Last updated: June 6, 2026

Overview

This Privacy Policy explains how PennyOne ('PennyOne,' 'we,' 'us,' or 'our') collects, uses, discloses, and protects information when you visit pennyone.app, create an account, connect work tools, or use PennyOne's approval-gated AI workflows for communication and scheduling.

PennyOne helps users review and act on follow-ups, unanswered messages, scheduling issues, buried commitments, document workflows, and related relationship-driven work across connected tools. PennyOne is designed to prepare suggested actions for user review; write actions should run only after user approval.

If you use PennyOne on behalf of an organization or workspace, that organization or workspace may control some account settings, integrations, retention periods, and access to workspace information.

Information We Collect

Account information: name, email address, profile details, authentication records, account preferences, onboarding answers, team or organization information you provide, and settings for notifications, appearance, memory, and connected services.

Connected workspace data: information you authorize PennyOne to access from third-party services such as Gmail, Google Calendar, Google Meet through Calendar conference data, Google Docs, Google Drive metadata, Zoom, Slack, Linear, Notion, and other integrations you connect or configure.

Communication and workflow content: messages, threads, headers, recipients, snippets, bodies, attachments, drafts, calendar events, availability information, meeting details, document names, document content, Drive file metadata, approved actions, rejected actions, user instructions, preferences, saved memories, action history, and audit-style records needed to operate PennyOne.

Usage and device information: pages viewed, product interactions, feature usage, approximate location derived from IP address, browser and device information, identifiers, logs, error reports, performance data, cookie data, and security telemetry.

Billing and commercial information: plan selection, subscription status, invoices, payment events, Stripe customer identifiers, and related billing metadata. Payment card numbers and similar payment credentials are handled by Stripe, not stored directly by PennyOne.

Support and feedback information: messages you send to support, bug reports, survey responses, call or demo requests, and other communications with PennyOne.

Google Workspace and Limited Use

When you connect Google Workspace, PennyOne requests only the scopes needed for current product behavior, such as profile and email identity, Gmail read and compose workflows, Calendar events and free/busy workflows, Google Docs workflows, Drive metadata, and Drive file access for files used by the app.

PennyOne uses Gmail data to inspect relevant messages and threads, identify actionable follow-ups, resolve likely recipients from message history, prepare user-reviewed replies, and manage user-approved drafts. PennyOne does not request full mailbox control, Gmail settings, forwarding, Contacts, Directory, or Meet media scopes for current behavior.

PennyOne uses Calendar data to read event context, check availability, detect conflicts, create or update events, reschedule events, delete approved events, and create Google Meet links through Calendar conference data. PennyOne does not capture, process, store, or analyze Google Meet audio or video.

PennyOne uses Google Docs and Drive metadata to search for relevant documents, read document content, create or edit documents, apply formatting, delete approved documents, show file names and links, and insert Drive links in approved drafts.

PennyOne's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not sell Google user data, use it for advertising, or use it to train generalized AI models.

How We Use Information

To provide, operate, maintain, secure, and improve PennyOne and its website, applications, integrations, AI workflows, and support channels.

To authenticate users, maintain sessions, connect authorized integrations, sync relevant workspace context, detect important work, generate suggested replies or actions, and execute user-approved write actions.

To personalize PennyOne, including preferences, saved memories, communication style, relevant context, triage behavior, action recommendations, and product settings.

To process subscriptions, enforce plan limits, provide invoices, manage account billing, respond to payment events, and prevent abuse or unauthorized use.

To troubleshoot, debug, measure reliability, analyze product usage, improve features, run internal evaluations and safety checks, and understand whether PennyOne is working as intended.

To communicate with you about your account, support requests, security notices, product updates, billing notices, policy updates, and other service-related messages.

To comply with law, enforce our Terms of Service, protect users and third parties, investigate abuse, and defend PennyOne's rights, safety, and property.

AI Processing

PennyOne may send user content, connected workspace data, prompts, tool results, attachments, and relevant context to AI model providers, infrastructure providers, and other subprocessors when needed to provide the service you request.

We use AI processing to classify work, summarize context, prepare suggested actions, draft replies, read supported attachments, update documents, coordinate scheduling, and generate other outputs shown to you for review.

AI outputs may be incomplete, inaccurate, or inappropriate for a particular situation. You are responsible for reviewing suggested actions before approving, sending, scheduling, editing, or relying on them.

