← Back to PennyFetch

Privacy Policy

Last updated: 28 February 2026

1. Who We Are

PennyFetch ("we", "us", "our") provides automated invoice reminder services. This policy explains how we collect, use, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

We collect the following data:

  • Account data: Your name, email address, and authentication details (via Google, Microsoft, Apple, or email sign-in).
  • Business data: Company name, sender email, bank details (sort code, account number, IBAN) that you provide during onboarding.
  • Client data: Names and email addresses of your clients that you add to the platform.
  • Invoice data: Invoice references, amounts, and due dates.
  • Email tracking data: Delivery status, open and click events for emails sent through our Service.
  • Payment data: Billing is processed by Stripe. We do not store your card details.

3. How We Use Your Data

  • To provide the Service: sending invoice reminders, generating PDFs, tracking delivery.
  • To manage your account and process payments via Stripe.
  • To send transactional emails (account verification, payment confirmations).
  • To improve the Service and fix technical issues.

4. Legal Basis

We process your data under the following legal bases: Contract (to provide the Service you signed up for), Legitimate interest (to improve our Service and prevent abuse), and Consent (for optional communications).

5. Data Sharing

We share data only with service providers necessary to operate PennyFetch:

  • Resend — email delivery
  • Stripe — payment processing
  • Vercel — hosting
  • Neon — database hosting

We do not sell your data to third parties.

6. Data Retention

We retain your data for as long as your account is active. If you close your account, we delete your data within 30 days. Email delivery logs are retained for 90 days for troubleshooting.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access — request a copy of your data.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your data.
  • Portability — receive your data in a portable format.
  • Object — object to processing based on legitimate interest.

To exercise these rights, email support@pennyfetch.co.uk.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies.

9. Security

We use industry-standard security measures including encrypted connections (HTTPS), secure authentication, and encrypted database connections. Bank details are stored securely and are only used for inclusion in invoices and reminder emails.

10. Changes

We may update this policy from time to time. We will notify you of material changes via email.

11. Contact

For privacy-related queries, email support@pennyfetch.co.uk.