Last updated: March 2026
PennyPath is built with privacy at its core. We believe you should be able to manage your money without handing over personal information. We store the absolute minimum data needed to make the app work, and we never sell, share, or monetise your data.
When you create an account, we store:
Your email address is held by Firebase Authentication (operated by Google) and is never stored in our database.
We use Firebase Authentication for account management. When you sign in, Firebase verifies your identity and issues a token. We create a secure, HTTP-only session cookie that expires after 14 days. We do not access or store your password.
PennyPath does not connect to your bank accounts. All financial data is entered manually by you. We never have access to your bank credentials or transaction history from your bank.
Your data is stored in a secure database hosted on Google Cloud Platform. All connections are encrypted in transit using TLS. The application runs on Google Cloud Run with access restricted by authentication at every API endpoint.
We use a single HTTP-only session cookie for authentication. We do not use tracking cookies, analytics cookies, or any third-party cookies. Your theme preference is stored in your browser's local storage.
We do not use any analytics, advertising, or tracking services.
You can export all your financial data at any time from the Settings page in CSV or PDF format. You can delete your account and all associated data from the Settings page. Deletion is permanent and cannot be undone.
If we make changes to this privacy policy, we will update the date at the top of this page. We encourage you to review this page periodically.