$ Tally FinanceBack to Home

Privacy Policy

Effective Date: May 14, 2026 · Last Updated: May 14, 2026

1. Introduction

Tally Finance ("we," "our," or "us") operates the Tally Finance personal and business finance platform at tallyfi.app. This Privacy Policy describes how we collect, use, store, and protect your information when you use our website and services.

By using Tally Finance, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

2. Information We Collect

2.1 Account Information

When you create an account, we collect information provided by your OAuth identity provider (Google or GitHub), including:

  • Name
  • Email address
  • Profile picture (if provided by the identity provider)

We do not collect or store passwords. Authentication is delegated entirely to your chosen OAuth provider.

2.2 Financial Data

When you connect a bank account through Plaid or import transactions via CSV, we collect:

  • Account names, types, and balances
  • Transaction history (date, description, amount, category)
  • Account and routing number masks (last 4 digits only)
  • Institution names

We do notreceive, access, or store your bank login credentials. All bank authentication occurs directly through Plaid's secure interface. Your connection of financial accounts is also governed by Plaid's End User Privacy Policy.

2.3 Usage Data

We automatically collect standard usage information including:

  • Pages visited and features used
  • Browser type and device information
  • IP address (for security and fraud prevention)
  • Timestamps of activity

2.4 Payment Information

Subscription payments are processed entirely by Stripe. We do not receive, process, or store credit card numbers or bank account details for payment purposes. We only receive confirmation of payment status from Stripe.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Tally Finance platform
  • Display your financial accounts, transactions, budgets, and analytics
  • Generate AI-powered financial insights and recommendations
  • Detect recurring subscriptions and bill payments
  • Send transactional emails (account alerts, billing confirmations)
  • Prevent fraud and ensure the security of your account
  • Respond to customer support requests

We do not use your financial data for advertising, sell your data to third parties, or share your information with data brokers.

4. How We Share Your Information

We share your information only with the following categories of service providers, and only as necessary to operate the platform:

ProviderPurposeData Shared
PlaidBank account linking & transaction syncTokenized access credentials (not your bank password)
StripeSubscription billingEmail, payment method (handled by Stripe directly)
Neon (PostgreSQL)Database hostingAll application data (encrypted at rest)
VercelApplication hostingServer logs, request metadata
Anthropic (Claude)AI-powered financial insightsAnonymized financial summaries for insight generation
Google Analytics (GA4)Aggregate, anonymized product usage analyticsPage views, device/browser type, approximate region — not your financial data
PostHogProduct analytics (feature usage, funnels)Page views and interaction events. Session recording is disabled; we do not capture your financial data

We may also disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in Transit: All data is transmitted over TLS 1.2 or higher
  • Encryption at Rest: Database encryption provided by Neon PostgreSQL infrastructure
  • Application-Level Encryption: Sensitive tokens (such as Plaid access tokens) are encrypted with AES-256-CBC before database storage
  • OAuth Authentication: No passwords are stored; authentication is delegated to Google and GitHub with multi-factor authentication support
  • Input Validation: All API inputs are validated using schema-based validation to prevent injection attacks
  • Serverless Architecture: No persistent servers to compromise; no SSH access, no open ports

6. Data Retention

  • Active Accounts: Your data is retained for as long as your account is active
  • Cancelled Accounts: Data is retained for 90 days after cancellation, then permanently deleted
  • Account Deletion: You may request complete deletion of your account and all associated data at any time by contacting support
  • Server Logs: Request logs are retained for 90 days for security and debugging purposes

7. Your Rights

You have the right to:

  • Access: View all personal and financial data we store about you
  • Export: Download your data in CSV or PDF format at any time from the Reports page
  • Correction: Update your account information through the Settings page
  • Deletion: Request complete deletion of your account and data
  • Disconnect: Revoke bank connections at any time; we will stop syncing and you may request deletion of previously synced data

To exercise any of these rights, contact us at support@tallyfi.app.

8. Cookies and Tracking

Tally Finance uses essential cookies for authentication session management, and privacy-conscious analytics (Google Analytics 4 and PostHog) to understand aggregate, anonymized product usage so we can improve Tally Finance. Session recording is disabled and we never capture your financial data. We do not use advertising cookies, ad-targeting pixels, or sell your data. You can opt out of analytics using your browser settings or the Google Analytics opt-out browser add-on.

9. Third-Party Links

Our platform may contain links to third-party websites (such as your bank's website during the Plaid connection flow). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

10. Children's Privacy

Tally Finance is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a notice on the platform prior to the change becoming effective. Your continued use of Tally Finance after changes are posted constitutes acceptance of the revised policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, contact us at:

  • Email: support@tallyfi.app
  • Website: tallyfi.app