Privacy - Penna.app

Last updated on 05-27-2025

This is the Privacy policy of Penna.app and all the services provided by Penna. Penna is a product of Pegaso sas di Citton Vittorio e C. (reference legal page to complete information at Legal page), a company registered in Italy with a mailing address at via Borgo Treviso, 56, Cittadella – 35013. Penna (“Company,” “we,” or “us”) is committed to protecting the privacy and security of our users, customers, and visitors who access www.penna.app (“the Website”) or our Services. This Privacy Policy outlines how we collect, use, and protect personal information when you use our Website and Services. By accessing or using Penna, you acknowledge that you have read and accepted our privacy practices described below.

If you do not agree with our privacy practices, you should not continue to use the Website or Services. This Privacy Policy is incorporated by reference into our Terms of Service.

Confidentiality and Security of Personal Information

We implement commercially reasonable security measures and follow accepted industry standards to protect personal information that is submitted to our Website and Services, both during transmission and after we receive it. However, no method of transmission over the Internet or electronic storage is 100 % secure. While we strive to protect your personal information, we cannot guarantee its absolute security. It is also your responsibility to keep your password secure.

Personal Information We Collect

When you register an account with Penna, we may collect:

First and last name
Business name
Email address
Company information
Username and password

As you use our Services, we may collect:

Business contacts and proposals you create or manage
Your IP address for security and analytics purposes
Cookies to enhance your experience, recognize you as a returning user, and analyze user behavior on the Website

If you choose to sign in via Google (OAuth):

We request access to your Google profile information (name, email address, profile picture) and any additional Google user data that you explicitly consent to grant (e.g., Google Drive file metadata if you choose to import from Drive).
We use standard OAuth scopes; you will always see exactly which scopes you are approving during the Google consent screen.

You can set your browser to refuse cookies or to notify you when a cookie is sent, but certain features of our Services may not function properly without cookies.

How We Use Your Personal Information

Penna collects and uses your personal information for the following purposes:

To provide and improve our Services, including proposal creation and management
To analyze usage and improve the functionality of our Website
To communicate with you regarding your account, transactions, and Services
For marketing purposes, including promotions and advertising of our Services
To comply with legal and regulatory requirements
To support Google-based features, including:
- Authenticating and authorizing you via Google Sign-In
- Importing or exporting files to/from your Google Drive when you explicitly request it
- Synchronizing your Penna data with Google services under your control

We will only use your personal information for the purposes disclosed at the time of collection or as set out in this Privacy Policy, unless you provide consent for other uses or as required by law.

Google User Data

When you connect Penna to your Google account, you authorize us to access, use, store, and share the following Google user data according to the scopes you grant:

Data Accessed:

Basic profile information (name, email, profile picture)
Google Drive file metadata and content (if you choose to import/export proposals)
Any additional Google user data that you explicitly consent to grant

How We Use Google Data:

Authentication: To verify your identity and provide single-sign-on via Google Sign-In.
Import/Export: To let you import documents from, or save documents to, your Google Drive account.
Storage & Processing: We store the minimal data needed to map your Google identity to your Penna account; file contents you choose to import are stored encrypted under your control.

Data Storage:

We store Google profile information and any imported Google Drive content on our secure servers.
All imported files are encrypted at rest using AES-256.
We retain Google user data only as long as necessary for the purposes described, or until you revoke access.

Data Sharing:

We do not share your Google user data with any third party, except:
- Service providers (e.g., Stripe, hosting providers) who assist us in delivering Services and are bound by confidentiality agreements.
- Integration partners when you explicitly request it (for example, if you choose to share a proposal via a third-party app).
- Legal requirements: to comply with applicable law or respond to lawful requests by public authorities.

Your Choices & Rights:

You may revoke Penna’s access to your Google account at any time via your Google Account settings → “Security” → “Third-party apps with account access.”
Upon revocation, we will delete any stored Google access tokens; you may still access previously imported content in Penna, but cannot perform new imports/exports.

Sharing of Personal Information

We do not sell, rent, or trade your personal information. However, we may share your personal information in the following cases:

With third-party service providers (e.g., payment processors such as Stripe) to deliver the Services you requested
With integration partners upon your request
With contractors such as developers and administrators to maintain and improve our Services
To comply with legal obligations, judicial processes, or government requests
If we believe it is necessary to prevent illegal activities or to protect the rights and safety of others
In the event of a merger, acquisition, or sale of the company, you will be notified, and your personal information will be transferred to the new owner

Except as noted above, we will not share your personal information with third parties without your consent.

Accessing and Updating Your Information

You have the right to access, update, or delete your personal information at any time by logging into your account on Penna. If you require assistance in accessing or updating your information, you can contact us at help@penna.app.

Encryption and Data Security

Penna uses encryption to secure all proposal data and personal information. We use the latest security protocols to protect your data from unauthorized access, disclosure, or alteration. Only you and authorized users have access to your information (See privacy section in home for more specific information). This way we ensure that your data is yours and yours alone. Not even Penna can access your proposal data.

Children's Privacy

Penna does not knowingly collect personal information from children under the age of 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete it.

Communications and Email

We may use your email address to communicate with you about important legal notices, service updates, or other relevant information about your account or the Services. We will not Send requests for personal information via email or pop-up windows.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time at our discretion. Any changes will be posted on this page, and your continued use of Penna after the update constitutes your acceptance of the revised policy.

The use of your personal information will be governed by the Privacy Policy in effect at the time of use.

If you have any questions or concerns about this Privacy Policy, or if you would like further information about how your personal data is handled, please contact us at help@penna.app.