Sign Up

Last updated: 19 May 2025
Effective date: Effective immediately

Table of Contents

1. Who We Are 

We are Penningmeester.ai B.V., a budgeting and financial information platform dedicated to helping you control spending and gain insights into your finances. Our app provides tailored financial information based on your income, lifestyle, and family circumstances.

  • Company name: Penningmeester.ai B.V.
  • Chamber of Commerce (CoC): 96218886
  • Registered address: Professor van der Waalsstraat 322014 EG Haarlem
  • Email address for privacy-related questions: privacy@penningmeester.ai

We operate exclusively on a subscription model and do not rely on advertising revenue or fees from referrals.

2. What Data We Collect.

We collect different types of data to effectively deliver our services:

User Information

  • Account Information: Email address, username and password.
  • Purpose: Account creation, login management and customer support.

Financial data

  • Transaction data: Income, expenses, recipients and amounts (if you choose to enter manually or link a bank).
  • Bank data: Only if you want to integrate your bank in the future (e.g., via an aggregator).
  • Purpose: To create budgets, offer AI-driven insights and provide personalized financial statements.

AI-generated insights

  • Based on your financial information and optional data, we provide suggestions or advice tailored to your situation. To do this, we may use large language models (LLMs) provided by trusted third-party AI providers such as OpenAI or Google (Gemini). These providers may process anonymized or pseudonymized data under strict contractual and security obligations.

Optional data (provided by user)

  • Family data: Ages, birthdays, household size.
  • Insurance Information: Coverage, premiums and providers.
  • Property details: whether you rent or own, type of property, mortgage amount and so on.
  • Purpose: Further personalization of financial advice. You provide this data only if you wish.

Location details

  • We collect approximate or accurate location only if you give explicit permission to do so-for example, to provide spending advice relevant to your location.
  • You can disable location access at any time in your device’s settings.

Usage & technical data

  • We may collect data about how you navigate our platform-log files, browser type, device info and so on.
    Purpose: To improve our services, detect errors and gain insight into user behavior.

3. How We Use Your Data.

We use your information as follows:

Services            

  • Provides budgeting tools, tracks expenses and provides AI-driven insights.
  • Manages and secures your account (login, password management).

Personalized financial advice

  • Matches recommendations to your lifestyle, financial situation and optional family information you provide.

Customer support & communication

  • Answer questions, resolve issues, send essential service updates (such as password recovery) and transactional emails.

Analysis & platform improvements

  • Analyze anonymized usage data to understand the popularity of features, discover potential problems and refine the user experience.
  • Use of legitimate interest (see ⦁ Legal Bases) to track site and app performance

Marketing (opt-in only)

  • With your permission, sen occasional newsletters or promotions. You can unsubscribe at any time.

Compliance & enforcement

  • Comply with legal obligations, respond to court requests and protect our rights or the rights of others.

4. Legal Basis for Processing (GDPR)

Pursuant to the General Data Protection Regulation (AVG), we base our data processing on:

Necessary for the performance of a contract

  • To create user accounts and process financial data essential for budgeting functionality.
  • Example: Storing your financial records so we can show budgets and insights.

Permission

  • For AI-based financial advice (especially for more detailed data processing, which may include processing by third-party AI providers such as OpenAI or Google Gemini).
  • For marketing communications.
  • For location tracking (if you enable it).
  • For optional data such as family data.

Legitimate interests

  • Maintaining and improving our platform (analysis, service reliability).
  • Basic communication about service updates or improvements.

We process your data only if we have a valid legal basis. If you withdraw your consent (e.g. unsubscribe from marketing or disable AI features), we will stop processing this data for that specific purpose.

5. Retention period

  • Active accounts: We retain your personal data for as long as your account is active.
  • Deleting Account: If you choose to delete your account, all personal and financial information will be deleted or anonymized.
  • Financial transactions: By default, we retain transaction information for up to 5 years to comply with administrative and legal obligations, unless you request immediate deletion by closing your account.
  • Backups & Legal Obligations: We may retain limited data (such as your email address) for a short period of time to confirm deletion or comply with legal requirements.

6. Who We Share Your Data With.

Service providers (processors)

We use external service providers for such things as:

  • Payments: (e.g., Stripe) – to process subscription fees without storing payment information itself.
  • Email & notifications: (e.g. Mailgun) – to send account confirmations, updates and marketing emails (if you have opted in).
  • Analysis: (e.g. Google Analytics, Amplitude) – to understand usage patterns in the least intrusive way possible (we anonymize or pseudonymize where possible).

These providers only have access to the data needed to perform their duties, and are contractually obligated to protect it according to EU standard clauses.

Future bank integrations

If/when we integrate with an aggregator (e.g., Tink, Plaid or SaltEdge), we will seek your consent before sharing your banking or transaction information with them. At this time, we do not offer such integrations.

