Legal

Privacy Policy

Last updated: April 7, 2026

1. What Penny is

Penny ("we", "our", "the app") is a mobile application that connects to your Gmail account to automatically find and surface coupon codes, discounts, and promotional deals. This Privacy Policy explains what data we collect, how we use it, and how we protect it.

2. Data we collect

When you use Penny, we collect the following:

• Google account information — your name, email address, and profile picture, obtained during sign-in via Google OAuth.
• Extracted deal information — coupon codes, discount amounts, company names, expiry dates, and similar fields extracted from your promotional emails by Google Gemini AI. We store this extracted data, not your raw emails.
• Gmail access tokens — OAuth tokens that allow us to read your Gmail on your behalf. These are encrypted at rest using industry-standard encryption (Fernet/AES-128).
• Push notification token — if you enable notifications, your Expo push token is stored to deliver deal alerts.
• Waitlist email — if you submit your email on our website to join the waitlist, we store it solely to notify you when the app launches publicly.

3. How we use Gmail data

Penny's use of Gmail data is strictly limited to the following:

• We request read-only access (gmail.readonly scope) to your Gmail account. We cannot send emails, delete emails, or modify your inbox in any way.
• We only scan emails in your Promotions category. Your personal, social, spam, and other email categories are never accessed.
• Email content is processed by Google Gemini AI to extract deal information. We store only the extracted deal data (e.g., "Nike — 20% off — MEMBER20 — expires Apr 10"), never the full email body or attachments.
• Gmail data is not used for advertising, is not sold or shared with third parties, and is not used to train AI models.

Penny's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4. Data storage and security

• All data is stored in a PostgreSQL database hosted on Railway with private network access only.
• Gmail access and refresh tokens are encrypted at rest using Fernet symmetric encryption before being stored.
• Communication between the app and our servers uses HTTPS/TLS.
• We do not store raw email content — only AI-extracted deal summaries.

5. Data sharing

We do not sell, rent, or share your personal data with third parties, except:

• Google Gemini API — email content is sent to Google's Gemini API for AI processing. Google's terms govern this use.
• Railway — our infrastructure provider hosts the database and backend server.
• Legal requirements — we may disclose data if required by law or to protect the rights and safety of users.

6. Data retention

• Extracted coupons are automatically deleted 30 days after they expire.
• Your account and associated data are retained while your account is active.
• You can request deletion of your account and all associated data at any time by emailing siddhibansal2604@gmail.com.

7. Your rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Disconnect your Gmail account at any time from within the app (Profile → Account)
• Revoke Google OAuth access at any time via your Google account settings

8. Children's privacy

Penny is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "Last updated" date at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy or how we handle your data, please contact us at siddhibansal2604@gmail.com.