Legal
Privacy Policy
Last updated: July 7, 2026
This policy explains what data Tally collects, why we collect it, and what you can do about it. If anything here is unclear, open a support ticket from inside the app.
01Who is responsible
Tally Accounting Software Limited (“Tally,” “we,” “us,” “our”), a company registered in England & Wales with its registered office at 20 Wenlock Road, London, N1 7GU, operates the service at tally.ac and is the data controller for your personal information. Contact us through a support ticket from your account.
02What we collect
- Account data — email address, password hash, and (if you sign in with Google) the profile info Google returns to us.
- Product data — the spaces, entries, notes, currencies and settings you create in Tally.
- Billing data — plan, subscription status and payment history. Card details are handled by Stripe; we never see or store them.
- Affiliate data — your handle, referrals you drove, and payout details you enter.
- Support data — messages you send to us and metadata about your ticket.
- Technical data — IP address, browser type, device and pages visited, collected via server logs and privacy-friendly analytics.
03Why we use it
We process the data above to:
- Provide Tally: authenticate you, store your data, render your recaps.
- Charge for paid plans and pay affiliate commissions.
- Respond to your support requests.
- Send service emails (receipts, security notices, product updates you opted into).
- Keep the service secure, prevent abuse, and comply with the law.
- Improve the product — always in aggregate, never by reading your entries.
Legal bases under GDPR: performance of a contract (running the service you signed up for), legitimate interests (security, product improvement), consent (optional marketing emails and non-essential cookies), and legal obligations (tax, accounting).
04What we don't do
- We don't sell your personal data. Ever.
- We don't train AI models on your entries.
- We don't run ad-tracking pixels for third parties.
05Who we share with
We share the minimum data needed with vendors who help us run Tally under strict contracts (a “data processor” relationship):
- Supabase — database, auth and file storage.
- Cloudflare — hosting the app and API on the edge.
- Stripe — subscription billing.
- An email provider for transactional email.
- Google — only if you choose to sign in with Google.
If you're a business customer processing personal data of your own customers or staff through Tally, our Data Processing Addendum sets out the full list of sub-processors and the Article 28 obligations that apply. It's incorporated into your Terms of Service — no signature needed.
We may also disclose data if legally required (subpoena, court order) or to protect Tally's rights and users' safety.
06International transfers
Some of these vendors are based outside the EU/UK. When your data moves internationally we rely on the appropriate safeguards (Standard Contractual Clauses, the UK IDTA, or an adequacy decision) so your protections travel with you. Details are in our Data Processing Addendum.
07How long we keep it
We keep your data for as long as your account is active. If you delete your account, we delete your product data within 30 days, except:
- Invoices and payment records we're required to keep for tax law (up to 10 years).
- Anonymised, aggregated stats that can't identify you.
- Backups that expire on their normal rolling schedule (up to 35 days).
08Your rights
You can:
- Access and download your data.
- Correct anything that's wrong (most of it you can edit yourself in Tally).
- Delete your account and all associated data.
- Object to or restrict certain processing.
- Withdraw consent for optional emails at any time.
- Complain to your local data-protection authority.
Open a support ticket from inside Tally and we'll help. We aim to respond within 30 days.
09Cookies
Tally uses strictly-necessary cookies to keep you signed in and to remember essential preferences. We don't use tracking cookies for advertising. If we ever add analytics that require consent, we'll ask first.
10Security
Passwords are hashed, connections are encrypted with TLS, and every row in our database is protected by strict row-level security policies so users can only ever see their own data. No system is perfectly secure — but we take this seriously and continuously improve.
11Children
Tally isn't for children. We don't knowingly collect data from anyone under 16 (or the age of digital consent where you live). If you believe a child has given us data, tell us and we'll delete it.
12Changes
When we make material changes to this policy we'll notify you by email or in the app before they take effect. The “Last updated” date at the top of this page always reflects the current version.
Questions about this document? Open a support ticket and we'll reply inside Tally.
Open a ticketTally Accounting Software Limited
Registered office: 20 Wenlock Road, London, N1 7GU, United Kingdom
Registered in England & Wales.
© 2026 Tally Accounting Software Limited. All rights reserved.