Legal
Privacy Policy
Tally handles sensitive information: your bank transactions, email content, and calendar. This policy explains exactly what we collect, why, where it goes, and the choices you have. If anything here is unclear, email hello@tallyio.com.au before you connect an account.
1. Who we are
Tally ("Tally", "we", "us", "our") is a household finance application operated from Melbourne, Australia by the team behind Tally. We are the entity responsible for the personal information described in this policy, and you can identify and contact us at hello@tallyio.com.au. Tally is a pre-launch venture; our formal business registration details (including our ABN) will be published here once registered, and our registered postal address is available on request by emailing us.
We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where it applies to you, we also aim to meet the standards of the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Bank data shared through the Consumer Data Right is additionally governed by the rules described in section 4.
2. What we collect
We collect only what the app needs to function. Depending on which features you use, that includes:
| Category | Examples | Source |
|---|---|---|
| Identity & account | Your name and email address from Google sign-in; allowlist status; session records | Google OIDC sign-in |
| Financial data | Account names, balances, and transaction details (date, amount, description, merchant); loan and property figures you enter; budgets and categories | Your bank via an accredited CDR provider; and data you enter |
| Email content & metadata | Message subjects, senders, recipients, snippets, labels, bodies and attachments you choose to process; drafts we generate at your request | Your Google account (with your consent) |
| Calendar data | Events we read or create on your behalf | Your Google account (with your consent) |
| Voice memos | Audio you record and its transcript | You |
| Derived data | AI-generated categories, extracted bills/actions/events, insights, and usage logs | Generated by the app |
| Waitlist & enquiries | Email, optional name, and preferences you submit; messages you send us | You |
| Technical | Minimal request logs needed to operate and secure the service | Automatic |
We do not collect bank login credentials — you authenticate directly at your bank, never with us. We do not run third-party advertising or analytics trackers.
3. How we use your information
We use your information only to provide and operate the features you ask for:
- Sign you in and keep your session secure.
- Display your accounts, transactions, budgets, net worth and forecasts.
- Categorise transactions, detect recurring bills, and generate insights.
- Read selected emails to extract transactions, bills, actions and event candidates; create calendar events; and draft (never send) replies, all at your direction.
- Transcribe and summarise voice memos you record.
- Respond to your enquiries and, if you joined the waitlist, tell you when there is something to try.
- Maintain security, prevent abuse, keep audit logs, and meet legal obligations.
Our legal bases (where the GDPR applies) are: performance of our contract with you; your consent (which you can withdraw); and our legitimate interests in operating and securing the service. We do not sell your personal information, and we do not use it for advertising.
4. Bank data & the Consumer Data Right
Bank transactions reach Tally through an accredited Consumer Data Right (CDR) provider (our open-banking partner, Fiskil), not by screen-scraping. You grant consent at your bank, on a per-account basis, and that consent expires at least every 12 months by law. Key points:
- Read-only. Tally requests transaction and balance data only. We cannot move money, make payments, or change anything at your bank.
- No credentials. Your bank passwords never reach Tally or our partner; authentication happens at your bank.
- Your control. You can withdraw bank-data consent at any time through your bank or our partner, and ask us to delete the data we hold.
- Signed transport. Transactions are delivered to our server over a cryptographically signed (HMAC) channel and rejected if the signature does not verify.
Where data is shared under the CDR, its collection and handling is also governed by the CDR consent you give and by our partner's CDR policy. Please review your bank's and the partner's CDR disclosures when you grant consent.
5. Google user data (Gmail & Calendar)
If you connect a Google account, Tally requests only the scopes needed for the feature you enable:
| Scope | Why we ask | What it does not allow |
|---|---|---|
| gmail.readonly | Read message metadata and bodies to extract bills, transactions, actions and events | Modifying or deleting messages |
| gmail.compose | Create draft replies you review | Sending — no send scope is ever requested |
| gmail.modify | Add or remove labels to organise mail | Sending, deleting or moving messages |
| calendar.events | Read and create calendar events | Emailing invitations to attendees (updates are suppressed) |
Google API Services Limited Use disclosure. Tally's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: we use Google user data only to provide and improve the user-facing features above; we do not use it for advertising; we do not sell it; we do not use it to train generalised or foundation AI/ML models; and we do not allow humans to read it except with your consent, for security or to comply with applicable law, or where the data is aggregated and anonymised.
