Private by design, not by policy.

When you create your Pennyweight account, you choose a passphrase. That passphrase generates an encryption key entirely in your browser. It never reaches our servers. Your sensitive financial data is encrypted with that key before it's stored. We never see the key. We never see your data in readable form. If you forget your passphrase, your data is gone, and that's the point.

Every entity you create in Pennyweight inherits the same encryption. Your freelance books and your personal spending are both encrypted with your key, stored separately, and invisible to us. Entity separation is enforced at the data layer, not just the UI.

Pennyweight uses Plaid to securely read transactions and balances from the accounts you choose to connect. We never see or store your bank login credentials. Plaid handles that connection directly with your bank. Plaid is the same infrastructure used by Venmo, Robinhood, and thousands of financial apps. We request read-only access only. Pennyweight cannot move money, make payments, or modify your accounts in any way.

If our database were fully exposed today, here is what would actually be readable.

Every AI query against your data is logged. Every categorization change is tracked: who, when, why. Human-review checkpoints exist before any irreversible operation touches your books. Your ledger maintains a complete history that you can review at any time.

Your encryption works the same whether you use Pennyweight through Claude, ChatGPT, or the web dashboard. Your keys travel with you. Your data isn't locked to one platform, and the security model doesn't change based on where you access it.