Privacy Policy

Overview

talliy is a personal finance tracking application developed and operated by PixWhale Labs. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use talliy. By creating an account and using talliy, you agree to the practices described in this policy.

We are committed to protecting your privacy and handling your data with transparency and care. We do not sell, rent, or trade your personal information to third parties — ever.

1. Information We Collect

We collect only what is necessary to provide the talliy service:

• Account information — your email address and a hashed 6-digit passcode
• Security information — your chosen security question and hashed answer (for account recovery)
• Financial data — expenses, salary entries, installments, savings goals, and lent money records that you voluntarily enter
• Usage data — the month and year you access, selected preferences (theme, notification settings)
• Device data — browser push notification subscription token (only if you grant permission)
• Payment data — we do NOT collect or store your payment details. Payments are made via QR code through GCash or Maya. We only record which subscription plan was activated and when it expires.

2. How We Use Your Information

Your information is used exclusively to provide and improve the talliy service:

• To authenticate your account and keep it secure
• To display your financial data across your devices
• To send push notifications for upcoming installment and recurring expense due dates (only with your permission)
• To manage your subscription status and access to premium features
• To recover your account if you forget your passcode
• To improve talliy's performance and fix bugs

We do not use your data for advertising, profiling, or selling to third parties.

3. Data Storage and Security

Your data is stored securely using Supabase, a trusted cloud infrastructure provider. All data is:

• Encrypted in transit using HTTPS/TLS
• Protected by Row Level Security (RLS) — only your account can access your data
• Stored on servers in secure data centers

Your passcode and security answer are stored as cryptographic hashes (SHA-256). This means we cannot see or recover your actual passcode — only you know it.

PixWhale Labs employees and administrators do not have access to your individual financial records.

4. Push Notifications

talliy may send browser push notifications to remind you of upcoming payment due dates. This feature is entirely optional. You may:

• Grant permission when prompted during onboarding
• Enable or disable notifications anytime from the hamburger menu
• Revoke permission through your browser settings at any time

We only send notifications related to your financial data — no marketing messages, no promotional content.

5. Data Sharing

We do not sell, rent, or share your personal data with third parties for any marketing or commercial purpose. We may share data only in the following limited circumstances:

• Service providers — Supabase (database infrastructure). They process data on our behalf and are bound by strict data protection agreements.
• Legal requirements — if required by Philippine law, court order, or government authority.

6. Your Rights

As a talliy user, you have the following rights:

• Access — you can view all your data within the app at any time
• Correction — you can edit any record directly in the app
• Deletion — you can delete individual records or request full account deletion
• Export — you can export your monthly data as PDF or CSV from the dashboard
• Portability — your exported data is in standard formats (CSV) that can be used in other applications

To request account deletion, contact us at hello@talliy.io. All your data will be permanently deleted within 30 days.

7. Data Retention

We retain your data for as long as your account is active. If your account is inactive for more than 24 months with no active subscription, we may delete your data after providing 30 days' notice via email.

Upon account deletion request, all personal data and financial records are permanently removed from our systems within 30 days.

8. Children's Privacy

talliy is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has created an account, please contact us immediately at hello@talliy.io.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. When we make significant changes, we will notify you through the app. The "Last updated" date at the top of this page will always reflect the most recent version.

Continued use of talliy after policy changes constitutes your acceptance of the updated policy.

10. Contact Us

If you have questions, concerns, or requests related to your privacy or this policy, please reach out to us:

• Email: hello@talliy.io
• Website: talliy.io
• Company: PixWhale Labs

We are committed to responding to all privacy-related inquiries within 5 business days.