Get in touch

Legal

Privacy Policy

Last updated:

This privacy policy describes how Accountable Incorporated (“TallyUp”), a Delaware C-corporation, handles personal data collected through tallyupnow.com and the TallyUp product. For questions, write to privacy@tallyupnow.com.

Information we collect

We collect four categories of personal data: account data (your email, name, and organization) that you provide when signing up; authentication identifiers issued by Auth0 when you sign in; product telemetry describing which pages you load and which actions you take inside the product; and the customer-supplied business records you import to reconcile (bank transactions, ledger entries, attachments).

Authentication identifiers

TallyUp uses Auth0 to authenticate users. When you sign in, Auth0 issues identifiers that the product uses to recognize you and your workspace. We do not see or store your password; Auth0 handles credential storage.

Third-party system credentials

When you connect external systems (for example a bank account via Plaid, an accounting system, or a payments processor), the access credentials those providers issue are used only to retrieve your data from that provider. They are handled as secrets, separately from your business records, and are never displayed back to you in the product.

Analytics — what we count, what we don't

Today, this site runs no analytics at all: no analytics script, no cookies, no fingerprinting, no tracking of any kind. If we add measurement later, it will be cookieless aggregate counts — page views and referrers, nothing that identifies an individual — and this page will say so before it happens.

We do not use Google Analytics, Mixpanel, Segment, Hotjar, or any other vendor that records personal data. We do not set advertising cookies. We do not need a consent banner because there is no consent decision to make.

Cookies and similar technologies

The marketing site at tallyupnow.com sets no analytics cookies, no advertising cookies, and no third-party tracking pixels (the analytics described above are cookieless by design). Inside the product, a strictly-necessary session cookie maintains your signed-in session; your browser deletes it when you sign out. The TallyUp product (the app, behind sign-in) holds its own analytics posture, documented separately when product telemetry is in scope.

How we use information

We use the data we collect to provide and secure the service, to communicate with you about your account and the product, to improve TallyUp based on aggregate usage, and to meet our legal obligations. Where required by law we will identify the legal basis for each purpose (contract performance, legitimate interest, consent, or legal obligation) on request. We do not use customer business records to train machine-learning models that are shared across tenants.

Sharing and disclosure

TallyUp relies on a small, named set of subprocessors to run the service: a cloud host, Auth0 for authentication, an email-delivery provider for transactional mail, and the integrations you choose to connect (for example Plaid). We do not sell personal data. We will disclose data when compelled by a valid legal process and, where lawful, will notify the affected customer. The current subprocessor list is available on request via privacy@tallyupnow.com.

Your rights

Depending on where you live, you may have the right to access, correct, delete, or port your personal data, to object to or restrict its processing, and to withdraw consent where processing relies on it (for example under GDPR, the CPRA, and other US state laws). To exercise a right, write to privacy@tallyupnow.com. We aim to respond within 30 days; if we need longer we will tell you why.

Data retention

We retain personal data for as long as your account is open and for the period reasonably needed afterwards to meet statutory retention floors, defend legal claims, and run our books. When you close your account we delete or anonymize your personal data within 90 days unless a longer retention period is required by law or by an active legal hold.

Security

TallyUp is an early-stage company. We do not hold a SOC 2, ISO 27001, or other third-party attestation today. We are honest about that.

We deliberately do not describe security mechanism internals in this policy — implementation details change as the system improves, and stale mechanism prose misleads rather than assures. Customer data is kept separated by workspace, and access to production systems is limited to the people who operate the service. Our posture and our security contact are on the security page.

International transfers

TallyUp is operated from the United States and customer data is processed on US-hosted infrastructure. If you access the service from outside the United States, your data is transferred to and processed in the United States. Where the law requires it (for example for EEA or UK customer data) we rely on the Standard Contractual Clauses, including the UK addendum, as the transfer mechanism; copies are available on request.

Contact us

Privacy questions, data-subject requests, and security reports go to privacy@tallyupnow.com. For everything else, hello@tallyupnow.com reaches a real person. Postal mail can be addressed to Accountable Incorporated, Delaware, USA; the registered-agent street address is available on request.