Tally logotally
Login
Sign up

Privacy Policy

Last updated: 07/12/2025

1. Introduction

Tally ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our inventory management service (the "Service").

We are based in the United Kingdom and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Personal Information

When you register for an account, we collect:

  • Email address
  • Password (encrypted)
  • Organization details (if applicable)
  • Name (if provided)

2.2 Inventory Data

When you use the Service, we collect:

  • Product information (names, descriptions, SKUs)
  • Pricing and cost data
  • Inventory quantities and locations
  • Product images and attachments
  • Any other data you choose to input into the Service

2.3 Usage Information

We automatically collect:

  • Device information (browser type, operating system)
  • IP address and location data
  • Usage patterns and analytics (via Vercel Analytics)
  • Performance metrics (via Vercel Speed Insights)
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Create and manage your account
  • Process your transactions and subscriptions
  • Send you technical notices and support messages
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyze usage trends and performance
  • Detect, prevent, and address technical issues and fraud
  • Send you marketing communications (with your consent, where required)
  • Comply with legal obligations

4. Legal Basis for Processing (UK GDPR)

We process your personal data under:

  • Contract performance: To provide the Service you signed up for
  • Legitimate interests: To improve our Service, prevent fraud, and ensure security
  • Consent: For marketing communications and non-essential cookies
  • Legal obligation: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

5.1 Service Providers

We share data with trusted third parties:

  • Supabase: Database and authentication services (data processor)
  • Vercel: Hosting, analytics, and performance monitoring
  • Payment processors: To handle subscription payments (when applicable)

5.2 Organization Members

If you are part of an organization on Tally, your data may be accessible to other members of that organization according to their permissions.

5.3 Legal Requirements

We may disclose your information if required by law or to protect our rights, property, or safety.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal data, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of passwords and sensitive data at rest
  • Row-level security policies in our database
  • Regular security assessments and updates
  • Access controls and authentication requirements

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy.

  • Account data: Retained while your account is active and for a reasonable period after closure
  • Inventory data: Retained according to your subscription and deleted upon account deletion
  • Legal/compliance data: Retained as required by law (typically 6-7 years for financial records)

8. Your Rights (UK GDPR)

Under UK GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Data portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw consent: Withdraw consent for consent-based processing
  • Lodge a complaint: File a complaint with the ICO (Information Commissioner's Office)

To exercise any of these rights, please contact us at team@tally.sh.

9. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential cookies: Required for authentication and basic functionality
  • Analytics cookies: To understand how you use the Service (Vercel Analytics)
  • Performance cookies: To monitor and improve performance (Vercel Speed Insights)

You can control cookies through your browser settings. Note that disabling essential cookies may affect Service functionality.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the UK. We ensure adequate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the UK government
  • Service providers with appropriate data protection measures

11. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

You also have the right to lodge a complaint with the UK supervisory authority:

  • Information Commissioner's Office (ICO)
  • Website: ico.org.uk
  • Telephone: 0303 123 1113
Tally