Privacy Policy

Tallyify (“Tallyify”, “we”, “us”) operates the Tallyify platform — an AI pricing intelligence and spend-monitoring service available at tallyify.com, together with our API, SDK and CLI. For the purposes of the GDPR, Tallyify is the data controller of the personal data described below.

You can reach us about privacy matters at info.tallyify@gmail.com.

• Account data: your email address, username, hashed password, and two-factor authentication (2FA) status.
• Profile data: optional information you add, such as a bio or avatar image.
• Subscription & billing data: your plan, subscription status and renewal dates. Card payments are processed by Stripe — we never see or store your full card details.
• Usage telemetry (SDK/API): aggregated metrics only — token counts, estimated cost, latency, request status, and the AI provider/model used, plus any optional metadata you choose to send. We never receive your prompts, your model responses, or your AI provider API keys.
• Support communications: messages you send us through the contact form or priority support chat.
• Cookies: a strictly necessary session cookie to keep you signed in (see our Cookie Policy).

• To provide the service — manage your account, watchlists, alerts, dashboards and team workspaces. (Legal basis: performance of a contract.)
• Authentication & security — sign-in, 2FA, fraud and abuse prevention. (Legal basis: legitimate interest / contract.)
• Billing — process subscriptions and issue invoices via Stripe. (Legal basis: contract / legal obligation.)
• Product analytics & improvement — understand how features are used to improve them. (Legal basis: legitimate interest.)
• Communications — service emails (verification, password reset, alerts) and product announcements. (Legal basis: contract / consent.)

We do not sell your personal data. We share it only with service providers (data processors) that help us run the platform, under appropriate data-processing agreements:

• Stripe — payment processing and invoicing.
• Aiven — managed database hosting.
• Email provider — delivery of transactional and notification emails.
• Hosting & infrastructure providers — to operate and serve the application.

We may also disclose data where required by law or to protect our rights and the safety of our users.

Where data is transferred outside the European Economic Area, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) to ensure your data remains protected.

• Account & profile data: kept while your account is active, and deleted when you delete your account.
• Usage telemetry: retained to power your analytics, and removed when your account is deleted.
• Billing records: retained as required by applicable tax and accounting law.

You can delete your account at any time from Profile → Danger Zone, which permanently removes your data as described above.

If you are in the EU/EEA, you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erasure (“right to be forgotten”) — delete your data.
• Restrict or object to certain processing.
• Data portability — receive your data in a portable format.
• Withdraw consent at any time, where processing is based on consent.
• Lodge a complaint with your local supervisory authority (in Italy, the Garante per la protezione dei dati personali).

To exercise any of these rights, email us at info.tallyify@gmail.com.

• Encryption in transit (HTTPS/TLS) for all traffic.
• Passwords stored only as salted hashes, never in plain text.
• Optional two-factor authentication (2FA).
• Access controls and the principle of data minimisation.

We may update this Privacy Policy from time to time. We will revise the “Last updated” date above and, where appropriate, notify you of material changes.