Privacy Policy

Last Updated: December 7, 2025

At PennyChat, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Telegram bot and Mini App.

1. Information We Collect

1.1 Information You Provide

Telegram Information: Your Telegram user ID, username, and first name (provided by Telegram)
Financial Data: Transaction amounts, categories, descriptions, and dates that you input
Asset Information: Details about your financial assets (for Premium users)
Budget Data: Your budget settings and preferences (for Premium users)

1.2 Automatically Collected Information

Usage Data: Commands used, features accessed, and interaction patterns
Technical Data: API request logs, error reports, and performance metrics
Payment Information: Processed securely through Stripe (we do not store credit card details)

2. How We Use Your Information

We use your information to:

Provide and maintain the PennyChat service
Process your financial transactions and generate reports
Provide AI-powered financial insights (Premium feature)
Process payments and manage subscriptions via Stripe
Send service-related notifications (e.g., subscription renewals)
Improve our service and develop new features
Prevent fraud and ensure service security
Comply with legal obligations

3. Data Storage and Security

3.1 Where We Store Your Data

Database: Supabase (PostgreSQL) hosted in secure cloud infrastructure
Payment Processing: Stripe (PCI DSS Level 1 certified)
AI Processing: Groq API (for natural language parsing)

3.2 Security Measures

End-to-end encryption for data in transit (HTTPS/TLS)
Row-level security (RLS) policies to isolate user data
Rate limiting to prevent abuse
Regular security audits and updates
Secure authentication via Telegram Web App

            Note: While we implement industry-standard security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.
        

4. Third-Party Services

We use the following third-party services:

4.1 Telegram

Used for: Bot interface and user authentication
Privacy Policy: https://telegram.org/privacy

4.2 Stripe

Used for: Payment processing and subscription management
Privacy Policy: https://stripe.com/privacy
We store: Stripe Customer ID and Subscription ID (not credit card details)

4.3 Groq

Used for: AI-powered message parsing
Data sent: Your transaction messages (e.g., "50 food") for parsing
Data retention: Processed in real-time, not stored by Groq

4.4 Supabase

Used for: Database hosting and management
Privacy Policy: https://supabase.com/privacy

5. Data Retention

Active Accounts: We retain your data as long as your account is active
Deleted Accounts: Data is permanently deleted within 30 days of account deletion
Transaction History: Free users: 3 months; Premium users: Unlimited
Payment Records: Retained for 7 years for tax and compliance purposes
Logs and Analytics: Retained for 90 days maximum

6. Your Rights

You have the right to:

Access: Request a copy of your personal data
Correction: Update or correct inaccurate data
Deletion: Request deletion of your account and data
Export: Download your transaction data (CSV format, Premium feature)
Opt-out: Unsubscribe from non-essential notifications
Portability: Transfer your data to another service

To exercise these rights, contact us via Telegram or email (see Contact section below).

7. Children's Privacy

PennyChat is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

8. International Data Transfers

Your data may be processed in countries outside your country of residence. We ensure appropriate safeguards are in place for international data transfers, including:

Use of services compliant with GDPR and other data protection regulations
Standard contractual clauses with service providers
Adequate security measures during transfer

9. Cookies and Tracking

We do not use cookies or tracking pixels on our landing page. The Telegram Mini App uses local storage only for:

Maintaining your login session
Caching UI preferences
Storing Telegram Web App authentication tokens

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via:

Telegram bot notification
Update to the "Last Updated" date above
Notice on our website

Continued use of PennyChat after changes constitutes acceptance of the updated policy.

11. GDPR Compliance (EU Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

Right to object to processing
Right to restrict processing
Right to lodge a complaint with a supervisory authority
Right to withdraw consent at any time

Our legal basis for processing your data includes:

Contract: To provide the service you requested
Consent: For optional features like AI insights
Legitimate Interest: To improve our service and prevent fraud

12. California Privacy Rights (CCPA)

California residents have the right to:

Know what personal information is collected
Know if personal information is sold or disclosed (we do not sell your data)
Request deletion of personal information
Opt-out of the sale of personal information (not applicable)
Non-discrimination for exercising privacy rights

13. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

Email: privacy@pennychat.com (to be updated)

Telegram: Message our bot directly

Response Time: We aim to respond within 48 hours

14. Data Processing Agreement

For business users or those requiring a Data Processing Agreement (DPA), please contact us at the email above.

By using PennyChat, you agree to this Privacy Policy and our Terms of Service.