Penny — Privacy Policy
Effective date: 22 June 2026
This Privacy Policy explains how the Penny mobile application ("Penny", "the app", "we", "us", or "our") collects, uses, stores, shares, and protects your personal data, and the rights you have over that data.
Penny is a personal-finance app that helps you track your spending, budgets, and upcoming payments. Optionally, it can read your bank's transaction-notification emails so it can add transactions to your own ledger automatically. Penny does not show ads, does not track you across other apps or websites, and does not sell your data.
1. Who we are (Data Controller) and how to contact us
The data controller responsible for your personal data is:
- Penny — operated by Egemen Kılıç, an individual developer based in the Republic of Türkiye.
- Contact / support email: support@whoisegemen.com
If you have any questions about this policy or about how your data is handled, or if you wish to exercise any of your rights (see Section 9), please contact us at the email address above.
This policy is governed by the law of the Republic of Türkiye, in particular the Personal Data Protection Law No. 6698 ("KVKK"). For users located in the European Union / European Economic Area (EU/EEA) and the United Kingdom, this policy also addresses the General Data Protection Regulation ("GDPR").
2. The data we collect, and where it comes from
We only collect data that the app needs to function. We group it into the categories below and indicate the source of each.
2.1 Account and identity data
| Data | Source |
|---|---|
| Email address | Provided by you at sign-up, or supplied by your sign-in provider (Apple / Google) and stored by our authentication provider (Supabase Auth). |
| Name / full name | Supplied by your sign-in provider's profile metadata (Apple or Google). With Sign in with Apple, we request the name and email scope. |
| Password | Only for email/password sign-up. It is handled directly by our authentication provider (Supabase Auth) and is never stored in the app's own data tables. |
| User ID | A unique identifier (UUID) created by the authentication system to link your records to you. |
2.2 Financial / transaction data
You create most of this data by using the app; some of it can be derived from bank-notification emails (see Section 2.4).
- Transactions: merchant, amount, currency, date, optional note, recurring flag, category, plus internal provenance fields (whether the transaction was entered manually or derived from email, its review status, and a source-message identifier used to avoid duplicates).
- Upcoming payments: merchant, amount, currency, due date, recurrence, and autopay/paid/reminder flags.
- Budgets: your monthly spending limit per category.
- App settings: theme, display currency, monthly income, total monthly budget, and related budgeting preferences (such as payday and statement-cycle dates).
- Categories: your category names, colors, and icons.
A receipt_url field exists in our data model and the app can display a receipt image if one is present. The current app contains no receipt-upload feature: no receipt images are captured, uploaded, or stored.
2.3 Email-import infrastructure data (only if you use the email-import feature)
- A personal ingest address of the form
u-<token>@whoisegemen.com, used so you can forward bank emails into Penny. - Trusted senders: the bank sender address(es) and bank identifier associated with your account.
- Gmail authorization tokens (only if you connect Gmail — see Section 2.4): the OAuth access token, refresh token, expiry, and the connected Gmail address.
- A minimized ingest audit log: for each processed email we record only your user ID, a message identifier, the processing outcome, and a short detail note. We intentionally do not record email subjects, sender addresses, or one-time codes in this log (see Section 6).
2.4 Identifiers and email-derived data
You can optionally let Penny read your bank's transaction-notification emails in two ways:
- Forwarded email: you forward bank emails to your personal
u-<token>@whoisegemen.comaddress. The email passes through our email-routing service (Cloudflare), which parses it in memory, verifies its authenticity (DKIM), and passes only the extracted transaction fields onward. Only senders on a bank allowlist with a valid DKIM signature are auto-processed; anything else is placed in a pending Review list for you to confirm. - Gmail connection (Google API): you can connect your Gmail account so Penny can read your bank's transaction-notification emails directly. This uses Google's read-only Gmail scope. See Section 5 for the full, required Google API disclosure.
