Privacy Policy

Last updated: December 4, 2024

Introduction

TallyUp ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and share information when you use our mobile application (the "App") available on iOS and Android platforms.

1. Information We Collect

1.1 Account Information

When you create an account using email/password or sign in via Google Sign-In, we collect:

• First name and last name
• Email address
• Authentication credentials (encrypted passwords or OAuth tokens)

Guest Mode: If you use the App as a guest, no account information is collected. All data is stored locally on your device and is not accessible to us.

1.2 Expense and Group Data

When you use TallyUp, we collect and store:

• Expense details (amounts, descriptions, dates, currencies)
• Group information (names, member lists)
• Payment records and settlement information
• Receipt images you upload
• Notes and attachments associated with expenses
• Currency preferences and conversion data

For registered users, this data is stored in Google Firebase Firestore. For guest users, data remains solely on your device.

1.3 Usage Data and Analytics

We collect anonymized usage information through Firebase Analytics and Crashlytics, including:

• App opens, feature usage, and screen views
• Device information (type, operating system version, language)
• Crash logs and error reports to diagnose technical issues
• Performance metrics

This analytics data is anonymized and does not contain personal identifiers.

1.4 Technical and Device Information

We automatically collect certain technical information:

• IP address (temporarily, for service delivery)
• Device identifiers (for authentication and service provision)
• App version and installation data

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Provision: To provide, maintain, and improve the App's expense tracking and group management features
• Account Management: To authenticate users, manage accounts, and prevent unauthorized access
• Data Synchronization: To sync your expense data across your devices (registered users only)
• Feature Development: To understand how users interact with the App and develop new features
• Technical Support: To respond to your questions and provide customer support
• Security: To detect, prevent, and address technical issues, fraud, and security vulnerabilities
• Legal Compliance: To comply with applicable laws and regulations
• Communications: To send account-related notifications (we do not send marketing emails unless you opt in)

3. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We share your information only in the following limited circumstances:

3.1 Service Providers

• Google Firebase: For authentication, cloud storage (Firestore), analytics, and crash reporting
• Cloud Hosting: Your data is hosted on Google Cloud Platform infrastructure

These service providers are bound by confidentiality obligations and may only use your data to provide services to us.

3.2 Group Members

When you create or join a group, your name and expense information within that group is visible to other group members. This is essential for the App's functionality.

3.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

• Comply with legal obligations
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing
• Protect the personal safety of users or the public

3.4 Business Transfers

If TallyUp is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

4. Data Storage and Security

We implement appropriate technical and organizational security measures to protect your data:

• Data encryption in transit (HTTPS/TLS)
• Data encryption at rest in Firebase
• Firebase Security Rules to control data access
• Regular security assessments
• Secure authentication mechanisms

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Data Location: Your data is stored on Google Cloud Platform servers, which may be located in various regions. Google Firebase complies with applicable data protection regulations.

5. Data Retention and Deletion

5.1 Registered Users

We retain your personal data for as long as your account is active or as needed to provide you with services. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

5.2 Guest Users

Guest user data is stored only on your device. It is not uploaded to our servers. The data will be deleted if you uninstall the App or clear the App's data from your device settings.

5.3 Deleting Your Account

You can request deletion of your account and all associated data by emailing james@tally-up.org with the subject "Delete My TallyUp Account". Upon receiving your request, we will:

• Verify your identity
• Delete your account from our authentication system
• Delete all your expense, group, and receipt data from Firebase Firestore
• Remove you from all groups you've joined
• Delete backups within 30 days

Note: Other group members will no longer see your name or information in shared groups after deletion.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal data:

6.1 Access and Portability

You have the right to access the personal data we hold about you and request a copy in a portable format.

6.2 Correction

You can update your account information directly in the App settings. You can also contact us to correct inaccurate data.

6.3 Deletion (Right to be Forgotten)

You can request deletion of your personal data by contacting us as described above.

6.4 Restriction and Objection

You may have the right to restrict or object to certain processing of your data.

6.5 Withdraw Consent

Where we process data based on consent, you may withdraw that consent at any time.

6.6 Opt-Out of Analytics

You can limit data collection by adjusting your device's privacy settings or disabling analytics in the App settings (if available).

To exercise any of these rights, please contact us at james@tally-up.org. We will respond to your request within 30 days.

7. Children's Privacy

TallyUp is not intended for use by children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal data, we will take steps to delete such information. If you believe a child has provided us with personal data, please contact us at james@tally-up.org.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those of your country. By using TallyUp, you consent to the transfer of your information to countries outside your country of residence, including the United States, where our service providers operate.

9. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell your information)
• Right to non-discrimination for exercising your rights

To exercise these rights, contact us at james@tally-up.org.

10. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including those outlined in Section 6 above. Our legal basis for processing your data includes:

• Contract Performance: Processing necessary to provide the App's services
• Legitimate Interests: To improve our services and ensure security
• Consent: Where you have explicitly consented to processing
• Legal Obligation: Where required by law

11. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify you through the App or by email (for registered users)
• Obtain your consent if required by applicable law

We encourage you to review this policy periodically. Your continued use of the App after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

Email: james@tally-up.org
Subject Line: Privacy Policy Inquiry

We will respond to your inquiry within 30 days.