by Google) and is never stored in our database.
We use Firebase Authentication for account management. When you sign in, Firebase verifies your identity and issues a token. We create a secure, HTTP-only session cookie that expires after 14 days. We do not access or store your password.
Your data is stored in a secure database hosted on Google Cloud Platform. All connections are encrypted in transit using TLS. The application runs on Google Cloud Run with access restricted by authentication at every API endpoint.
We use a single HTTP-only session cookie for authentication. Your theme preference is stored in your browser's local storage. We also use a cookie set by our analytics provider (PostHog) to understand how people use PennyPath so we can improve it. This cookie does not contain any personal information.
We use PostHog to collect anonymous usage data such as which pages are visited and which features are used. This helps us understand how to improve PennyPath. Analytics data is processed in the EU. For logged-in users, we associate usage data with your account to provide a better experience. We do not use analytics data for advertising or share it with third parties.
You can export all your financial data at any time from the Settings page in CSV or PDF format. You can delete your account and all associated data from the Settings page. Deletion is permanent and cannot be undone.
If we make changes to this privacy policy, we will update the date at the top of this page. We encourage you to review this page periodically.
We use cookies for anonymous analytics to improve PennyPath. No personal data is collected. Privacy Policy