From these emails, Penny extracts only the fields needed for your ledger — typically amount, merchant, currency, and date. Raw email bodies and full email content are not stored (see Section 6).
Third-party data in forwarded emails. If an email you forward or make accessible contains another person's personal data (for example, a joint-account holder or a person named in the message), you are responsible for having any consent or authority required to share it with Penny, and you act as the source of that data. Penny processes only the extracted transaction fields and does not retain the rest of the message (this mirrors Section 5 of our Terms of Service).
2.5 Device-local data (stays on your device)
The following are stored only on your device and are not sent to our backend:
- Your authenticated session (stored securely in the iOS Keychain).
- Local preferences such as a biometric-lock toggle, a "hide amounts" toggle, the selected tab, and language.
The app also declares certain Apple "required-reason" API usages (e.g. local storage of preferences, disk-space checks, file timestamps). These are technical API declarations required by Apple and do not constitute data collection.
3. How and why we use your data
We use your data only to provide and operate the app's features (App Functionality). Specifically:
- To create and secure your account and sign you in.
- To store and display your transactions, budgets, upcoming payments, and categories.
- To produce your spending summaries and budget tracking.
- To import transactions from your bank's notification emails when you opt into the email-import or Gmail features.
- To send you payment reminders you have configured within the app.
- To detect and prevent duplicate transaction entries.
- To respond to your support requests and to comply with legal obligations.
We do not use your data for advertising, profiling for marketing, cross-app tracking, or analytics/telemetry. The app contains no analytics, advertising, or tracking software.
4. Legal bases for processing
4.1 Under KVKK (Law No. 6698)
We process your personal data on the following bases under Article 5 of the KVKK:
- Performance of a contract / necessity for a service you requested: processing your account and financial data is necessary to provide the app you have chosen to use.
- Explicit consent: for the optional email-import and Gmail-connection features, which you enable yourself.
- Legitimate interests (where this does not override your fundamental rights and freedoms): securing the service and preventing duplicate or fraudulent entries.
- Compliance with a legal obligation: where applicable.
4.2 Under GDPR (for EU/EEA and UK users)
Where the GDPR applies, our legal bases under Article 6(1) are:
- Art. 6(1)(b) — contract: providing the core app functionality you signed up for (accounts, transactions, budgets, payments).
- Art. 6(1)(a) — consent: the optional Gmail connection and email-import features. You may withdraw consent at any time (see Sections 8 and 9).
- Art. 6(1)(f) — legitimate interests: keeping the service secure, preventing duplicates, and handling abuse.
- Art. 6(1)(c) — legal obligation: where we must process data to comply with the law.
5. Google API Services — Limited Use disclosure
Penny's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
If — and only if — you choose to connect Gmail:
- Scope requested: Penny requests only the read-only Gmail scope
https://www.googleapis.com/auth/gmail.readonly. Penny never modifies, deletes, or sends email on your behalf. - Offline access: we request offline access (a refresh token) so the app can continue reading bank-notification emails to keep your ledger up to date, without asking you to sign in each time.
- Sole purpose: the only thing Penny does with Gmail access is read your bank's transaction-notification emails to automatically extract transaction details (such as amount, merchant, and date) for your own financial ledger inside the app.
- No human access: this processing is automated. Penny does not, and will not, provide human access to your Gmail content except where required by law or to investigate abuse or a security incident.
- No third-party transfer: Penny does not, and will not, transfer your Gmail data to third parties except as needed to provide and secure this feature (see Section 7), or as required by law. Penny does not, and will not, use Gmail data for advertising, and does not sell it.
- No use for model training: Penny does not, and will not, use Gmail data to train generalized or AI/ML models.
At present, Penny can interpret transaction emails only from a limited set of banks (currently Akbank). Emails from other senders are not processed by the Gmail feature.
The Gmail-reading process is performed by a server-side function operated for Penny. This function reads only your bank's transaction-notification emails and extracts transaction details, and its handling of Gmail data is bound by the commitments in this Section.
