Penny — Terms of Service

Effective date: 22 June 2026

These Terms of Service ("Terms") govern your access to and use of the Penny mobile application and related services (together, "Penny", the "App", or the "Service"). Penny is provided by Egemen Kılıç, an individual developer based in the Republic of Türkiye ("we", "us", "our", or the "Provider").

By downloading, installing, accessing, or using Penny, you agree to be bound by these Terms. If you do not agree, do not use the App.

Please read these Terms together with our Privacy Policy, which explains how we handle your personal and financial data.

1. Acceptance of these Terms

By creating an account or otherwise using Penny, you confirm that you have read, understood, and agree to be bound by these Terms and by our Privacy Policy. If you are using Penny on behalf of someone else or any organisation, you confirm that you are authorised to accept these Terms on their behalf.

If you do not agree to any part of these Terms, you must stop using the App and may delete your account at any time (see Section 11).

2. Description of the Service

Penny is a personal finance application that helps you track and review your own spending. The App lets you:

• Record transactions manually (merchant, amount, currency, date, optional note, category, and recurring flag);
• Track upcoming payments, budgets per category, and basic settings such as display currency and monthly income;
• Optionally import bank transaction-notification emails so that transaction details (such as amount, merchant, currency, and date) can be extracted automatically into your ledger.

There are two optional ways to bring bank-notification data into the App:

1. Email forwarding — you forward your own bank notification emails to a unique address assigned to you (in the form u-<token>@whoisegemen.com). The forwarded message is parsed, the relevant transaction fields are extracted, and a transaction is added to your ledger.
2. Gmail connection — you connect your Google/Gmail account with read-only access so that bank transaction-notification emails can be read and the relevant transaction details extracted into your ledger.

Both import methods are optional. You can use Penny entirely with manual entry if you prefer.

Penny is an informational and descriptive money-tracking tool only. It is not a bank, payment service, money transfer service, or financial institution. Penny does not move, hold, or transfer money, and does not process payments. The App contains no advertising, no third-party analytics or tracking, and no in-app purchases or payments.

Bank coverage note: Automatic email parsing currently supports a limited set of senders (at the time of this writing, Akbank notification emails only). Emails from other senders are not auto-confirmed; they are held for your manual review. Coverage may change over time.

3. Eligibility and Age

You must be old enough to enter into a binding contract and to consent to the processing of your personal data under applicable law.

• In the Republic of Türkiye, you must be at least 18 years old, or have the consent of a parent or legal guardian, to use Penny.
• If you are located in the European Union / European Economic Area (EU/EEA), you must meet the minimum age for digital consent under the GDPR and your national law (generally between 13 and 16 depending on your country).

By using Penny, you represent and warrant that you meet these requirements. The App is not directed to children below the applicable minimum age, and we do not knowingly collect their data.

4. Accounts and Security

To use Penny you must create an account. You can sign up and sign in using:

• Email and password (handled by our authentication provider, Supabase);
• Sign in with Apple; or
• Continue with Google.

You agree to provide accurate information and to keep your account credentials secure. You are responsible for all activity that occurs under your account. You must notify us promptly if you believe your account has been accessed without your authorisation.

Penny offers optional device-level protections, including a biometric lock and a "hide amounts" toggle. These are local settings on your device and are not a substitute for keeping your device and account credentials secure.

We store your authentication session in the iOS Keychain on your device, and we apply per-user access controls so that you can only access your own data. However, no method of transmission or storage is completely secure (see Section 9).

5. Your Responsibility and Authorisation to Forward Email Content

The email-import features (forwarding and Gmail connection) are designed for your own bank notification emails only.

By using these features, you represent, warrant, and agree that:

• You will forward — and grant access to — only bank notification emails that belong to you and that relate to your own accounts;
• You are authorised to share that content with Penny for the purpose of extracting your transaction data;
• You will not forward, import, or grant access to any email content belonging to another person, or any content you are not legally entitled to share;
• You are responsible for the content you choose to forward or make accessible, and for ensuring you have any consents required to do so.

If you connect Gmail, you grant read-only access using the gmail.readonly scope. Penny uses this access for one purpose only: to read your bank transaction-notification emails and extract transaction details (such as amount, merchant, and date) into your own ledger. Penny does not, and the granted scope does not allow it to, modify, delete, or send email on your behalf. The reading and parsing is automated; no human at Penny reads your email for this purpose. Your email content is not transferred to third parties for advertising or any unrelated purpose.

