Security & Data Protection

Your financial data deserves the highest level of protection. At Penny, security and privacy are built into the core of our platform. We use modern security standards, trusted financial data infrastructure, and strict internal safeguards to ensure your information stays protected. Penny is designed to give you clarity over your finances without ever compromising the safety of your data.

Bank-Level Security

Penny uses modern security practices designed to protect sensitive financial information. Data transmitted between your device and our systems is encrypted using industry-standard encryption protocols, ensuring that information cannot be intercepted or read by unauthorised parties.

Sensitive data stored within Penny’s infrastructure is also encrypted and protected through strict access controls. Only authorised systems and personnel with a legitimate operational need are permitted access to restricted information.

We regularly review our security practices and infrastructure to ensure they meet modern security expectations for financial technology platforms.

Secure Bank Connections (Open Banking)

When you connect your bank account to Penny, the connection is made using Open Banking technology, a secure industry standard designed specifically for financial data access.

Open Banking allows you to give Penny secure, read-only access to your financial information without sharing your banking login credentials.

This means:

• Penny cannot see or store your banking password
• Penny cannot move money or make payments
• Penny cannot change your bank account settings

All authentication takes place directly with your bank through secure Open Banking providers that are authorised to access financial data.

You remain in control of your bank connection at all times and can revoke access whenever you choose.

We Never Store Bank Passwords

Penny never asks for or stores your bank login credentials.

When you connect your bank account, you are redirected to your bank’s secure authentication system where you approve the connection. Your bank then shares financial data with Penny through encrypted APIs designed specifically for Open Banking.

Because of this architecture, Penny does not have access to your banking password or login information.

Your Data Is Never Sold

Your financial data belongs to you.

Penny does not sell personal financial information to third parties, advertisers, or data brokers. Your data is used solely for the purpose of operating the Penny platform and generating financial insights to help you better understand your money.

Strict Data Access Controls

Access to sensitive data inside Penny is tightly restricted.

Internal access controls ensure that only authorised personnel can access systems required to operate the platform. Access permissions are limited based on operational roles and monitored to reduce the risk of unauthorised access.

We design our systems to minimise the amount of sensitive information accessible to any individual system or service wherever possible.

AI and Data Protection

Penny uses artificial intelligence to analyse financial data and generate insights designed to help users understand their financial behaviour.

When AI systems process information, we implement safeguards to minimise exposure of personal financial data wherever possible. We also ensure that data processed through the Penny platform is used solely to provide and improve Penny’s services.

Your financial information is never used to train unrelated artificial intelligence systems or external commercial data products.

Infrastructure Security

Penny’s infrastructure is hosted on secure cloud platforms that provide enterprise-grade security controls, including network isolation, monitoring systems, and physical data centre protections.

These platforms follow strict international security standards designed to protect sensitive data and ensure platform reliability.

Continuous Monitoring

We continuously monitor our systems for suspicious activity, technical anomalies, and potential security threats. Monitoring tools help us detect unusual patterns and respond quickly to potential issues.

Security is an ongoing process, and we regularly review and improve our practices as technology evolves.

Responsible Data Protection

Penny is committed to handling personal data responsibly and transparently. Our data protection practices are designed to align with applicable privacy laws, including the UK General Data Protection Regulation (UK GDPR).

We collect only the information necessary to provide our services and aim to minimise the use of identifiable personal data wherever possible.

For more details about how we process personal information, please refer to our Privacy Policy.

Your Control

You remain in control of your financial data.

At any time, you can:

• Disconnect your bank account
• Revoke Open Banking permissions through your bank
• Delete your Penny account

If you have questions about data protection or security, you can contact us via WhatsApp on +44 7700 169 285