Privacy Policy.

• “Local Government” A county, city, or other local government entity (including its Authorized Users) that subscribes to Peny and manages official content on the Platform.
• “Residents” Individuals who access Peny to view content, ask questions, or submit events.
• “Authorized User” An individual permitted or designated by a Local Government to access or use Peny on behalf of that Local Government (including employees, officers, elected officials, partners, or contractors).
• “Personal Information” Information that identifies, relates to, describes, or can reasonably be linked to a particular individual (e.g., name, contact details, IP address).
• “Customer Data” Information, including Personal Information, provided or created by a Local Government or Resident in the course of using the Platform. In many cases, Local Governments act as the primary owners or “controllers” of this data, and Peny processes it on their behalf.

This Privacy Policy applies to:

1. Personal Information collected from Local Governments and Residents through the Peny Platform.
2. Information collected when you visit our Site or interact with our marketing or support channels.

Peny provides software and services to counties, cities, and other local government entities to facilitate communication with Residents. In many scenarios, Local Governments are responsible for deciding what Personal Information to collect and how to use it. Peny generally acts as a service provider or “data custodian,” processing that information according to the Local Government’s instructions and as permitted by law. If you have questions or requests about data a specific Local Government controls, please contact that entity directly.

We may collect, store, and process various types of Personal Information depending on how you interact with our Platform or Site, including:

Contact Information.

May include your name, email address, phone number, or home address—especially if you sign up for an account, communicate with Local Governments, or submit events.

Account Credentials & Single Sign-On.

• Direct Registration. If you create a Peny account directly, we collect your username and email address.
• Single Sign-On (SSO). If you register or log in via third-party providers (e.g., Google, Apple), we may receive certain profile information (such as your name and email) according to their privacy policies and your permission settings.

User-Generated Content.

​​This may include messages, inquiries, photos, event submissions, or other content you submit through the Platform (e.g., queries to our AI chatbot).

Device & Technical Information.

Includes IP address, browser type, operating system, device identifiers, and usage data (e.g., pages visited, time spent, referral sources).

Location Data.

If you enable location services, we may collect approximate or precise location information (as allowed by your device settings).

Payment Information.

If you pay for services through Peny or an integrated gateway, your transaction details (e.g., credit card number, billing address) may be handled by a third-party payment processor.

We obtain Personal Information from various sources, including:

• Directly from You. For instance, when you register for an account, submit inquiries, create events, or provide feedback.
• Automatic Technologies. We use cookies, web beacons, or similar technologies to gather usage data (e.g., pages visited, device information).
• Local Governments. Local Governments may provide us with Personal Information about their Authorized Users or Residents in the course of using the Platform.
• Third-Party Integrations. If you link Peny with other platforms (e.g., Single Sign-On services), we may receive basic profile information as provided by the third-party service.

We use Personal Information for several key purposes, explained below. By providing your Personal Information, you acknowledge and agree that we may process it as described in this section.

Operating Our Platform.

• Event Submissions & AI Chat. We store and display your events, process your chatbot queries, and provide notifications or alerts.
• Account Management. We enable user logins, account profiles, and single sign-on.

Communication.

• Notifications & Updates. We may send emails, in-app messages, or push notifications to keep you informed about Platform updates, Local Government announcements, or events.
• Support & Inquiries. We respond to questions or troubleshoot issues you report about our Platform or Site.

Personalized Content & Recommendations.

We analyze your usage patterns, interactions, or preferences to recommend relevant content or features.

Improvement & Development.

• Analytics & Research. We use device and technical information (e.g., IP addresses, usage logs) to understand how our Platform is used and to develop new features.
• AI Functionality. We may review anonymous or aggregated chatbot interactions to enhance our AI’s responsiveness and accuracy.

AI Chat Interactions.

• User Discretion. Please do not share sensitive or private information (financial details, health data, etc.) in the chatbot. We are not responsible for unauthorized disclosure if you do so.
• Enhancing AI Services. We may process chat submissions to improve our AI capabilities, but we do not sell this data to third parties.

Security & Compliance.

We monitor for unauthorized activity, investigate potential violations of our Terms of Use, and comply with any legal obligations.

Payment Processing.

• Third-Party Processors. We partner with reputable payment processors for transactions (e.g., Platform fee, civic fees). Your full payment card details are not stored by Peny. We only access relevant information needed for refunds or billing inquiries.
• Record-Keeping. Basic transaction data may be used for invoicing, support, and maintaining financial records.

Marketing & Promotional Purposes.

If you’ve opted in, we may send promotional information about Peny. You can opt out at any time.

Geo-Analytics & Government Planning.

• Location Data. With your consent (enabled in device settings), we use location data to provide location-specific alerts, analyze traffic or amenity usage, and improve planning or resource allocation for local governments.
• De-identified Insights. Any location-based insights we share are aggregated or anonymized.

User Responsibilities & Confidential Information.

