Skip to content
Back to Home
PennyRa

Last updated: May 14, 2026

Privacy Policy

At PennyRa, we respect your privacy. This policy explains what data we collect when you use our service, how we use it, and what your rights are.

1. Data We Collect

  • Account information: Your email address and the password you create when signing up. Display name is optional.
  • Financial transaction data: Income, expense, category, date, and amount information you enter into the app. This data belongs solely to you and is never shared with any third party.
  • Subscription information: Payments are processed by Polar (polar.sh), a Merchant of Record. We never see or store your credit card details. Only your subscription status and plan are recorded.
  • Technical data: IP address, browser type, device info, and usage statistics (anonymized PostHog analytics). Used to improve the service.

2. How We Use Your Data

  • To provide the core service (transaction tracking, budget goals, reports).
  • To send service-related notifications such as weekly summaries and trial emails.
  • To improve the app and fix bugs.
  • To manage subscriptions and payments.
  • For fraud detection and security.

3. Data Security

  • All data is stored in a Supabase PostgreSQL database with Row-Level Security (RLS) enabled, meaning only you can access your own data.
  • All connections are encrypted with TLS/HTTPS.
  • Passwords are never stored in plain text; Supabase Auth uses secure hashing.
  • Data is hosted on Supabase infrastructure in the EU or US.

4. Third-Party Sharing

  • We do not sell or rent your personal data.
  • Supabase: Database and authentication infrastructure.
  • Polar (polar.sh): Payment processing — Merchant of Record (no access to your card details).
  • Resend: Email delivery (only your email address is passed).
  • PostHog: Anonymized usage analytics.
  • Anthropic (Claude AI): Pro plan users' transaction data is sent anonymously for AI analysis; no personally identifiable information is included.
  • Upstash Redis: Rate limiting (IP address is processed temporarily).
  • Vercel: Application hosting and deployment infrastructure.
  • Sentry: Error monitoring (technical context is processed in error reports).
  • Axiom: Server log aggregation (operational records).
  • Google Analytics / Tag Manager and Meta Pixel: Loaded only if you accept cookies; used for marketing performance measurement.

5. Cookies & Local Storage

  • Authentication cookies set by Supabase are used for session management.
  • Your language and theme preferences are stored in localStorage.
  • Onboarding tour status is stored in localStorage.
  • No third-party advertising cookies are used.

6. Your Rights (GDPR)

  • Access: You may request a copy of your data.
  • Deletion: You may request deletion of your account and all associated data. Email hello@pennyra.com and we will process your request within 30 days.
  • Portability: You can export your data in CSV format using the in-app export feature.
  • Rectification: You may request correction of inaccurate data.
  • If you are in the EU, you have the right to lodge a complaint with your local data protection authority.

7. Data Retention

  • Your data is retained as long as your account is active.
  • When you delete your account, all personal data and transaction records are permanently deleted within 30 days.
  • Backups are retained for a maximum of 90 days.

8. Contact

  • For privacy-related questions: hello@pennyra.com
  • PennyRa is an independent software product based in Istanbul, Turkey.
hello@pennyra.com