What we do not keep: We do not store the raw body or full content of your emails, the email subject, the sender address, or any one-time confirmation/OTP codes in our records. The forwarded or read email is parsed in memory, and only the extracted transaction fields are saved to your ledger. Our import audit log is data-minimised — it records only a message identifier, an outcome, and a short detail field, not the email subject, sender, or any code.

Anti-spoofing: For forwarded emails, we check the message's DKIM signature and only auto-confirm transactions from senders on an allowlist of known banks. Messages from other senders are placed in a review queue for you to confirm manually, rather than being auto-confirmed.

You are responsible for verifying that imported transactions are accurate. Automated parsing can be incomplete or incorrect, and you should not rely on it as a complete or authoritative record of your finances.

6. Acceptable Use

You agree not to:

• Use Penny for any unlawful purpose or in violation of any applicable law or regulation;
• Forward, import, or attempt to access email content or financial data that does not belong to you or that you are not authorised to share;
• Attempt to gain unauthorised access to the App, other users' data, our systems, or our service providers' systems;
• Probe, scan, or test the vulnerability of the Service, or breach or circumvent any security or authentication measures;
• Interfere with or disrupt the integrity or performance of the Service, including by overloading, flooding, or spamming the import addresses or endpoints;
• Reverse engineer, decompile, or attempt to extract the source code of the App, except to the extent this restriction is prohibited by applicable law;
• Use the Service to build a competing product, or resell or commercially exploit the Service without our permission;
• Misuse the Gmail connection, the forwarding address, or any credentials.

We may suspend or terminate your access if you violate these rules (see Section 11).

7. No Financial Advice

Penny is for informational purposes only. The App provides descriptive tracking and simple summaries of money you record or import. It does not provide, and nothing in the App constitutes, investment, financial, tax, accounting, or legal advice, nor any recommendation to take or refrain from taking any financial action.

Figures shown in the App, including imported transactions, budgets, income, and any totals or summaries, may be incomplete or inaccurate and should not be relied upon as a definitive record of your finances. Your bank's records, statements, and official documents are the authoritative source for your account information.

You are solely responsible for your own financial decisions. Before making any financial, investment, tax, or legal decision, you should consult a qualified professional. We are not liable for any decision you make based on information shown in the App.

8. Third-Party Services and Their Terms

Penny relies on third-party services to function. Your use of those services is subject to their own terms and privacy policies, in addition to these Terms. We are not responsible for third-party services or their acts and omissions.

• Your bank — Bank notification emails originate from your bank and are subject to your agreement with that bank. We are not affiliated with, endorsed by, or acting on behalf of any bank.
• Google (Sign-in and Gmail API) — If you sign in with Google or connect Gmail, your use is subject to Google's terms and privacy policy. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
• Apple (Sign in with Apple and the App Store) — Your use of Sign in with Apple and your download of the App from the App Store are subject to Apple's terms.
• Supabase — We use Supabase for our database, authentication, and server functions. Your stored data and credentials are processed through Supabase as our service provider.
• Cloudflare — Forwarded emails are routed and parsed through Cloudflare's email routing infrastructure before the extracted fields are passed to our backend. The forwarded email content transits Cloudflare during this process.
• Mail domain whoisegemen.com — The unique forwarding address assigned to you uses the whoisegemen.com domain, which is controlled and operated by the developer (Egemen Kılıç). This is the inbound mail domain used solely to receive and route your forwarded bank emails for parsing.

Links to or integrations with third-party services do not imply our endorsement, and we have no control over, and assume no responsibility for, their content, policies, or practices.

9. Service Provided "As Is"; Disclaimers and Limitation of Liability

As-is. To the maximum extent permitted by applicable law, including the law of the Republic of Türkiye, the Service is provided "as is" and "as available", without warranties of any kind, whether express, implied, or statutory. We do not warrant that the Service will be uninterrupted, error-free, secure, or that imported or displayed data will be accurate, complete, or up to date.

No reliance. You acknowledge that automated email parsing may fail, be delayed, or produce inaccurate results, and that the App is not a substitute for your bank's records or professional advice.

