Tally Finance
Privacy Policy
Last updated: April 27, 2026
This policy explains what data Tally collects, why we collect it, how we use it, and the choices you have. We aim to keep this short and plain-English. If anything is unclear, email us at support@tallyfinance.online.
1. What we collect
Account data
- Email address. Used to create your account, send you magic-link sign-in emails, and contact you about your subscription.
- Authentication data. A hashed session identifier so we can keep you signed in. We do not store passwords because we use passwordless magic-link sign-in.
Billing data
- Subscription metadata. Plan tier, status, renewal date, and Stripe customer/subscription IDs.
- Payment details. We never see or store your full card number. Stripe handles all payment data and is PCI-DSS Level 1 certified.
Application data
- Financial inputs you enter (income, bills, purchase amounts, cash entries, splits, packing lists, travel plans).
- Receipt images and metadata you upload, stored in a private Supabase storage bucket scoped to your user ID.
- Some data is stored locally in your browser (localStorage) for immediate use without an account; that data never leaves your device unless you sign in and opt to sync.
Usage data
- Anonymous product analytics (which pages you visit, which features you use) via PostHog. Used to improve Tally; not sold or shared for advertising.
- Standard server logs (IP address, user agent, timestamp) retained for up to 30 days for security and abuse prevention.
2. How we use it
- To provide, operate, and improve the service.
- To process payments and manage your subscription.
- To respond to support requests and send service-related emails such as receipts, password-less sign-in links, and important account notices. We do not send marketing emails without your opt-in.
- To detect, prevent, and address fraud and security issues.
- To comply with legal obligations.
3. Service providers we share data with
We use a small set of trusted third parties ("sub-processors") to run Tally. They are bound by contracts that limit how they may use your data and require appropriate security measures.
- Stripe. Payment processing and subscription billing. Their privacy policy.
- Supabase. Database, authentication, and file storage. Their privacy policy.
- Vercel. Web hosting and edge delivery. Their privacy policy.
- PostHog. Product analytics (anonymous usage). Their privacy policy.
We do not sell your personal information, and we do not share it with advertisers or data brokers.
4. Where your data is stored
Your data is stored on infrastructure operated by Supabase (Postgres, in the region you selected when the project was created) and Vercel (edge cache and serverless functions). Stripe stores billing data on its own infrastructure. Data may be transferred to and processed in the United States and other countries where our service providers operate.
5. How long we keep it
- Active accounts. We retain account and application data for as long as your account is open.
- Closed accounts. When you close your account, we delete personal data within 30 days, except for billing records we are required to retain for tax and accounting purposes (typically 7 years).
- Backups. Backup copies are overwritten on a rolling schedule and may take up to 60 days to fully expire after deletion.
6. Your rights
Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise any of these rights, email us at support@tallyfinance.online from the address associated with your account. We will respond within 30 days.
California residents have additional rights under the CCPA/CPRA, including the right to know what data we hold about you and the right to opt out of the sale or sharing of personal data. We do not sell or share personal data within the meaning of those laws.
If you are in the EEA, UK, or Switzerland, our lawful bases for processing are: (a) performance of a contract (to provide the service); (b) legitimate interests (to keep the service safe and to improve it); and (c) consent (where required, e.g. analytics cookies).
7. Security
We use HTTPS in transit, encryption at rest (handled by Supabase and Stripe), short-lived session tokens, and least-privilege access for our team. No system is perfectly secure; if we ever experience a breach affecting your data we will notify you and the relevant authorities as required by law.
8. Children
Tally is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us with information, contact us and we will delete it.
9. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will be announced by email or in-app notice.
10. Contact
Privacy questions or requests: support@tallyfinance.online.