WhatsApp Security and Privacy

WhatsApp security and privacy

We understand that discussing your finances on WhatsApp raises legitimate questions about security and privacy. Here's a detailed explanation of how your data is protected.

End-to-end encryption

WhatsApp provides end-to-end encryption for all messages and media sent through the platform. This means:

• Messages between you and Penny are encrypted in transit — no one, including WhatsApp and Accounted, can read them while they're being delivered.
• Photos of receipts are encrypted during transmission.
• Only your device and Accounted's secure systems can read the content of your messages.

What Penny stores

When you interact with Penny via WhatsApp, certain data is processed and stored in your Accounted account:

Stored in your Accounted account:

• Receipt images and extracted data (merchant, date, amount)
• Expense records and mileage logs created from your messages
• Transaction categorisation decisions you make via WhatsApp
• Your WhatsApp phone number (for communication purposes)

Not stored:

• Casual conversation messages (greetings, thank-yous, off-topic chat)
• Your WhatsApp profile picture
• Your WhatsApp status or "about" information
• Your contacts list

What Penny never asks for

Penny will never ask you for:

• Your bank login credentials
• Your Government Gateway password
• Full card numbers or CVVs
• Your National Insurance number via WhatsApp (this should only be entered in the secure dashboard)
• Any other passwords or security codes

If you receive a WhatsApp message claiming to be from Penny that asks for any of these, it is not genuine. Please report it to hello@accounted.co.uk immediately.

Data processing

When Penny processes a receipt image or a message containing financial information:

1. The data is transmitted over WhatsApp's encrypted connection.
2. It is received by Accounted's secure servers, which are hosted in UK data centres.
3. The relevant information is extracted and stored in your encrypted Accounted database.
4. AI processing (for categorisation, OCR, etc.) happens within our secure infrastructure.
5. No financial data is shared with WhatsApp or Meta.

Your rights and controls

You are in control of your data at all times:

• Disconnect WhatsApp — You can disconnect your WhatsApp number from Settings at any time. This stops all communication but does not delete your Accounted data.
• Delete your data — Under GDPR, you can request deletion of all your data. Contact hello@accounted.co.uk.
• Export your data — Download a complete copy of all data Accounted holds about you from Settings > Data Export.
• Review what's stored — Your Accounted dashboard shows everything that has been recorded from your WhatsApp interactions.

Best practices for security

To keep your account secure when using WhatsApp:

• Enable two-step verification on your WhatsApp account (WhatsApp Settings > Account > Two-step verification).
• Lock your phone with a PIN, fingerprint, or face recognition.
• Don't share your phone — Anyone with access to your WhatsApp can message Penny as you.
• Report suspicious messages — If anything seems off, contact our support team.
• Keep WhatsApp updated — Ensure you're running the latest version for the most current security patches.

Regulatory compliance

Accounted is registered with the Information Commissioner's Office (ICO) and complies with UK GDPR and the Data Protection Act 2018. Our use of WhatsApp for business communication follows Meta's Business Terms of Service and WhatsApp Business Platform policies.

Your financial data is treated with the same level of care and security as any banking or financial services application. We undergo regular security audits and penetration testing to ensure our systems meet the highest standards.