Legal

Privacy Policy

Last updated: March 26, 2026

PennyWatch is built around the belief that your financial and emotional data is deeply personal. We collect only what we need to run the app, we never sell your data, and we give you full control to export or delete everything at any time.

1. Who we are

PennyWatch is a personal finance application. References to “we”, “us”, or “PennyWatch” in this policy refer to the app and its operators. If you have questions about this policy, contact us at support@pennywatch.app.

2. What data we collect

We collect only the data required to provide the PennyWatch service:

Account information

Your email address and display name, provided when you sign up via Clerk (our authentication provider). We do not store passwords — Clerk handles all credential management.

Financial records

Expenses, income entries, budget configurations, savings goals, and custom categories that you create within the app. This data is stored under your account and is never visible to other users unless you explicitly join a shared household.

Emotional / mood data

The feeling tags you attach to transactions (e.g. 'Worth it', 'Regret', 'Necessary'). This data is used solely to generate your personal spending-emotion insights. It is never shared or sold.

Household data

If you join a shared household, your display name and the expenses you log to the household are visible to other household members. You can leave a household at any time.

Subscription status

Whether you have an active Pro subscription, managed via RevenueCat (our in-app purchase provider). We store your subscription tier (free or pro) alongside your account. RevenueCat may independently collect data as described in their own privacy policy.

Usage data

Standard server logs (IP address, request path, timestamp) retained for up to 30 days for security and debugging purposes. We do not use third-party analytics or tracking pixels.

3. How we use your data

  • To operate the app — display your transactions, budgets, goals, and insights.
  • To authenticate you securely across devices via Clerk.
  • To manage your Pro subscription status via RevenueCat.
  • To respond to support requests sent to our email address.
  • We do not sell, rent, or share your personal or financial data with advertisers or third-party data brokers.

4. Data storage and security

Your data is stored in MongoDB Atlas (cloud database) with encryption at rest and in transit. Authentication is handled by Clerk, which is SOC 2 Type II certified.

All API endpoints require authentication. Each request can only access data belonging to the signed-in user. Rate limiting is applied to all endpoints to prevent abuse.

5. Third-party services

C

Clerk

Authentication

Handles sign-up, sign-in, and account management. Stores your email and credential data. Privacy policy at clerk.com/legal/privacy.

R

RevenueCat

In-app subscriptions

Processes Pro subscription purchases on iOS and Android. Privacy policy at revenuecat.com/privacy.

M

MongoDB Atlas

Database

Stores your financial records, goals, budgets, and emotional data on encrypted servers. Privacy policy at mongodb.com/legal/privacy-policy.

6. Your rights

You have the following rights over your data. EU/EEA residents have these rights under GDPR; we extend them to all users regardless of location.

Access

Right to access (Art. 15)

You can view all data we hold about you directly within the app.

Export

Right to data portability (Art. 20)

You can download a complete copy of all your data as a JSON file. In the app, go to Settings → Profile → Download my data. The export includes all expenses, income, budgets, goals, categories, mood tags, and account information.

Delete

Right to erasure (Art. 17)

You can permanently delete your account and all associated data at any time. In the app, go to Settings → Profile → Delete account. This action is irreversible and will delete all your financial records, emotional data, goals, budgets, and your login credentials from Clerk. There is no recovery option.

Rectify

Right to rectification (Art. 16)

You can edit or delete any individual transaction, goal, budget, or category directly within the app.

Object

Right to object

If you believe we are processing your data in a way you object to, contact us at support@pennywatch.app. We will respond within 30 days.

Note on account deletion: Deleting your account removes all data from our databases and from Clerk (authentication provider) simultaneously. Subscription records held by RevenueCat may persist for up to 30 days per their data retention policy — contact RevenueCat directly to request deletion of those records.

7. Data retention

We retain your data for as long as your account is active. Server logs are deleted after 30 days. If you delete your account, all personal and financial data is removed immediately and permanently from our databases. Backups may retain deleted data for up to 7 days before being overwritten.

8. Cookies

The PennyWatch website uses session cookies set by Clerk for authentication purposes only. We do not use advertising cookies, tracking pixels, or third-party analytics on our website. The mobile app does not use cookies.

9. Children’s privacy

PennyWatch is not directed at children under the age of 13. We do not knowingly collect data from children. If you believe a child has provided us with personal information, contact us at support@pennywatch.app and we will delete it.

10. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page. Continued use of PennyWatch after a policy update constitutes acceptance of the revised policy.

11. Contact us

For any privacy-related questions, data requests, or complaints, contact us at: support@pennywatch.app