No sale of personal data

We never sell or rent personal or financial information to third parties.

We never share personally identifiable data with AI providers for training or resale purposes.

Targeted ads

We do not share your personal or financial information with third parties for advertising purposes.

We may use Google Ads and Meta (Facebook) Pixel with minimal, non-identifiable data to measure the effectiveness of ad campaigns and reach potential new users.

These tools may track actions on our site (e.g., sign-ups or visits) but do not give Meta or Google access to raw financial data or personal identifiers.

You can opt out of these types of tracking via the cookie banner or browser settings.

Legal compliance

We may disclose data if required by law or to protect users, our systems or to comply with legal process.

7. Cookies & Tracking

We use essential cookies to provide core site functionality (such as remembering your login session). In addition, we may use analytics cookies (e.g., through Google Analytics) to see how users use our website.

  • Cookie banner: On your first visit, you can specify which cookies you want to allow or disallow (excluding cookies necessary for the service).
  • No advanced tracking: We do not use pixel tags, beacons or session play tools.
  • Unsubscribe: You can manage your cookie preferences through your browser settings or the cookie banner. Please note that disabling cookies may affect functionality.
  • Meta Pixel: If you accept marketing cookies, we may use the Facebook (Meta) Pixel to understand the effectiveness of Facebook or Instagram ad campaigns. This allows us to track actions such as visits or sign-ups, without sharing sensitive financial or personal data. You can opt out at any time via your cookie preferences.
  • Amplitude: We use Amplitude for in-app and website analytics to understand how users interact with our product features. This helps us improve usability and performance. No financial or identifying data is shared. You can control this via your cookie settings.
  • AI processing (e.g., OpenAI, Google Gemini) – When you opt in to AI-driven insights, we may share anonymized or pseudonymized inputs with third-party AI providers such as OpenAI (ChatGPT) or Google Gemini to generate personalized suggestions. These providers are contractually obligated to process data only on our behalf, with no right to reuse or retain the data beyond the session. We do not send raw financial transactions or personal identifiers to these models.

8. Security measures

We take the security of your data very seriously and take the following measures, among others:

  • Encrypted data storage: We use reputable EU data centers (Google Cloud with CyberPanel) that provide encryption of data at rest and during transmission (HTTPS/TLS).
  • Access Management & 2FA: Restrict internal access to systems and activate two-factor authentication for administrator accounts.
  • Regular audits: We monitor our systems for vulnerabilities and adjust security measures as needed.

While no service is 100% secure, we take every reasonable measure to protect your data.

9. Privacy of Children

Our services are not intended for persons under the age of 16. We do not knowingly collect personal information from children under 16. If we discover that we have unintentionally collected data from a young person under 16, we will delete that data immediately. If you suspect that a child under 16 is using our services, please contact us at privacy@penningmeester.ai.

10. International Users

  • EU hosting: Our servers and data storage are located within the European Union.
  • No transfer outside the EU: Currently, we do not send personal data to the U.S. or other countries outside the EU. If this changes, we will take GDPR-compliant measures (e.g. standard contractual clauses) and notify you accordingly.
  • US or other jurisdictions: If you live outside the EU, please note that your data is processed under European data protection laws. We also offer a brief for California or U.S. residents who wish to exercise their rights, although we are not actively targeting the U.S. market at this time.

11. Your Rights

Under GDPR and other applicable laws, you have the right to:

  • Inspection: Requesting a copy of your personal data.
  • Correction: To have incorrect or incomplete data corrected.
  • Deletion: delete your data (the “right to be forgotten”), subject to legal obligations.
  • Restriction: limit certain processing of your data.
  • Object: Object to processing based on legitimate interests or for direct marketing.
  • Transferability: Obtain your data in a common, machine-readable format.
  • Withdrawal of Consent: Where we rely on consent (e.g., marketing or optional data), you may withdraw that consent at any time.
  • Response Time: We aim to respond to privacy-related requests within 48 hours. If a request is complex, it may take longer, but we will keep you informed.
  • How to exercise your right: Contact us at privacy@penningmeester.ai. If you still have concerns, you can file a complaint with the Dutch Personal Data Authority.

12. Changes to this Policy

We may update this policy from time to time to reflect changes in our practices or legislation. We will inform you (e.g. via email) as soon as any substantial changes occur. The “Last Updated” date at the top of this document indicates when the policy was last revised.

13. Contact

If you have any questions or comments about this privacy policy or our data processing practices, please email us at:
privacy@penningmeester.ai
Or write to us at the address below:
Penningmeester.ai B.V.
Professor van der Waalsstraat 32
2014 EG Haarlem
Netherlands

This privacy policy is designed to meet the requirements of the European General Data Protection Regulation (GDPR). If you live outside the EU, please note that local laws may give you additional rights or impose different requirements.

Follow on us
Instagram
© 2025 Penningmeester