Privacy Policy

Last updated: February 22, 2026

1. Introduction

Pennyscout ("we", "our", or "us") is a personal financial dashboard that helps you track your net worth, transactions, and budgets. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

2. Data We Collect

When you connect a financial institution through Plaid, we collect and store:

  • Account names, types, and masked account numbers (last 4 digits)
  • Account balances (current and available)
  • Transaction history (description, amount, date, merchant, category)
  • Investment holdings (security name, ticker, quantity, value)
  • Institution name and Plaid item identifiers

We also collect:

  • Your name and email address (for account creation)
  • Your IP address at the time you link a financial institution (for consent audit)
  • Subscription and billing information (processed by Stripe — we do not store raw card data)
  • AI chat messages you send and the responses generated

3. How We Use Your Data

  • To display your financial accounts, balances, and transaction history on your personal dashboard
  • To calculate and track your net worth over time
  • To power the AI Financial Assistant with relevant financial context
  • To enforce subscription plan limits and billing
  • To maintain security and detect abuse

4. Third-Party Data Sharing

We share data with the following third-party processors ("subprocessors"):

  • Plaid Technologies, Inc. — Provides bank connectivity. Plaid retrieves your financial data on our behalf with your explicit consent. Plaid's privacy policy governs their handling of your data: plaid.com/legal
  • Stripe, Inc. — Processes subscription payments. Stripe receives your name, email address, and payment method. We do not store raw payment card data.
  • AI providers (OpenAI / Anthropic / Google) — When you use the AI Financial Assistant, a contextual summary of your financial data (account balances, transaction summaries, holding values) is sent to the configured AI provider to generate a response. This is a user-initiated feature. The summary contains the same information displayed on your own dashboard. Data is not used for model training by these providers under our agreements.
  • Hosting provider — Your data is stored on servers operated by our infrastructure provider. Data resides in the United States.

We do not sell your personal data to any third party.

5. Data Retention

Your financial data is retained for as long as your account is active. When you disconnect a financial institution, it is archived but the data is preserved for your records. When you permanently delete an institution, all associated accounts, transactions, and holdings are irreversibly removed from our database. When you close your account entirely, all data is deleted.

6. Your Rights

  • Access: You can view all of your financial data within the app dashboard.
  • Deletion: You can delete individual institutions (and all associated data) from the app. To delete your entire account and all data, contact us.
  • Portability: Contact us to request an export of your data.
  • Opt-out of AI: You can use the app without ever using the AI Financial Assistant. Simply don't send any messages.

7. Security

We protect your data with industry-standard security measures including AES-256-GCM encryption for stored Plaid access tokens, bcrypt password hashing, HTTPS-only connections, and strict HTTP security headers. Rate limiting is applied to sensitive endpoints.

8. Children's Privacy

Pennyscout is not directed at children under 13. We do not knowingly collect personal data from children under 13.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page.

10. Contact

For privacy inquiries, data access requests, or deletion requests, contact us at: adam@pennyscouts.com