Privacy Policy

When you use Penpal.work, we collect:

• Account information — your email address, display name, and email signature.
• Quote emails — the emails you BCC to your Penpal.work address, including subject, body, sender, recipients, and attachments (typically PDF quotes).
• Extracted data — customer names, project names, quote numbers, totals, dates, and contact information parsed from your emails and PDFs by our AI.
• Usage data — pages visited, features used, and performance metrics (via Vercel Analytics).
• Billing data — payment information is collected and processed by Stripe. We store your Stripe customer ID but never your card number.

We use your data to:

• Build and display your sales pipeline dashboard.
• Extract structured data from quote emails and PDFs using AI.
• Generate follow-up email drafts for your review and approval.
• Produce reports (win-loss, commission forecast, customer scorecards).
• Send you transactional emails (login codes, digests, notifications).
• Process your subscription payments.
• Improve the Service (aggregated, anonymized usage patterns only).

We use Anthropic Claude to process your quote emails and PDFs. Your data is sent to Anthropic's API for real-time processing and is not retained by Anthropic beyond the duration of each request. We do not use your data to train, fine-tune, or improve any AI models. Anthropic's data usage policy prohibits training on API inputs.

We use the following third-party services to operate Penpal.work:

• Supabase — database hosting and file storage. Your data is stored encrypted at rest in Supabase's infrastructure.
• SendGrid (Twilio) — inbound email processing and outbound transactional email delivery.
• Anthropic — AI-powered data extraction and follow-up draft generation.
• Stripe — subscription billing and payment processing.
• Vercel — application hosting and analytics.

Each provider processes data only as necessary to deliver their service. We do not sell, rent, or share your personal data with third parties for marketing purposes.

Your data is strictly isolated from other users. Every database query is scoped to your authenticated account using row-level security policies. No user can view, modify, or export another user's data. Administrative access is limited to Penpal.work LLC staff for support and maintenance purposes only.

We use essential cookies only — specifically, an authentication session cookie managed by Supabase. We do not use advertising cookies, tracking pixels, or third-party marketing cookies. Vercel Analytics collects anonymized usage data without cookies.

• Active account — your data is retained as long as your account is active.
• Cancelled subscription — your data is retained for 30 days after cancellation, then permanently deleted.
• Account deletion — all data is queued for permanent deletion within 30 days.
• Audit logs — system logs may be retained for up to 90 days for security and debugging purposes.

You have the right to:

• Access — view all data associated with your account in the dashboard.
• Export — download all your quotes, customers, and original PDFs at any time.
• Delete — permanently delete your account and all associated data.
• Correct — edit any extracted data directly in the dashboard.
• Withdraw — stop using the Service at any time by cancelling your subscription.

To exercise these rights, use the built-in tools in Settings or email info@penpal.work.

We implement industry-standard security measures including: encrypted data at rest and in transit (TLS), row-level security policies, secure authentication via one-time codes (no passwords stored), and strict access controls. We do not require or access your work email inbox.

Penpal.work is not directed at individuals under the age of 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us and we will promptly delete it.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice in the dashboard. Continued use of the Service after changes constitutes acceptance of the updated policy.

Questions about your privacy? Email us at info@penpal.work.