Penny is an AI assistant you reach inside iMessage, operated by Easy Artificial Intelligence, Inc. (“Penny,” “we,” “us”). This policy explains what we collect, how we use it, and the choices you have. Penny is currently a free private beta.
Information we collect
- Your messages and conversation context. The messages you send Penny, and recent context from the iMessage thread Penny is in, so she can understand and reply.
- Account information. The phone number or iMessage handle you message Penny from, used to identify your conversation.
- Attachments. Photos, PDFs, and voice messages you send. Voice messages may be transcribed to text so Penny can respond.
- Connected-account data (optional). If you connect a Google account, Penny accesses the Gmail and Google Calendar data needed to perform tasks you ask for. See Connected Google accounts below.
How we use your information
We use your information to operate Penny: to understand your requests, generate replies, run the features you ask for (such as image generation, web search, or research), and maintain the context of your conversation across messages. Some requests produce artifacts (for example a generated page or document) that may be hosted at a public chatpenny.ai/p/… or chatpenny.ai/d/… URL.
We do not sell your personal information.
Third-party service providers
To operate Penny we share the data necessary to fulfill your request with the following service providers:
- AI model providers — Anthropic, OpenAI, and Google — process your messages and recent context to generate replies. Voice transcription may use OpenAI Whisper.
- Infrastructure — Neon (database for per-chat state and history), Vercel (web hosting), and Fly (compute) host and run the service.
Connected Google accounts
Connecting a Google account is optional and done through Google OAuth. If you connect one, we request access to your Gmail (gmail.readonly, gmail.send) and Google Calendar (calendar.readonly, calendar.events) so Penny can read and search your inbox and calendar, and — at your request — send email or create events.
- We store your Google refresh token encrypted at rest (AES-256-GCM) on our servers. For each task, the agent receives only a short-lived access token.
- The agent runs in an isolated sandbox that is torn down after the task.
- Anything that sends or changes data — sending an email, creating a calendar event — requires your explicit approval first (you reply “yes”).
Penny’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Security
We store connected-account OAuth tokens encrypted at rest (AES-256-GCM) and apply access controls to our systems. No method of storage or transmission is completely secure, so we cannot guarantee absolute security.
Data retention
We retain your information for as long as needed to provide the service — for example, to keep the context of your conversation so Penny can remember what you’ve discussed. You can ask us to delete your data (see Your choices).
Your choices
- Disconnect a connected account at any time; you can also revoke Penny’s access from your Google Account security settings.
- Stop using Penny at any time.
- Request deletion of your data by contacting us at privacy@chatpenny.ai.
Children
Penny is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has used Penny, contact us and we will address it.
Changes to this policy
We may update this policy from time to time. When we do, we’ll revise the effective date above.
Contact
Questions about privacy? Email privacy@chatpenny.ai.