Log in

Legal

Privacy, terms, & security.

How we handle your data, the agreement between us, and the safeguards we keep in place.

Privacy

How we handle your data.

What we collect

Information you provide directly: your name and email when you sign up, and any context you choose to share with the AI companion. We also store the messages you exchange with Penny so you can return to your conversations.

We also collect basic product analytics — pages viewed, features used, and similar interaction events — to understand how pennytalk is used and to improve it. Once you sign in, this activity is associated with your account (by your user id and email). We do not record your screen, and analytics events never include the content of your conversations.

How we use it

We use this information to provide the service, personalize the conversation to you, keep you safe (including detecting crisis signals), and improve the quality and safety of the product over time. We do not sell your data. We do not use your conversations to train AI models. Outside of the service providers listed below, we do not share your messages with anyone.

Service providers we use

  • Supabase — Database, authentication, and storage. SOC 2 Type II compliant infrastructure.
  • Anthropic — Provides the underlying AI model. Conversation content is sent to Anthropic to generate replies. Under our agreement, Anthropic does not retain customer data for training.
  • Vercel — Application hosting and edge infrastructure.
  • PostHog — Product analytics. Receives usage and interaction events (and, once you sign in, your user id and email) so we can understand and improve how the product is used. Session recording is disabled, and event data never includes your conversation content.

Retention & deletion

Your data is retained while your account is active. You can request deletion of your account and conversation history at any time. Deletion is honored within thirty days, subject to limited backups that age out on their own schedule.

Your rights

Depending on where you live, you may have the right to access, correct, delete, or export your personal information, and to object to or restrict certain uses of it. To exercise any of these rights, email privacy@pennytalk.ai.

Terms

The agreement between us.

What pennytalk is

pennytalk is a wellness companion powered by a large language model. It provides supportive, evidence-informed conversation. It is not medical advice, diagnosis, or treatment, and it is not a substitute for professional mental health care.

Your responsibilities

By using the service you agree to provide accurate information when signing up, keep your account credentials confidential, use the service in line with applicable laws, and contact a clinician or emergency services if you experience a mental health crisis.

Limits of the AI

The AI companion may occasionally produce inaccurate or inappropriate responses. We work hard to reduce this — through safety layers, evaluation, and careful prompting — but no AI is infallible. Treat what Penny says as perspective, not prescription.

Not a substitute for care. If you are in crisis or experiencing thoughts of self-harm, contact 988 (Suicide & Crisis Lifeline), text HOME to 741741 (Crisis Text Line), or call 911. pennytalk is not an emergency service.

Acceptable use

You agree not to use the service to harm yourself or others, to attempt to extract or misuse other users' data, to reverse-engineer the service, or to use the service for any unlawful purpose.

Disclaimer & liability

The service is provided “as is” without warranties of any kind, express or implied. To the maximum extent permitted by law, pennytalk and its contributors will not be liable for indirect, incidental, special, consequential, or punitive damages arising from or related to your use of the service.

Changes

We may update these terms as the product evolves. When we make material changes, we'll let you know and update the date at the top of this page.

Security

Safeguards we keep in place.

Encryption

All traffic is encrypted in transit using TLS 1.2 or higher. Conversation data and account information are encrypted at rest in our database, with keys managed by our hosting provider.

Access controls

Database access is restricted by row-level security policies, so each user can only read and write their own data. Production credentials are limited to a small set of authorized engineers and rotated regularly.

Authentication

Accounts are protected by industry-standard email + password authentication with hashed credentials. Sessions use secure, HTTP-only cookies and expire on a regular cadence.

Vendor security

We're selective about who touches your data. Our database, hosting, and AI providers — Supabase, Vercel, and Anthropic — operate in SOC 2-compliant infrastructure and are bound by data protection agreements that match or exceed our own commitments.

Reporting a vulnerability

If you believe you've found a security issue, please email security@pennytalk.ai. We'll acknowledge your report within two business days and keep you updated as we investigate. Please don't publicly disclose issues until we've had a chance to fix them.

Contact

Get in touch.

For privacy questions, email privacy@pennytalk.ai. For security reports, email security@pennytalk.ai. For everything else, email hello@pennytalk.ai.