Your data stays yours.

TwoPennies is built for couples who value trust. This page explains exactly what we collect, why we process it, how long we keep it, and the rights you can exercise at any time.

Last updated: November 10, 2025 · Effective: November 10, 2025

1. Who we are

In short: A UK sole trader, accountable to you.

Akshay Menon (sole trader) trading as TwoPennies is the data controller for all processing carried out by TwoPennies. We are registered with the UK Information Commissioner's Office (ICO) as a data controller.

ICO Registration Number: C1823274
Contact email: hello@twopennies.app
Support: support@twopennies.app
Where we operate: Based in Leicestershire, United Kingdom (sole trader).

Data protection point of contact: Akshay Menon · hello@twopennies.app

2. Data we collect

In short: Only what’s needed to run the shared dashboard, plus the analytics required to keep it stable.

Authentication & profile data (Supabase Auth)

Email address, full name, avatar, Google OAuth ID, and user ID (UUID).
Last sign-in timestamp plus basic session metadata to keep your account secure.

Partnership data

Invites, partnership status, acceptance/rejection timestamps, and who performed each action.
Invite email address (pending invites only) plus secure invite tokens that expire after 7 days.

Banking & transaction data (TrueLayer)

Provider name, account type, last 4 digits, sort code, balance, and sync timestamps.
Transactions: amount, merchant, description, category, visibility flag, and our internal IDs.
TrueLayer access/refresh tokens encrypted with AES-256-GCM (never your bank credentials).

Planning & insights data

Goals, Budget Canvas strategies, subscriptions, recurring commitments, and income sources.
Weekly Calm Brief drafts, highlights, and delivery status for email receipts.

Billing data (Stripe)

Stripe customer ID, subscription tier (standard), trial period, invoices, and payment status.
Card numbers stay with Stripe—TwoPennies never sees or stores payment details.

Usage & diagnostics data

Page views, performance timings, and anonymised error traces via Sentry and Vercel analytics.
Session replays for crash investigations only (no keystroke logging, no marketing pixels).

`sb-auth-token` (Supabase session, essential, httpOnly).
`_vercel_analytics` (optional, anonymised performance signals).
`sentry-session` (optional, error reproduction).

3. Why we use it (legal basis)

In short: Most processing is contractual, some is consent-based, and diagnostics rely on legitimate interest.

Data set	Legal basis	Purpose
Authentication, profile, partnership data	Contractual necessity (GDPR Article 6(1)(b))	Create and maintain your account and shared partnership.
Bank, transaction, planning data	Contractual necessity + explicit consent	Deliver dashboard clarity, Budget Canvas, goals, and fairness features.
Billing data	Contractual necessity + legal obligation	Process subscriptions via Stripe and satisfy UK tax record rules (7 years).
Usage diagnostics	Legitimate interest (Article 6(1)(f))	Keep the service stable, secure, and performant. Opt out via /settings/privacy.
Emails & notifications	Consent (Article 6(1)(a))	Send invites, Weekly Calm Briefs, and critical account notices.

Consent toggles live inside Settings → Privacy. Revoke consent anytime without impacting past lawful processing.

4. Who we share it with

In short: Six processors, all with GDPR-compliant DPAs and strict scopes.

Supabase

EU West (London)

Database, authentication, Row Level Security

Data: Profiles, partnerships, goals, budgets, transactions, visibility log

View processor privacy notice

TrueLayer

UK (FCA regulated)

Open Banking connections (read-only)

Data: Encrypted access tokens, account metadata, transactions (60-day backfill)

View processor privacy notice

Stripe

EU / UK data centres

Subscriptions and billing

Data: Billing email, invoices, subscription status (card data stored by Stripe only)

View processor privacy notice

Resend

US (EU–US Data Privacy Framework)

Transactional email delivery

Data: Invite emails, Weekly Calm Briefs, lifecycle notifications

View processor privacy notice

Sentry

US (EU–US Data Privacy Framework)

Error tracking & performance monitoring

Data: Stack traces, anonymised session diagnostics, browser metadata

View processor privacy notice

Vercel

Global (EU regions available)

Hosting & edge caching

Data: Server logs, anonymised analytics, CDN cache artefacts

View processor privacy notice

We never sell data to advertisers or brokers. Social networks only receive data when you explicitly use Google OAuth to sign in.

