Privacy Policy

Effective 2026-06-12 · beta

Penny is a personal memory app: you capture thoughts, photos, voice notes, lists, and links, and Penny organizes and resurfaces them for you. Your memories are yours. This policy explains what Penny stores, how it is used, and the controls you have.

1. What Penny stores

• Your memories — the text, photos, voice recordings and their transcriptions, lists, links, and people tags you capture, together with the categories, reminders, and metadata Penny derives to organize them.
• Your account — email address (or an anonymous local-first account until you choose to sign up), authentication credentials (stored hashed, never in plain text), and your settings.
• Calendar context — if you grant calendar access, Penny reads event titles and times on-device to match memories to upcoming events. Calendar contents are not stored on Penny's servers.
• Subscription state — your plan and entitlement status, processed by the app stores. Penny never stores payment information.

2. How your memories are used

• Your memories are used for exactly one purpose: making Penny work for you — organizing, searching, resurfacing, and briefing.
• Your memories are never used for AI model training. Penny calls AI providers to categorize, transcribe, and search your content; those calls are made with server-side keys under contracts that prohibit training on your data, and Penny itself never trains models on user memories.
• No third-party advertising or data sharing. Penny shows no third-party ads and does not sell, rent, or share your memories or your identity with third parties. The only data shared with commerce partners is anonymous, aggregate intent patterns — never an individual user's memories or identity.

3. Your controls

• Export at any time — export all of your data from Settings → Export. The export includes every memory, list, and attachment in a portable format.
• Permanent deletion at any time — permanently delete all of your data from Settings → Delete all data. Deletion is irreversible and removes your memories, derived metadata, and account records from Penny's servers.
• Note Lock — individual memories can be locked behind Face ID / passcode; locked content is masked everywhere it would otherwise surface.
• Calendar access — granted and revoked by you in Settings at any time.
• Commerce shortcuts — on by default and fully optional; disable them globally or per retailer in Settings → Commerce in one tap.

4. Affiliate disclosure

Some retailer shortcuts in Penny use affiliate links. When you buy something through an affiliate link, Penny may earn a commission at no extra cost to you. Affiliate relationships are disclosed here and in the Commerce settings screen. Penny never stores payment information, and affiliate partners never receive your memories or identity.

5. Security

• API keys for Cowork integration are never stored in plain text (hashed per-user keys, TLS-only transport).
• AI provider keys are held server-side only — never embedded in the app.
• Data in transit is encrypted via TLS; data at rest is encrypted on Penny's infrastructure.

6. Compliance

Penny is designed to be GDPR and CCPA compliant from day one: the export and permanent-delete controls above implement the corresponding access and erasure rights, and Penny processes only the data described in this policy.

7. Contact

Questions about this policy or your data: hello@sungwoopark.com.