You can revoke Penny's access to your Google account at any time via your Google Account permissions page, and/or by deleting your Penny account (see Section 8).
6. Data minimization and what we do NOT store
We deliberately minimize what we keep:
- Raw email content is not stored. When an email is imported, it is parsed in memory and only the extracted transaction fields (e.g. amount, merchant, currency, date) are saved. There is no storage of the full email body.
- The ingest audit log is minimized. It records only your user ID, a message identifier, the outcome, and a short detail note. It does not store email subjects, sender addresses, or one-time/confirmation codes.
- Confirmation/OTP codes are discarded after use and are not retained beyond an outcome marker.
- No receipts/images are uploaded by the current app (see Section 2.2).
- No analytics or telemetry is collected or transmitted.
7. Third parties and sub-processors; international transfers
We use a small number of trusted service providers ("sub-processors") to run Penny. Each receives only the data needed for its role:
| Provider | Role | What it receives |
|---|---|---|
| Supabase | Database, authentication, and server functions (hosting) | Your stored account, financial, settings, and (if connected) Gmail token data. Access is restricted per-user by row-level security. |
| Sign-in and (optional) Gmail API | Sign-in authorization requests; if you connect Gmail, read-only access to your bank-notification emails (see Section 5). | |
| Apple | Sign in with Apple | Standard Apple sign-in / identity-token verification data. |
| Cloudflare | Inbound email routing (email-import feature) | The full forwarded email you send to your ingest address, which it parses and from which it forwards only extracted fields to our backend. Email content transits Cloudflare. |
whoisegemen.com mail domain |
The inbound mail/routing domain for your personal ingest address | Inbound forwarded bank emails. This domain is controlled and operated by the developer (Egemen Kılıç). |
Penny contains no other third-party SDKs for advertising, analytics, crash reporting, or tracking.
International transfers. Our providers (Supabase, Google, Apple, and Cloudflare) may process or store data on servers located outside Türkiye and/or outside the EU/EEA, including in the United States. Where data is transferred internationally, we rely on the data-processing agreement (DPA) and, for EU/EEA users, the Standard Contractual Clauses (SCCs) — or an applicable adequacy decision — offered by each provider (the Supabase DPA and SCCs, and the Google, Apple, and Cloudflare DPAs).
For users in Türkiye, cross-border transfers under KVKK Article 9 are made on the basis of your explicit consent for the optional email-import and Gmail-connection features, and otherwise on the transfer bases permitted under KVKK Article 9 (including the providers' written undertakings/SCCs). The Supabase project hosting your data is identified internally by the reference aexazeeiaxpmotnhjoui; you can request its current hosting region by contacting us at support@whoisegemen.com.
8. Data retention
- Your account data (transactions, budgets, payments, settings, categories, and related records) is retained until you delete the relevant item or delete your account. Deleting your account cascades to delete these records.
- The ingest audit log is retained (in its minimized form) until your account is deleted. We do not currently run an automatic time-based purge of these audit rows; they are removed when your account is deleted.
- Gmail authorization tokens are retained while Gmail is connected and are deleted (and revoked at Google, on a best-effort basis) when you delete your account. The app does not currently offer a standalone in-app "disconnect Gmail" action; deleting your account is the in-app path that purges these tokens, and you can also revoke access directly at your Google Account permissions page at any time.
- We do not operate scheduled deletion jobs; in general, data is retained until you delete it or delete your account.
If you wish to delete specific data sooner, you can remove individual items in the app, or delete your account entirely (see Sections 9 and 10).
9. Your rights and how to exercise them
9.1 Under KVKK (Article 11)
You have the right to: learn whether your data is processed; request information about the processing; learn the purpose of processing; know the third parties to whom data is transferred; request correction of incomplete or inaccurate data; request erasure or destruction of your data; request notification of such corrections/erasures to third parties; object to outcomes resulting from automated analysis; and claim compensation for damages arising from unlawful processing.