• No Sensitive Data. Users are solely responsible for ensuring any content they upload does not contain confidential, restricted, or sensitive information (e.g., personal health data, financial records, trade secrets).
• Public Visibility. Certain uploads (e.g., event postings) may be accessible by other Platform users or the general public.
• Disclaimer of Liability. Peny disclaims liability for any unauthorized disclosure of sensitive information uploaded by users. If you believe such data has been posted in error, please contact us.

We use cookies, web beacons, and similar technologies to:

• Recognize Your Device. Maintain your logged-in state or recall preferences.
• Analyze Usage Patterns. Collect data on how you navigate the Platform or Site (e.g., pages visited, time spent).
• Improve User Experience. Help us identify problems or optimize performance.

You can typically manage your cookie preferences via your browser settings. Disabling cookies may affect some features of the Site or Platform.

No Sale of Personal Information & Aggregated Data.

We do not sell, rent, or lease your Personal Information to third parties. When we do share data, it is only in the ways described below or with your explicit consent. We may create and share aggregated, de-identified, or anonymized data for legitimate business purposes—such as analytics, research, or improving our products and services. This data cannot be used to identify any individual user and therefore does not constitute Personal Information.

• With Local Governments. To facilitate communication or fulfill service requests.
• Service Providers. We work with third-party vendors (e.g., hosting and email service providers, and payment processors) under strict confidentiality and data protection agreements. These providers may access or process Personal Information only to perform tasks on our behalf.
• Legal Compliance. We may disclose Personal Information to comply with applicable laws, regulations, legal processes, or governmental requests (e.g., subpoenas, court orders). We may also share data if necessary to protect our rights, property, or safety—or that of others.
• Business Transactions. In the event of a merger, acquisition, reorganization, or sale of all or a portion of our assets, your information may be transferred, subject to appropriate confidentiality protections.
• Consent. If you explicitly consent to additional sharing of your information (e.g., opting in to certain programs or third-party integrations), we will respect your consent preferences.

Some local governments are subject to public records laws or “sunshine” acts. If you submit content or Personal Information to a Local Government that is covered by these laws, your data may be subject to public disclosure upon request, unless an exemption applies. Peny will assist the Local Governments in fulfilling their legal responsibilities but does not independently determine whether your data is exempt from disclosure. For more information, please contact the relevant local government.

We retain Personal Information:

1. As long as necessary to fulfill the purposes outlined in this Privacy Policy (and in accordance with any agreement we may have with Local Governments).
2. Based on legal or regulatory requirements, or with local government instructions if we are a service provider.

We may also retain de-identified or aggregated data for legitimate business purposes, such as analytics or research.

Peny is not directed to children under the age of 13. If you are under 13, you may only use Peny with the involvement and consent of a parent or guardian. We do not knowingly collect Personal Information from children under 13. If you believe we have inadvertently collected such data, please contact us so we can delete it.

We implement appropriate administrative, technical, and physical safeguards to protect Personal Information from unauthorized access, disclosure, or alteration. However, no method of data transmission or storage is 100% secure, and we cannot guarantee absolute security.

We maintain incident response protocols to address potential data breaches or security incidents. In the unlikely event that a breach affects your Personal Information, we will promptly investigate and contain the incident. We will also notify affected individuals and/or relevant authorities as required by law. Such notices will include:

1. Nature of the Incident. A general description of what happened and when it occurred.
2. Data Impacted. A description of the type(s) of Personal Information involved.
3. Recommended Steps. Guidance on how you can protect yourself, if applicable.

Depending on your jurisdiction, you may have rights regarding your Personal Information, such as:

• Location Sharing. We only collect location data if you enable it on your device or browser. You can revoke this permission at any time, although certain features (like location-based alerts) may be affected.
• Access & Correction. Request access to or correction of the Personal Information we hold about you.
• Deletion. Request deletion of your Personal Information, subject to legal and contractual limitations.
• Objections & Restrictions. In certain cases, object to or request restrictions on how we process your data.
• Withdrawal of Consent. Where we rely on consent, you can withdraw it at any time.

If Peny processes your data on behalf of a Local Government, we may redirect you to that Local Government for certain privacy requests. You may also contact us directly with privacy-related questions or requests.

Resident Users.

• Account Deletion. If you wish to delete your Resident user account, please contact us. We will process your request and remove your profile from our active user database within five (5) business days. Once deleted, you will no longer have access to Peny using that account.
• Data Purge. Account deletion does not automatically purge all of your data (e.g., chat interactions, event submissions, uploaded content). If you wish to have all associated data permanently removed, submit a formal request to the email or mailing address set forth in this Privacy Policy.
• Retention & Legal Obligations. We will make reasonable efforts to honor your request, but some data may be retained for legal compliance, security, or legitimate business purposes.
• Primary Data Controller. If a local government using Peny collected or uploaded your information, that government may act as the primary data controller.
• Collaboration. If your request relates to data under a local government’s control, we may direct you to that government office. We will work in good faith to facilitate deletion, but the government may have its own legal or regulatory obligations affecting data retention.

