Privacy Policy

This Policy explains what data we collect at Penso, how we use it, who we share it with, and what rights you have over it.

Last updated: May 20, 2026

1. Who we are

Penso is a personal finance application operated by Cien Aventuras LLC (“Penso”, “we”). By creating an account and using Penso, you accept the practices described in this Privacy Policy. If you do not agree with it, please do not use the service.

2. Information we collect

We collect the following information:

  • Account data: name, email address, and password (stored in encrypted form). If you sign up with Google, we receive your name, email, and profile photo from Google.
  • Financial information you enter or import: accounts, transactions, debts, budgets, investments, savings goals, subscriptions, installments, transfers, categories, and tags.
  • Bank statements: the files you upload to import your transactions.
  • Bank connections: when you connect a bank account, we obtain information about your accounts and transactions through our bank connection providers (see section 4).
  • Shared space data: if you share your space with other people, their participation and role are associated with your account.
  • Technical data: usage logs, device type, and IP address, which we use to operate the service, prevent abuse, and maintain security.

3. How we use your information

We use your information to:

  • Provide the service: display, organize, and analyze your finances.
  • Automatically import and categorize your transactions.
  • Send you emails related to your account (verification, password recovery, and service notifications).
  • Maintain security and prevent fraud and abuse.
  • Comply with legal obligations.

We do not sell your personal data or use it for third-party advertising.

4. Connecting to your bank

To show you your transactions automatically, Penso can connect to your bank accounts in two ways:

  • Through Plaid: we use Plaid Inc. to securely connect with your financial institution. You authenticate directly with your bank within the Plaid flow; Penso does not receive or store your bank login credentials for accounts connected through Plaid. Plaid provides us with access tokens, which we store encrypted, along with information about your accounts and transactions. Plaid's processing of your data is governed by Plaid's privacy policy.
  • Through a direct connection: for some banks, your transactions may be retrieved by connecting to your online banking. In those cases, your credentials are used solely to establish the connection and retrieve your transactions.

5. Use of artificial intelligence

Penso uses artificial intelligence services from Anthropic (Claude) to process the bank statements you upload and to help categorize your transactions. For this purpose, the content of your statements and the descriptions of your transactions may be sent to Anthropic for processing. This data is used solely to provide you with the service and not to train third-party models.

6. Who we share your information with

We do not sell your personal information. We share it only with providers who help us operate Penso, to the extent necessary to provide you with the service:

  • Plaid Inc. — connection with your bank accounts.
  • Google — authentication when you choose to sign in with Google.
  • Anthropic — artificial intelligence processing of bank statements and categorization.
  • Resend — delivery of transactional emails.
  • DigitalOcean — server and database infrastructure.
  • Telegram — only if you choose to connect the Penso Telegram bot.

We may also disclose information when required by law or to protect our rights and the safety of our users.

7. How we protect your information

We apply security measures to protect your data, including encryption in transit (HTTPS/TLS), role-based access control, isolation of each user's data, and multi-factor authentication in our administrative systems. We maintain a documented Information Security Policy. No system is completely secure, but we work to protect your information in a reasonable manner.

8. Data retention and deletion

We retain your personal and financial data while your account is active. You may request the deletion of your account and associated data at any time by writing to us at [email protected]; we will address your request within 30 days. Some data may remain in encrypted backups for a limited period before being permanently deleted. We retain certain information for longer when required by law.

9. Your rights

In accordance with Chile's Law No. 19,628 on the Protection of Privacy, you have the right to access your personal data, rectify it, request its deletion, and object to its processing. To exercise these rights, write to us at [email protected]. We will respond within the timeframes established by law.

10. Cookies and local storage

Penso uses strictly necessary cookies to keep your session signed in and for the operation of the service. To work offline, Penso stores data locally on your device. We do not use advertising or third-party tracking cookies.

11. Minors

Penso is intended for people over 18 years of age. We do not intentionally collect data from minors. If you believe a minor has provided us with data, contact us so we can delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will publish the current version on this page and indicate the date it was last updated. We will communicate significant changes through the service or by email.

13. Contact

Penso is operated by Cien Aventuras LLC. If you have questions about this Privacy Policy or about the processing of your data, write to us at [email protected].