About Bad Penny Pinball™

Route operator tools, built by a route operator.

Who Built This

Contact

Contact information coming soon.

Privacy & Security

Only what's needed, nothing more

Bad Penny stores your email address (to log in), your location names, game titles, machine serial numbers, and various machine-unique stats. There are no analytics trackers embedded in the app, no marketing pixels, no ad targeting, and your data is never sold or shared with third parties.

What happens when you upload a CSV

When you upload your Stern audit file, it travels over an encrypted HTTPS connection, the same kind of encryption your bank uses. Bad Penny reads the file in memory, pulls out the data it needs, and then immediately deletes the original file. Nothing is kept on disk after a successful parse in to the database.

Your machine serial numbers are scrambled using strong encryption before being saved to the database. If someone ever got a copy of the database, they would see random gibberish instead of real serial numbers. Location names and game titles are stored as plain text because they are not sensitive in the same way.

Earnings data is handled separately and described below.

Keep your own CSV backups

Because Bad Penny deletes your CSV file immediately after parsing it, there is no copy of the original file stored on our server. If you ever need to recover or audit your raw Stern data, that responsibility falls on you.

If you use the fetch script, you can automate this with the --backup-csv flag (or -BackupCsv on PowerShell). When set, the script saves a dated copy of each CSV to a local folder on your machine before uploading.

What happens when the fetch script runs on your computer?

The fetch script is the Mac/Linux shell or Windows PowerShell script you set up to run on a schedule, on your own machine. It logs into Stern's website using your own Stern credentials. Bad Penny never sees your Stern password and it never touches our server. The script downloads your audit data and tech alerts, then sends that data to Bad Penny over an encrypted HTTPS connection. The scripts are written in plain text and not obfuscated in any way, so you can make sure there's no tomfoolery going on.

Tech alert messages and coin door events are stored in plain text because they need to be readable to be useful on the alerts page.

Your earnings data

Earnings tracking is opt-in and turned off by default. If you turn it on, your dollar amounts are protected by two layers of encryption. Think of it like a lockbox inside a safe: your earnings are locked with a key unique to your account, and that key is itself locked inside a separate master key that only the server holds. Someone who stole a copy of the database would have a locked box with no key. The numbers would be completely unreadable.

A straight answer to a fair question: As the person who runs this server, I have access to both the database and the master key. That means I could, with deliberate effort, decrypt your earnings data.

I have no reason to look at your earnings. I built the system to keep your data private, and the encryption exists to protect you from attackers, breaches, and anyone who is not me.

As with any other site you use, the commitment here is a trust commitment, not a cryptographic one.

If you opt in to earnings tracking and later change your mind, you can disable it in Settings. When you do, your earnings key is permanently deleted from the database. At that point, not even I could recover your historical earnings. It becomes permanently unreadable to everyone.