Email content is processed only to power the features you turn on. To do this, message text you choose to process is sent to our AI provider (see section 6) solely to generate the extraction or draft for you; it is not used to train that provider's models. We never request the ability to send email on your behalf — outbound actions stop at a draft you must send yourself. You can disconnect Google at any time in Settings, which revokes our access at Google and deletes the stored connection.
6. AI processing
Tally uses Anthropic's Claude models to categorise transactions, extract items from email, transcribe and summarise voice memos, draft reply text, and write monthly insights. Anthropic acts as our processor for this purpose.
- What is sent: the specific content needed for the task — e.g. a transaction's description, merchant, amount and date; an email body and your category list; or a voice transcript.
- What is never sent: your Google refresh tokens, our encryption keys, webhook secrets, or session-signing secrets.
- No model training: content is sent under Anthropic's commercial API terms, under which inputs and outputs are not used to train its models.
- Untrusted-content guard: external content (such as an email body) is treated strictly as data to extract from, never as instructions, and the models return structured output only.
AI outputs (categories, extracted bills, forecasts, insights) are automated estimates and may be incomplete or wrong. Always verify against your own records before relying on them.
7. Who we share with
We share personal information only with the service providers needed to run Tally, each acting on our instructions:
| Provider | Purpose |
|---|---|
| Cloudflare | Hosting, database, file and cache storage, and network security for the entire app |
| Sign-in, and (if you connect it) Gmail and Calendar access | |
| Fiskil | Accredited open-banking access to your bank data |
| Anthropic | AI processing as described in section 6 |
We may also disclose information where required by law, to protect our or others' rights and safety, or as part of a sale or restructure of the business (in which case we will require the recipient to honour this policy, and CDR and Google data will be handled per the applicable rules and your consent). We do not sell your personal information.
8. Storage, location & security
Tally runs on Cloudflare's platform. Your data may be stored and processed on servers located outside Australia (including by Cloudflare, Google and Anthropic). By using the service you acknowledge this cross-border handling; we take reasonable steps to ensure recipients protect your information.
We apply security measures appropriate to the sensitivity of the data, including:
- Google refresh tokens encrypted at rest (AES-GCM) with a key held only on the server.
- Encryption in transit (HTTPS) and at rest for stored data.
- Passwordless sign-in via Google; short-lived, HttpOnly, Secure session cookies.
- Signed webhooks, request-origin checks (CSRF protection), and audit logging of sensitive actions.
No system is perfectly secure. We cannot guarantee absolute security, and you are responsible for keeping your own device and Google account secure. If we become aware of a data breach likely to cause you serious harm, we will notify you and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme.
9. Retention & deletion
We keep personal information only as long as needed for the purposes above or as required by law. As a guide:
- Raw bank-feed payloads in our archive are retained for approximately 90 days.
- Email attachments and financial records you choose to keep may be retained longer where you need them for tax or record-keeping.
- Disconnecting Google revokes access and deletes the stored connection; closing your account deletes your associated data, subject to limited records we must retain by law.
You can ask us to delete your data at any time (see section 10). Some backups may persist for a short period before being overwritten.
10. Your rights & choices
Subject to the law that applies to you, you may:
- Access the personal information we hold about you and ask for a copy.
- Correct information that is inaccurate or out of date.
- Ask us to delete your information, or restrict or object to certain processing.
- Withdraw consent (e.g. disconnect Google, or withdraw bank-data consent) at any time, without affecting processing already carried out.
- Request portability of information you provided, where applicable.
To exercise any of these, email hello@tallyio.com.au. We may need to verify your identity first. We will respond within the timeframe required by law.
11. Cookies
We use a single essential, HttpOnly session cookie to keep you signed in. We do not use advertising or third-party analytics cookies. Because the session cookie is strictly necessary to provide the service, it is not used for tracking.
12. Children
Tally is not directed at, and may not be used by, anyone under 18. We do not knowingly collect information from children. If you believe a child has provided us information, contact us and we will delete it.
13. Changes to this policy
We may update this policy as the service evolves. We will post the updated version here and change the "Last updated" date. If the changes are significant, we will take reasonable steps to notify you. Continued use after an update means you accept the revised policy.
14. Contact & complaints
Questions, requests, or privacy complaints: hello@tallyio.com.au. We will acknowledge and investigate any complaint and respond within a reasonable time. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au, or the data-protection authority in your jurisdiction.