Privacy Policy
Version 1.0 | Last Updated: 4 January 2025
Who We Are
Orber & Co. Ltd (trading as PennyWise)
Company Number: 13086066
86-90 Paul Street, London, EC2A 4NE
Data Protection: privacy@orber.co
ICO Registration: Pending (company reactivation in progress)
Legal Compliance
We comply with:
- UK GDPR (UK General Data Protection Regulation)
- Data Protection Act 2018
- Privacy and Electronic Communications Regulations
- Payment Services Regulations 2017
1. Information We Collect
Personal Information
- Name, email, phone number, date of birth
- Account PIN (encrypted and hashed)
- Profile preferences and settings
Financial Information (with your consent)
- Bank account balances
- Transaction history
- Account holder details
- Direct debits and standing orders
Usage Information
- Device type and OS version
- App usage patterns
- Error logs and crash reports
- IP address (anonymized after 7 days)
WE DO NOT COLLECT:
Your banking passwords, full card numbers, CVV codes, biometric data (stored locally only), or precise location data.
2. How We Use Your Data
Service Delivery
- Authenticate your identity
- Connect to your bank accounts
- Display balances and transactions
- Categorise transactions automatically
- Generate budgets and insights
- Send service notifications
AI Features
- Generate personalised financial insights via Anthropic's Claude AI
- Analyse spending patterns
- Provide budgeting recommendations
Note: Your personal identifiers are removed before AI processing
Security
- Prevent fraud and unauthorised access
- Monitor for suspicious activity
- Comply with legal obligations
3. Data Sharing
WE DO NOT SELL YOUR DATA - EVER.
We share data only with trusted service providers:
Yapily (Open Banking)
FCA-authorised partner for bank connections
Supabase (Database)
Secure data storage with EU/UK servers
Twilio (SMS)
Phone verification codes
Anthropic (AI)
Anonymized financial insights
Railway (Hosting)
EU/UK cloud infrastructure
All processors have UK GDPR-compliant Data Processing Agreements.
4. Data Security
Bank-level protection:
- TLS 1.3 encryption in transit
- AES-256 encryption at rest
- bcrypt PIN hashing
- Multi-factor authentication for admin access
- Regular penetration testing
- ISO 27001 certified hosting
5. Your GDPR Rights
Right to Access
Request a copy of your data
Timeframe: 1 month | Email: privacy@orber.co
Right to Rectification
Correct inaccurate data
How: Update in app settings or email us
Right to Erasure ("Right to be Forgotten")
Delete your account
How: Settings > Delete Account (immediate)
Note: Some data retained 7 years for legal compliance
Right to Data Portability
Export your data in JSON/CSV
How: Email privacy@orber.co
Right to Object
Object to processing for marketing or analytics
How: Unsubscribe links or privacy@orber.co
Right to Lodge a Complaint
Information Commissioner's Office (ICO)
Website: ico.org.uk/make-a-complaint
Phone: 0303 123 1113
6. Data Retention
- Active account data: Duration of account + 7 years (UK tax law)
- Transaction history: Duration of account + 7 years
- Authentication logs: 2 years
- SMS logs: 90 days
- Crash reports: 90 days
- Anonymized analytics: Indefinitely
After account deletion: Most data deleted within 48 hours, backups within 90 days, financial records retained 7 years then securely destroyed.
7. International Transfers
Your data is primarily processed in the UK/EU. Some services (like Anthropic AI) may process in the USA under Standard Contractual Clauses (SCCs) with UK GDPR safeguards.
8. Children's Privacy
PennyWise is NOT for users under 18. If we discover underage use, we will immediately delete the data and terminate the account.
9. Changes to Policy
Material changes require 30 days email and in-app notice. Non-material changes update the "Last Updated" date. Continued use means acceptance.
10. Contact Us
Data Protection Inquiries: privacy@orber.co
General Support: support@orber.co
Security Issues: security@orber.co
Postal Address:
Orber & Co. Ltd
86-90 Paul Street
London, EC2A 4NE
United Kingdom