Local Government Accounts.

1. Subscription and Account Deletion‍Local Government Subscribers.
   Local Governments are subject to a separate Master Services Agreement (“MSA”) with Peny. If a Local Government wishes to close its account, it should follow the procedures outlined in the MSA or contact us using the information provided in this Privacy Policy. Residents with questions about how a Local Government uses Peny—or about a government’s subscription status—should direct inquiries to that Local Government, as it is responsible for managing its own use of the Platform.
   ‍Non-Subscribed Governments. Peny maintains a public listing of local governments for informational purposes. If a government is not subscribed, it will still appear in our system as a public listing. We generally do not remove these listings unless legally required, as they reflect publicly available information.
2. Government-Authorized Accounts.
   Local government subscribers may add or remove Authorized Users who need access to Peny. These accounts are administered by the Local Government and are not considered Resident accounts. If you have questions about your access or wish to be removed, please contact the government’s Peny administrator. For more details on the government’s responsibilities and permissions regarding these accounts, refer to our separate agreement with the subscribing entity.

Residual Data.

Even after your Resident or Local Government account is deleted, certain residual copies of your data may remain in our backup or archival systems for a limited period of time, in accordance with our data retention and security requirements. We routinely create these backups for disaster recovery and other continuity purposes, and cannot selectively remove or alter specific data within them. Consequently, your information may persist in backups until those files are overwritten or securely destroyed under our standard rotation schedule. We do not actively use or process data stored in backups. If you have questions about these protocols or retention periods, please contact us using the email or mailing address in the Contact Us section of this Privacy Policy.

If you access Peny from outside the United States, you do so at your own risk and are responsible for compliance with local laws. We may process or store information in the U.S. or other jurisdictions. If we transfer your Personal Information internationally, we will take steps to ensure it remains protected in accordance with this Privacy Policy and applicable laws.

Our Platform or Site may include links to websites, applications, or services operated by third parties. These links are provided for convenience only, and Peny does not endorse or assume responsibility for their content, security, or privacy practices. If you choose to access any linked third-party service, you do so at your own risk and remain subject to the respective provider’s policies or terms. We expressly disclaim any liability arising from your use of or reliance on such third-party content or services. We encourage you to review the privacy policies and terms of each third-party service before interacting with them or providing any Personal Information.

Governing Law.

This Privacy Policy is governed by the laws of the State of Utah, without regard to conflict-of-law principles.

Master Services Agreement (MSA).

If a separate written agreement (including any Master Services Agreement) covers your specific use of the Platform, that agreement will control in the event of any conflict with this Privacy Policy, including this dispute resolution section.

Arbitration Agreement.

Except as noted below, any dispute, claim, or controversy arising out of or relating to this Privacy Policy—or to your use of the Platform in connection with the handling of personal information—shall be resolved exclusively through final and binding arbitration. The arbitration will be administered by the American Arbitration Association in Salt Lake City, Utah, in accordance with its Commercial Arbitration Rules. The Federal Arbitration Act governs the interpretation and enforcement of this provision.

Exceptions & Venue.

• Injunctive Relief or IP Claims. Either party may seek equitable relief (e.g., injunctions) in court to protect intellectual property rights.
• Small Claims. You or Peny may bring an individual claim in small claims court if it falls within that court’s jurisdiction.
• Non-Arbitrable Matters. If a dispute is determined not to be subject to arbitration, you consent to the exclusive jurisdiction of the Third Judicial District Court in Salt Lake City, Utah, and waive any objection to personal jurisdiction or venue in those courts.l make reasonable efforts to honor your request, but some data may be retained for legal compliance, security, or legitimate business purposes.

Class Action Waiver.

All claims must be brought solely on an individual basis. Neither you nor Peny will act as a plaintiff or class member in any class or representative proceeding.

One-Year Limit.

Any claim must be filed within one (1) year from the date it arose, or it is forever barred.

Opt-Out.

If you do not wish to arbitrate, you must notify Peny in writing within thirty (30) days of first accepting this Privacy Policy, clearly stating that you opt out. Send this notice via email to notice@penyapp.com or by mail to the address listed in this Privacy Policy.

We may update this Privacy Policy periodically, at our sole discretion, to reflect changes in our practices or for legal or regulatory reasons. When we do, we’ll revise the “Last Updated” date at the top. If significant changes occur, we will notify users through the Platform of Site. Continued use of the Platform or Site after such updates constitutes acceptance of the revised Policy. We encourage you to review this Privacy Policy regularly.

If you have any questions about this Privacy Policy or would like to make a privacy-related request, please contact us at:

Email. notice@penyapp.com

Address. 2326 Washington Boulevard, Ogden, UT 84404