Privacy Policy
1. Introduction
Penny ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, VS Code extension, and related services (collectively, the "Service").
We are developers building tools for developers. We believe in transparency and minimal data collection. We only collect what we need to make the Service work.
2. Information We Collect
2.1 Information You Provide
When you use Penny, we may collect:
- GitHub Account Information: When you authenticate, we receive your GitHub username, email, and profile information necessary for authentication.
- VS Code Instance Data: Names and identifiers of your connected VS Code instances (you control what you name these).
2.2 Information Collected Automatically
| Data Type | Purpose | Retention |
|---|---|---|
| Connection logs | Service reliability & debugging | 30 days |
| Device identifiers | Session management | Session only |
| Crash reports | Bug fixing | 90 days |
| Usage analytics | Product improvement | Anonymized |
2.3 Information We Do NOT Collect
We want to be clear about what we don't collect:
- Your source code — Code stays between your devices. We're just the relay.
- Copilot conversations — Chat content is routed directly to GitHub/VS Code, not stored by us.
- File contents — We don't read, analyze, or store your files.
- Keystrokes or screenshots — We don't monitor your activity beyond essential service functions.
3. How We Use Your Information
We use the information we collect to:
- Authenticate you and maintain your session
- Connect your mobile device to your VS Code instances
- Route Copilot requests to the appropriate endpoints
- Improve and optimize the Service
- Debug issues and fix bugs
- Send you important service-related communications
4. Data Sharing
We do not sell your personal information. We may share your information only in the following circumstances:
4.1 Service Providers
We use the following third-party services:
- Microsoft Azure: Cloud infrastructure for hosting and data processing
- GitHub: Authentication and Copilot integration
4.2 Legal Requirements
We may disclose your information if required by law, regulation, legal process, or governmental request.
4.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.
5. Data Security
We implement industry-standard security measures to protect your data:
- Encryption in transit: All data is transmitted over TLS/SSL
- Encryption at rest: Sensitive data is encrypted in storage
- JWT tokens: Secure, time-limited authentication tokens
- Regular audits: Periodic security reviews and updates
While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
6. Your Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your personal data
- Portability: Request a copy of your data in a portable format
- Objection: Object to certain processing of your data
To exercise any of these rights, contact us at privacy@penny.dev.
7. Data Retention
We retain your personal information only for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy. When you delete your account, we will delete or anonymize your data within 30 days, except where we are required to retain it for legal purposes.
8. Children's Privacy
The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with applicable law.
10. Third-Party Links
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Significant changes will be communicated through the app or via email.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
- Email:
privacy@penny.dev - GitHub: github.com/penny
TL;DR for developers:
We collect the minimum data needed to connect your phone to your VS Code. Your code never touches our servers. We use industry-standard security. We don't sell your data. If you want out, we'll delete everything.