PennyTrail personal finance logo

Privacy Policy

Last updated: December 6, 2025

At PennyTrail, we are committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your personal information. This Privacy Policy explains our data practices for our website and services.

Table of Contents

  1. Information We Collect
  2. How We Collect Information
  3. How We Use Your Information
  4. Cookies and Tracking Technologies
  5. Third-Party Services
  6. Data Security
  7. Data Retention
  8. Your Privacy Rights
  9. International Data Transfers
  10. Children's Privacy
  11. Changes to This Policy
  12. Contact Us

1. Information We Collect

1.1 Information You Provide Directly

We collect information that you voluntarily provide to us through various forms on our website:

  • Beta Waitlist: Email address when you sign up for early access to PennyTrail
  • Newsletter Subscription: Email address when you subscribe to our blog newsletter
  • Free Template Requests: Email address when you request our free budgeting templates
  • Contact Form: Full name, email address, subject, and message content when you contact us

1.2 Information Collected Automatically

When you visit our website, we automatically collect certain information:

  • IP Address: We collect your IP address for rate limiting, abuse prevention, and security purposes.
  • Analytics Data: With your consent, we collect page views, visitor counts, performance metrics, and approximate geographic data through third-party analytics services.
  • Browser Preferences: Your cookie consent choices and newsletter dismissal preferences are stored locally in your browser.

2. How We Collect Information

We collect information through the following methods:

  • Direct Input: When you fill out forms on our website (homepage waitlist, blog newsletter, contact form, template requests)
  • Automatic Collection: Through cookies and tracking technologies when you browse our website (only with your consent for analytics)
  • Server Logs: IP addresses are logged automatically for security and rate limiting purposes

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Product Launch Communications: To notify waitlist subscribers when PennyTrail launches
  • Educational Content: To send newsletter subscribers blog updates and budgeting tips
  • Template Delivery: To send requested budgeting templates to your email
  • Customer Support: To respond to inquiries submitted through our contact form
  • Website Improvement: To analyze site performance, identify popular content, and enhance user experience
  • Security: To prevent abuse, implement rate limiting, and protect against spam and malicious activity
  • Legal Compliance: To comply with applicable laws and regulations

Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Consent: Newsletter subscriptions, template requests, and analytics tracking
  • Legitimate Interests: Waitlist management, security, fraud prevention, and website optimization
  • Contract Performance: Delivering requested templates and responding to inquiries

4. Cookies and Tracking Technologies

4.1 Cookie Consent System

We implement a cookie consent system that allows you to control whether analytics and non-essential cookies are enabled on your browser. Your choice is stored locally in your browser and persists until you clear your browser data.

4.2 Analytics Cookies (Optional - Requires Consent)

When you accept all cookies, we use third-party analytics services, which may set the following cookies:

  • Analytics Cookies: Session tracking and visitor identification
  • Purpose: Page view tracking, performance monitoring, and popular content identification
  • Retention: Typically session-based or short-term (managed by our analytics provider)

4.3 Local Storage (Essential Functionality)

We use browser local storage for essential website functionality such as storing your cookie preferences and remembering dismissed notifications to avoid showing them repeatedly.

4.4 Managing Cookies

You can manage your cookie preferences by:

  • Clicking "Essential Only" in our cookie banner to disable analytics
  • Clearing your browser's cookies and localStorage
  • Adjusting your browser settings to block or delete cookies

Note: Disabling cookies may affect website functionality and user experience.

5. Third-Party Services

We use trusted third-party service providers to operate our website and deliver our services. These providers are carefully selected for their security standards and privacy practices.

Cloud Database Services

  • Purpose: Secure storage and management of all form submissions (waitlist, contact, newsletter, template requests)
  • Data Stored: Email addresses, names, messages, IP addresses, timestamps
  • Security: Industry-standard encryption in transit and at rest, access controls, and regular security audits

Web Analytics Services

  • Purpose: Website analytics, performance monitoring, and understanding how visitors interact with our content
  • Data Collected: Page views, visitor counts, performance metrics, approximate geographic data
  • Consent Required: Yes (only loads when you accept all cookies)
  • Privacy: Privacy-focused analytics that minimize personal data collection

Security & Rate Limiting Services

  • Purpose: Protect our website from abuse, spam, and malicious activity through rate limiting and request throttling
  • Data Processed: IP addresses (hashed for privacy), request timestamps, rate limit counters
  • Retention: Temporary storage only for rate limiting purposes, then automatically deleted

Third-Party Compliance: All our service providers are contractually required to comply with applicable data protection laws (including GDPR and CCPA) and maintain appropriate security measures. They are prohibited from using your data for their own purposes.

6. Data Security

We implement industry-standard security measures to protect your personal information:

  • Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest by our database provider
  • Input Validation and Sanitization: All form inputs are validated and sanitized to prevent malicious content and ensure data integrity
  • Rate Limiting: We implement rate limiting on all forms to prevent abuse and spam, with limits that vary based on the sensitivity and purpose of each form
  • Access Controls: Database access is restricted through secure authentication and authorization controls
  • Bot Protection: Automated systems to detect and prevent malicious bot activity

Important: While we implement robust security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using industry best practices.

7. Data Retention

We retain your personal information for the following periods:

  • Waitlist Emails: Retained until PennyTrail launches, then indefinitely unless you request deletion
  • Newsletter Subscriptions: Retained indefinitely until you unsubscribe or request deletion
  • Contact Form Submissions: Retained for customer support purposes, typically indefinitely unless you request deletion
  • Template Requests: Retained indefinitely unless you request deletion
  • IP Addresses (Rate Limiting): Temporarily stored in our rate limiting system for rate limiting purposes, then automatically deleted
  • Analytics Data: Retained according to our analytics provider's retention policies
  • Cookie Consent Preferences: Stored locally in your browser until you clear browser data

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

GDPR Rights (EU/EEA Residents)

  • Right to Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a structured, commonly used format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for newsletter, analytics, or template emails at any time

CCPA Rights (California Residents)

  • Right to Know: Request information about data collected, used, and shared
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of the "sale" of personal information (Note: We do not sell your data)
  • Right to Non-Discrimination: Equal service and pricing regardless of exercising privacy rights

How to Exercise Your Rights

To exercise any of these rights, please contact us through our contact form with the subject line "Privacy Rights Request". Please include:

  • Your full name and email address
  • Specific right you wish to exercise
  • Details to help us locate your information

We will respond to your request within 30 days. We may need to verify your identity before processing your request.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from your jurisdiction.

We and our third-party service providers may store and process your data in multiple geographic regions, including but not limited to the United States and the European Economic Area. This allows us to provide reliable, fast, and secure services.

When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequate data protection frameworks recognized by applicable authorities
  • Service provider compliance with GDPR, CCPA, and other data protection regulations
  • Contractual obligations requiring appropriate technical and organizational security measures

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information from our systems.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

  • The "Last updated" date at the top of this policy will be revised
  • For material changes, we will notify you by email (if you're on our mailing list) or by placing a prominent notice on our website
  • Your continued use of our services after changes take effect constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to all requests within 30 days.

Go to Contact Form

Your Privacy Matters

At PennyTrail, we are committed to transparency and protecting your personal information. This privacy policy is designed to help you understand our data practices and your rights. We will never sell your personal information to third parties.