9.2 Under GDPR (for EU/EEA and UK users)
You have the right to: access your data; rectify inaccurate data; erase your data ("right to be forgotten"); restrict processing; data portability; object to processing; and withdraw consent at any time (without affecting prior lawful processing). You also have the right to lodge a complaint with your local supervisory authority. For users in Türkiye, the competent authority is the Turkish Data Protection Authority (KVKK Kurumu).
9.3 How to exercise your rights
- In-app account deletion: the fastest way to erase your data is in the app — go to Settings → Delete account ("Hesabı sil"). This permanently deletes your account and cascades deletion across all of your data (transactions, budgets, settings, categories, upcoming payments, ingest addresses, trusted senders, and the ingest log), and revokes/deletes your Gmail tokens (Google revocation is best-effort — see Section 10).
- Withdraw Gmail consent: disconnect Penny from your Google account at your Google Account permissions page. The app does not currently offer a standalone in-app disconnect option; account deletion is the in-app path to purge the stored tokens.
- Other requests (access, correction, portability, objection): contact us at support@whoisegemen.com. We will respond to KVKK data-subject requests within 30 days and to GDPR requests within one month of receipt (extendable by up to two further months for complex or numerous requests, as permitted under GDPR Article 12(3), in which case we will tell you within the first month).
10. Account deletion mechanism (details)
When you delete your account from within the app:
- The app sends a secure, authenticated deletion request to our server function.
- The server best-effort revokes your Google refresh token at Google's revocation endpoint and deletes your stored Gmail tokens.
- The server deletes your user account, which cascades to delete all of your data across the app's tables.
- The app then signs you out locally.
Note on Google revocation: the Google token revocation step is best-effort. If it fails on Google's side, the grant may persist at Google until you remove it manually via your Google Account permissions page.
11. Security
We take reasonable technical and organizational measures to protect your data, including:
- Encryption in transit: all communication with our backend, Google, and Cloudflare uses HTTPS/TLS.
- Per-user isolation: database row-level security restricts each user's records to that user. Server-side functions that need broader access run only on the server, never in the app.
- Secure session storage: your authenticated session is stored in the iOS Keychain. The app ships only a public (anonymous) key, which is safe by design because access is gated by row-level security.
- Anti-spoofing for email import: forwarded bank emails must pass DKIM authentication and come from an allowlisted bank domain; anything else is queued for your manual review rather than auto-confirmed.
- Logging hygiene: diagnostic logs mark user-identifying information as private, and the email ingest log is minimized.
- Optional device security: you can enable a biometric lock and an option to hide amounts on your device.
No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. Beyond TLS in transit and our providers' encryption at rest, the app does not apply additional client-side field-level encryption.
12. Children's privacy
Penny is not directed to children. The app is intended for adults managing their own finances. In the Republic of Türkiye, Penny is intended for users aged 18 or over. Outside Türkiye, we do not knowingly collect personal data from children under the age of 13 (or under 16 where required by local law, including parts of the EU/EEA). If you believe a child has provided us with personal data, please contact us at support@whoisegemen.com and we will delete it.
13. No tracking, no ads, no sale of your data
- Penny does not track you across other companies' apps or websites. The app declares no tracking and no tracking domains.
- Penny shows no advertising and contains no advertising software.
- Penny does not sell or rent your personal data to anyone.
- Penny contains no in-app purchases and does not process payments; it only helps you record and view your own financial information.
14. Changes to this policy
We may update this Privacy Policy from time to time, for example to reflect new features or legal requirements. When we make material changes, we will update the Effective date at the top of this policy and post the revised version at its public URL (and, where appropriate, notify you in the app). Your continued use of Penny after an update means you accept the revised policy.
15. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, contact:
- Penny — Egemen Kılıç, an individual developer based in the Republic of Türkiye
- Email: support@whoisegemen.com