Heh, don't blame you. We did fight for and win approval to write a forward to our privacy policy to make it more accessible. Outside of that, we didn't want to innovate in an area we know very little about and instead deferred to what our law firm told us we should be doing.
I understand your situation but I also reject the premise. Small businesses are supposed to be at the forefront of things like this. There's a reason why outlets like the New York Times have been writing easily-accessible articles on this topic since AT&T screwed us all in 2011.
I get that you're dealing with financial things and financial outlets are inherently risk-averse but if my credit union can manage to not get sued into oblivion while lacking a mandatory, binding arbitration clause, you could, too. SoFi pulled off having an opt-out clause in their agreement; that's the least I expect these days.
This is one reason why I've started doing business more and more with European-based companies. Their local laws don't permit such customer-unfriendliness.
(Edited to add: if I'm trusting you with read/write credentials--since no other kind exist--to my financial accounts, yes, I expect to retain the right to sue if you screw up gloriously. That your lawyers pushed for you to make your users sign away that right is telling.
I'm genuinely sorry if I'm coming across as hostile; this isn't personal at you, specifically. I'm just sick and tired of being told "you get to tell us everything about you in order to use our shiny new service and if we drop the ball or miss a semi-colon and every penny you own is funneled to Moon Base Alpha Seven, well, sorry, hope the arbitrator chosen by us, paid by us, and with a financial incentive to be used by us in the future is willing to award you a few ducats for your trouble." I keep hoping for better from HN-funded startups and so rarely get it.)
Sorry about the bug. We've been deploying all day and made the mistake of pushing something that received new server content before the updated clients themselves had time to propagate. I'm guessing that's what you ran into.
A bit about our process: we catch all errors (server and client) using Bugsnag and pipe them to Slack. Those errors are basically stack traces that hopefully give us enough context to reproduce and fix the bug. If the error was user facing (e.g. interrupted your conversation), we also open a ticket in Enchant that links back to the Bugsnag error. That way we track if/when a user hits a bug and can reach out to let them know when it's been fixed, or collect more info on the context surrounding the bug.
Like most customer support portals, Enchant can be populated with information about the person's account. In our case, we can see things like your first name (that's all we collect from you), when you joined, your phone platform, your app version, and which bank types you've attempted to link.
Does that answer your question?
As for financial data: we don't store your credentials, ever (thanks to Plaid's API, we don't have to). We do store your transactions so that we can serve them to you in-app (hopefully that's not a surprise?), along with the bank type and balance information that you see in your accounts tab. Since they're in our DB, engineers on the team can query that information. We do that on a need-to-know basis only; for example, if someone has asked us to investigate a bug they ran into, or why their numbers look off.
Thanks, that was the answer I was looking for. I appreciate the openness!
In a perfect world engineers would have to request elevated permissions from a manager/team lead to query tables holding financial information, but in our un-perfect world that's usually not feasible.
And just because we're working on this idea doesn't mean you can't too. It all comes down to execution. A little competition is healthy for everyone :)
That first Show HN post sent about 700 unique people to our website, of which about 100 clicked the download button and roughly 40 signed up. That may seem like a small number, but it was huge for us at the time. It gave us a lot of new information about where people would fall off in our funnel, uncovered some edge cases we hadn't accounted for, etc.
That FAQ is a little out of date—I'll update right now. Once you remove duplicates, we support closer to 8-10k banks through Plaid, and we have two monetization strategies (monetization was our focus at YC):
1. A premium subscription service that gets you some power features within Penny; we just launched that today.
2. Recommending affiliate products.
It's important to note that affiliates can be a mixed bag. Mint.com was the product that turned me onto Betterment when I was hunting around for ways to invest my money; I'm legitimately thankful that they did since I love Betterment. At Penny, we think we can tastefully and in good faith recommend some affiliate products. Those recommendations fit perfectly into our coaching model too.
Unfortunately, most personal finance companies start pushing credit cards on people that don't need them because it pays the most money. We're building Penny in a way that disincentives crappy behavior like that.
Agreed. We've reached out to Google a couple of times asking if they can display a more helpful message than "not compatible with an of your devices" when the real reason is "Only available in the US". Not a great UX.
1. Those other platforms didn't really exist when we first launched. Messenger launched their platform about nine months after we started Penny.
2. (The real reason) We still don't think we can provide a better experience via a chatbot platform than we can with a standalone app.
To motivate that second point:
The benefit to a chatbot platform is that you meet people where they already are, and "signup" generally has lower overhead.
The downsides are many, though. Most platforms don't allow for things like securely submitting username and passwords, e.g. when connecting a bank account (although Messenger is starting to allow webviews, which can be repurposed to handle this). Browsing your aggregated transaction history, changing the category of a transaction, viewing your balances, etc. are all poor fits for a chat interface (again, Messenger has only recently started to address this). Pre-populated responses aren't first-class citizens in most chatbot platforms. We get more control over the UI, e.g. when displaying animated graphs, in a standalone app than we do within chat. There is/was no way to lock individual chatbot threads behind passcodes to protect your privacy... and on and on :)
Finally, there's also the problem of discoverability, which no chatbot platform has solved in a convincing manner. Downloading a standalone app is a pain, but once you get over that initial hurdle we think the experience is still significantly better than delivering Penny over a chatbot platform.
For what it's worth, we don't think the premium experience (Penny+) is a good fit for most of our users. Locking extra complexity behind a premium version was actually our way of keeping the core experience simple (and encouraging people to not mindlessly turn on extra features unless they're confident they want them). We think the simplicity of the core experience is one of the main reasons people continue to use Penny over time; complexity begets churn, even if users ask for that complexity. We eschew traditional budgets for the same reasons.