Limitation of liability. To the maximum extent permitted by applicable law, we will not be liable for any indirect, incidental, special, consequential, or punitive damages, or for any loss of profits, revenue, data, goodwill, or other intangible losses, arising out of or relating to your use of, or inability to use, the Service.

Nothing in these Terms excludes or limits any liability that cannot lawfully be excluded or limited under applicable law, including under the mandatory consumer-protection provisions of the law of the Republic of Türkiye. Where liability cannot be excluded but may be limited, our liability is limited to the minimum extent permitted by law. Because Penny is provided free of charge and takes no payments, you acknowledge that, to the extent permitted by law, our maximum aggregate liability to you is limited accordingly.

Some jurisdictions do not allow certain disclaimers or limitations; in those cases, the above applies only to the extent permitted by the law that applies to you.

10. Intellectual Property

The App, including its software, design, text, graphics, and other content (excluding your own data and content), is owned by the Provider or its licensors and is protected by intellectual property laws. Subject to your compliance with these Terms, we grant you a personal, limited, non-exclusive, non-transferable, revocable licence to use the App for your own personal, non-commercial use.

You retain all rights to the data and content you create or import. You grant us only the limited rights necessary to operate the Service for you — for example, to store, process, and display your transactions and to parse the email content you choose to forward or make accessible. We do not claim ownership of your data.

You may not copy, modify, distribute, sell, or lease any part of the App, except as expressly permitted by these Terms or applicable law.

11. Suspension, Termination, and Account Deletion

Your right to delete. You may stop using Penny at any time. You can delete your account directly in the App via Settings → "Hesabı sil" (Delete account). When you delete your account:

• We make a best-effort attempt to revoke the Google refresh token (if Gmail was connected) and delete the stored Gmail tokens; and
• We delete your account, which cascades to delete your associated data, including your transactions, budgets, settings, categories, upcoming payments, import addresses, trusted senders, and import audit log.

Please note that the revocation of the Google grant is best-effort. If revocation at Google's side does not succeed, the Google authorisation may persist with Google until you remove it manually from your Google account settings.

Gmail disconnect note: The App does not offer a standalone "disconnect Gmail" option that deletes your stored Gmail tokens without deleting your whole account. To remove the stored tokens, you can delete your account, and/or revoke the App's access directly from your Google account settings.

Suspension and termination by us. We may suspend or terminate your access to the Service, in whole or in part, if you breach these Terms, if we reasonably believe your use poses a security or legal risk, or if we discontinue the Service. Where reasonable and lawful, we will try to give you notice.

Discontinuation. Penny is provided by an individual developer and may be modified, suspended, or discontinued at any time. If the Service is discontinued, we will, where practicable, provide notice so you can export or record your data.

12. Changes to the Service and to these Terms

We may update or modify the App and these Terms from time to time. When we make material changes to these Terms, we will update the "Effective date" above and, where appropriate, provide additional notice (for example, in the App or on the page where these Terms are hosted). Your continued use of the Service after changes take effect constitutes your acceptance of the updated Terms. If you do not agree to the updated Terms, you must stop using the Service and may delete your account.

13. Governing Law and Jurisdiction

These Terms are governed by, and construed in accordance with, the laws of the Republic of Türkiye, without regard to its conflict-of-laws rules. The Istanbul (Çağlayan) Courts and Enforcement Offices shall have jurisdiction over any dispute arising out of or relating to these Terms or the Service.

Nothing in this Section deprives you of any protection afforded to you by mandatory provisions of the law of the country in which you reside, including mandatory consumer-protection rules. If you are a consumer in the EU/EEA, you may also have the right to bring proceedings in the courts of your country of residence, and our data practices for EU/EEA users are also subject to the GDPR (in addition to Türkiye's Law on the Protection of Personal Data No. 6698 (KVKK)).

14. Contact

If you have questions about these Terms or the Service, contact us at:

• Email: support@whoisegemen.com
• Provider: Egemen Kılıç, an individual developer based in the Republic of Türkiye

These Terms should be read together with the Penny Privacy Policy, which describes how we collect, use, share, and retain your personal and financial data, and your rights under the KVKK (Law No. 6698) and, where applicable, the GDPR.