5. How long we keep data

In short: We retain data only while it’s useful for your account or required by law.

Active account, partnership, goal, and transaction data

Retention: Kept until you delete your account or disconnect a bank.

Deletion: Immediate purge via delete-account flow (TP-WEEK2-01).

Bank tokens

Retention: Until you disconnect the bank or delete your account.

Deletion: Revoked instantly through TrueLayer API + database wipe.

Stripe billing records

Retention: 7 years (UK tax law).

Deletion: Archived with identifiers removed once obligations expire.

Error logs (Sentry) & analytics

Retention: 90 days (automatic expiry).

Deletion: Automatic removal by processor.

Email delivery logs (Resend)

Retention: 30 days.

Deletion: Automatic removal by processor.

Backups

Retention: Rolling 30 days.

Deletion: Encrypted backups rotate automatically.

6. Your rights

In short: Every GDPR Chapter III right is respected, with a 30-day response SLA.

Access (Article 15)

Request a copy of every data point we store. Until self-serve export ships, email us and we respond within 30 days.

Rectification (Article 16)

Update your profile inside Settings → Profile, or ask us to correct anything we store incorrectly.

Erasure (Article 17)

Use Settings → Delete account for a 24-hour purge or email us if you simply need a specific dataset removed.

Portability (Article 20)

Request a JSON export of your profiles, partnerships, accounts, goals, budgets, and transactions.

Restrict/Object (Articles 18 & 21)

Opt out of legitimate-interest processing (Sentry telemetry, Vercel analytics) in Settings → Privacy.

Withdraw consent (Article 7(3))

Disconnect banks, unsubscribe from emails, or adjust visibility controls at any time without affecting lawfulness of past processing.

Complain (Article 77)

Escalate concerns to the UK Information Commissioner’s Office if you believe we mishandled your data.

Email requests to hello@twopennies.app with the subject line “Data Request.” Most actions are also self-serve via Settings → Privacy.

7. Security

In short: Encryption everywhere, least-privilege access, and monitored infrastructure.

AES-256-GCM encryption for bank tokens, Stripe secrets, and session cookies.
Row Level Security (Supabase) ensures every request is scoped to the authenticated user.
OAuth scopes kept minimal (Google profile + email only, TrueLayer read-only).
Production database access limited to Akshay Menon; actions audited automatically.
Daily backups, dependency scanning, and Sentry alerting for anomalous behaviour.
Incident response plan (Article 33) ensures we notify you and the ICO within 72 hours.

8. International transfers

In short: Core data stays in the UK/EU; US processors rely on the EU–US Data Privacy Framework and SCCs.

Resend, Sentry, and Vercel are US-based. Each participates in the EU–US Data Privacy Framework or offers Standard Contractual Clauses. You can opt out of non-essential processing inside Settings → Privacy, though it may limit diagnostics.

9. Children

In short: TwoPennies is for adults (18+) only.

If we learn that someone under 18 is using TwoPennies, we will delete the account and all related data immediately. Parents or guardians can email us at hello@twopennies.app to request removal.

10. Changes to this policy

In short: We give 30 days’ notice via email and an in-app banner before material updates.

Updated policies will live at /privacy, with prior versions archived at /privacy/archive. If you disagree with changes, you can delete your account before the new terms take effect.

11. Contact & complaints

In short: Talk to us first; escalate to the ICO if needed.

Email questions or rights requests to hello@twopennies.app. We aim to reply within 2 working days and always within 30 days.

If you’re unhappy with our response, you can lodge a complaint with the UK Information Commissioner’s Office (ICO): ico.org.uk/make-a-complaint · Tel: 0303 123 1113.

Request a PDF copy anytime by emailing hello@twopennies.app. We will also share this policy inside Settings → Privacy for easy reference.

Need something clarified? Reach us at hello@twopennies.app — real people (Akshay & Tan) read every message. You can also review our Terms of Service for contractual commitments.

Loading TwoPennies…