PennyOne does not use your connected Google user data to build advertising profiles or train generalized AI models. Where service providers process content, they do so to provide PennyOne's requested features, security, compliance, debugging, and support.

How We Disclose Information

Service providers and subprocessors: we may disclose information to vendors that provide hosting, databases, authentication, analytics, observability, AI model processing, customer support, email delivery, payment processing, security, and related operational services.

Third-party integrations at your direction: when you connect or approve an action involving a third-party service, PennyOne may read from or write to that service as authorized by you and permitted by the integration.

Organization accounts: if your account is provided by an employer, client, team, or workspace, information may be visible to authorized administrators or other users according to that account's settings and permissions.

Legal and safety: we may disclose information if we believe it is required by law, subpoena, court order, legal process, or government request, or if disclosure is needed to protect rights, safety, security, users, PennyOne, or others.

Business transfers: if PennyOne is involved in a merger, acquisition, financing, restructuring, bankruptcy, or sale of assets, information may be disclosed or transferred as part of that transaction, subject to appropriate safeguards.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising as those terms are commonly used in U.S. state privacy laws.

Cookies and Analytics

PennyOne uses cookies, local storage, and similar technologies to keep you signed in, remember preferences, secure the service, understand product usage, measure performance, and improve the website and application.

Some technologies are necessary for authentication, security, and core product functionality. Others help us understand how the service is used and where the product needs improvement.

You can control cookies through your browser settings. Blocking cookies may prevent some parts of PennyOne from working correctly.

Retention and Deletion

We retain personal information and connected workspace data for as long as reasonably necessary to provide PennyOne, maintain your account, comply with legal obligations, resolve disputes, enforce agreements, prevent abuse, and operate secure backups and logs.

Action history, log-style records, saved memories, and plan-related records may be retained according to your plan settings, product settings, legal obligations, and operational needs.

You may disconnect integrations, delete certain saved content, or delete your account through settings. Account deletion removes account access and schedules personal account data for deletion within 30 days, except for limited records we need to retain for legal obligations, security, fraud prevention, billing, disputes, backups, or other lawful purposes.

Disconnecting an integration stops future access to that service but may not automatically remove records already needed for audit history, support, security, billing, backups, or legal compliance.

We may retain de-identified, aggregated, or anonymized information that no longer identifies you, and we may use it for analytics, research, security, and product improvement.

Security

We use administrative, technical, and organizational safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction.

These safeguards may include access controls, encryption in transit, provider security controls, logging, monitoring, secret-management practices, and internal procedures limiting access to information based on business need.

No method of transmission or storage is completely secure. You are responsible for keeping your account credentials secure, using appropriate workspace permissions, and promptly telling us about suspected unauthorized access.

Your Choices and Privacy Rights

You can access, update, export, or delete certain account information through PennyOne settings or by contacting support@pennyone.app.

Depending on where you live, you may have rights to request access, correction, deletion, portability, restriction, objection, withdrawal of consent, or information about how we process your personal information.

California residents may have rights under the CCPA/CPRA, including the right to know, delete, correct, access, and opt out of sale or sharing of personal information. PennyOne does not sell personal information or share it for cross-context behavioral advertising.

EEA, UK, and similar-region users may have rights under applicable data protection laws, including access, rectification, erasure, restriction, portability, objection, and the right to lodge a complaint with a supervisory authority.

To exercise privacy rights, email support@pennyone.app with enough information for us to understand and verify your request. We may need to verify your identity or authority before completing the request, and some requests may be limited by law, security, fraud prevention, or another person's rights.

International Transfers

PennyOne, service providers, and subprocessors may process and store information in different locations as needed to provide, secure, support, and improve the service.

Where required, we use appropriate safeguards for transfers and processing across regions.

Children's Privacy

PennyOne is not directed to children under 18, and we do not knowingly collect personal information from children under 18.

If you believe a child has provided personal information to PennyOne, contact support@pennyone.app so we can take appropriate steps.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, practices, legal requirements, or integrations.

When we make material changes, we will update the date above and provide notice when required by law or when the change materially affects your rights or choices.

Contact Us

If you have questions about this Privacy Policy, PennyOne's data practices, or your privacy rights, contact support@pennyone.app.