Privacy Policy

Baig Innovations, LLC - Penny App

Version 1.2 — Updated December 15, 2025

Baig Innovations, LLC ("we," "us," or "our") operates Penny, a pelvic health wellness tracking application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information.

1. Information We Collect

1.1 Information You Provide

  • Account information (email address, password)
  • Health tracking data (bathroom logs, wellness check-ins, episodes, notes)
  • Appointment information (provider names, dates, notes)
  • Communication preferences

1.2 Information Collected Automatically

  • Device information (device type, operating system)
  • App usage data (features used, session duration)
  • IP address (for jurisdiction verification only, not GPS location)

2. How We Use Your Information

  • To provide and maintain Penny's features
  • To generate reports and track patterns at your request
  • To communicate with you about your account
  • To improve our services
  • To comply with legal obligations

3. Data Storage and Security

Your data is stored securely using Supabase, our backend service provider. All data is encrypted in transit using TLS and at rest. We implement industry-standard security measures to protect your information.

4. Data Sharing

We do not sell your personal information.

We may share data with:

  • Service providers who assist in operating Penny (Supabase for database/authentication, Stripe for payment processing when launched)
  • Legal authorities when required by law
  • Third parties with your explicit consent

Note: Google Analytics is used on our marketing website (pennypelvic.app) only. The Penny mobile app does not contain any third-party analytics or advertising trackers.

5. Your Rights

5.1 Access and Export

You can export your data at any time through the app settings. Free tier users may export up to 2 times per year. Premium users have unlimited exports. Exports are provided in machine-readable format.

5.2 Deletion

You can delete your account at any time through the app settings. Account deletion requires email verification for security. Upon deletion, your data will be removed from our active systems within 30 days and from backups within 90 days.

5.3 Correction

You can edit or correct your tracked data at any time within the app.

6. Data Retention

We retain your data for as long as your account is active. Inactive accounts (no login for 2 years) will be deleted after notification. Warning emails will be sent at 18 months, 22 months, and 23 months of inactivity before automatic deletion at 24 months.

7. Children's Privacy

Penny is not intended for users under 18 years of age. We do not knowingly collect information from children under 18.

8. Geographic Restrictions

Penny is currently available only to users in the United States. We use IP-based verification to confirm user jurisdiction. This is not GPS tracking—we only verify you are accessing from a supported region.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes via email or in-app notification at least 30 days before they take effect.

10. Contact Us

For privacy-related inquiries:

11. Regulatory Compliance

11.1 Security Standards

While Baig Innovations, LLC is not a "covered entity" under HIPAA, we prioritize the security of your health information. We voluntarily implement industry-standard security measures—such as encryption in transit and at rest—designed to protect your data. However, because Penny is a general wellness application and not a medical provider, your data is not subject to the specific administrative requirements of HIPAA.

11.2 FTC Health Breach Notification Rule

We comply with the Federal Trade Commission's (FTC) Health Breach Notification Rule. In the event of a breach of security involving your unsecured health information, we will notify:

  • You (via email or in-app notification)
  • The Federal Trade Commission
  • Other parties as required by federal law

Notifications will be sent without unreasonable delay and in accordance with the timelines mandated by the Rule.

12. Effective Date

This Privacy Policy is effective as of December 15, 2025.