Privacy Policy
Pennypoke is a Telegram bot that parses expense messages and writes them to your Google Sheet. This page explains exactly what data touches our server, what we keep, and what we never see.
The short version. Your expenses live in your Sheet, not on our server. Our server is a stateless Cloudflare Worker with no disk, so it literally can't store your receipts or messages. What we keep: a hashed account ID, a monthly usage counter, and your encrypted Google OAuth token. That's it.
01 What we process
When you send a text message to the bot or upload a receipt photo, our service:
- Parses the text (or sends the image to Anthropic's Claude Vision API) to extract amount, merchant, date, category, items.
- Sends the extracted data to your Google Sheet via the Google Sheets API.
- Frees the memory holding the message or image once the request completes.
We do not store your messages, receipts, or extracted data. The server is a Cloudflare Worker, a stateless compute environment with no disk, no filesystem, no persistent storage. Your input exists in memory for the few seconds it takes to process, then the process ends. This is architecturally enforced, not just a policy promise.
02 What we store
We store the minimum needed to operate the service:
- Account identifier. A hashed version of your Google account ID. We do not store your email or name. We also store creation and last-use timestamps (for the 12-month inactivity auto-delete).
- Browser storage. A single authentication token kept in your browser's localStorage so you stay signed in on the web app. This is strictly necessary for the service (ePrivacy Directive art. 5(3) exemption) and is not shared with anyone.
- Telegram chat ID. Stored if you use the Telegram bot, so we know which chat to reply to.
- Usage count. A number, how many entries you've written this month. Not the entries themselves.
- Subscription status. Whether you're on free, Pro, or Lifetime.
- Google Sheet ID. Which Sheet we should write to.
- Google OAuth token. Encrypted, stored in Cloudflare KV, auto-expires after 30 days of inactivity.
- Default currency. If you set one via
/currency, so you don't have to repeat it.
That's it. No expense data, no receipt images, no financial information.
03 Sub-processors
Your data passes through these services during processing:
| Service | Purpose | What they receive | Policy |
|---|---|---|---|
| Anthropic (Claude Vision) | Receipt photo OCR | Receipt image (transient) | Anthropic policy, API data not used for training |
| Google (Sheets API) | Writing rows to your Sheet | Extracted data | Google policy |
| Telegram | Bot messaging | Your messages to the bot | Telegram policy |
| Stripe | Payments | Card details (we never see these) | Stripe policy |
| Cloudflare | Hosting (Workers, Pages, D1, KV) | Request metadata, hashed account ID | Cloudflare policy |
04 What we do not do
- We do not store receipt images, anywhere, ever.
- We do not log your expense messages or the extracted data.
- We do not sell, share, or use your data for advertising, analytics, or ML training.
- We do not use tracking cookies, analytics pixels, or fingerprinting. The only cookie is your Google login session.
- We do not email marketing unless you explicitly opt in.
05 Your rights
Under GDPR, CCPA, and similar laws you have the right to:
- Access. Request what data we hold about you. Answer, a hashed ID, a number, a subscription tier, a Telegram chat ID, a Sheet ID, and an encrypted OAuth token.
- Deletion. Request deletion of all your data. We remove your D1 row and KV token within 48 hours. Since we don't store expense data, there is nothing else to delete.
- Portability. Your extracted data is already in your Google Sheet. You own it.
- Objection and restriction. Revoke Google OAuth access any time via your Google account permissions page. You may also ask us to stop processing your account while we investigate a complaint.
- Complaint to a supervisory authority. EU and UK users can lodge a complaint with their national data protection authority (list at edpb.europa.eu/members).
To exercise any right, email povkonop@gmail.com.
05a Data controller
The data controller for Pennypoke is Povilas Konopackas, a sole trader based in Lithuania, EU. Contact: povkonop@gmail.com. This is also the address for any GDPR request.
06 Data retention
- Messages and receipt images. Not retained. Freed from memory after processing (seconds).
- Account data. Kept while your account is active. Auto-deleted after 12 months of inactivity.
- OAuth tokens. Auto-expire after 30 days of inactivity.
- Payment data. Held by Stripe under their policy. We hold none of it.
07 Security
All data in transit is encrypted via TLS. Data at rest in D1 and KV is encrypted by Cloudflare. OAuth tokens are additionally encrypted before storage. We follow OWASP guidelines for the web application.
08 Children
This service is not directed at children under 16. We do not knowingly process data from children.
09 Changes
If we change this policy in a way that affects your rights, we will notify you via the email on your Google account or a banner on the site, at least 30 days before the change takes effect.
10 Contact
For privacy questions, email povkonop@gmail.com.