Privacy Policy

This Privacy Policy explains how Keegan Whitney, a sole proprietor carrying on business as “Tally” in the Province of Ontario, Canada (“Tally,” “we,” “us,” or “our”), collects, uses, discloses, and protects personal information and business information when you or your organization use the Tally web application, mobile application, marketing website, and related services (collectively, the “Service”).

This policy is designed to comply with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec’s Act respecting the protection of personal information in the private sector (as amended by Law 25), Alberta’s Personal Information Protection Act(PIPA), British Columbia’s Personal Information Protection Act (PIPA), and other applicable Canadian privacy legislation.

Tally is a business-to-business (B2B) service sold to construction contractors and similar small businesses. It is not directed to consumers and is not directed to children. By using the Service, you confirm that you are at least 18 years old (or the age of majority in your province of residence) and are using the Service in the course of your business or employment.

1. Who controls your data

For most data processed through the Service, Tally acts as a “data processor” or “service provider” on behalf of the contractor business that subscribes to the Service (the “Customer”). The Customer is the “data controller” or “business” for the information its users, employees, and agents enter into the Service. If you are an employee or contractor of a Tally Customer, please review your employer’s privacy notice for information about how they handle your data.

Tally acts as the organization accountable for account registration data, billing data, Service telemetry, and data collected through our marketing website.

Privacy Officer.As required by PIPEDA and Quebec Law 25, we have designated a Privacy Officer who is responsible for our compliance with this policy and applicable privacy legislation. You can reach the Privacy Officer at the contact information in §13.

2. Information we collect

2.1 Information you provide

• Account information. Name, email address, company name, role, and authentication credentials (password hash or magic-link session token).
• Receipt content. Photos and images of receipts, invoices, and related documents that you upload or capture with your device camera. We store the original image, a cryptographic hash of the image, and metadata such as upload timestamp and device type. By default we strip GPS EXIF metadata from uploaded images.
• Extracted receipt data. Information extracted from your receipts, including vendor name and address, date, subtotal, tax, total, payment method, and individual line items (description, quantity, unit price, total, category).
• Job and customer data. Job names, job numbers, customer names, and notes you associate with receipts for job-costing purposes.
• Configuration. Category mappings, default preferences, connected accounting realm selection, and notification settings.
• Support communications. Messages you send to our support team and any attachments you include.

2.2 Information from connected services (QuickBooks)

When you connect your Intuit QuickBooks Online account to Tally, you authorize Intuit to share certain data with us. We request only the OAuth scopes necessary to operate the Service:

• Accounting data scope. Read and write access to Purchases, Bills, Attachables, Vendors, Customers, Classes, Accounts, Items, Tax Codes, Company Preferences, and Projects within the QuickBooks realm(s) you connect.
• OpenID profile scope. Your QuickBooks user identifier and realm/company identifier, used to link the connection to your Tally account.

We store reference data pulled from QuickBooks (such as your chart of accounts, vendor list, customer list, and tax codes) so that we can map your receipts to the right accounts, vendors, and jobs without repeatedly calling the QuickBooks API. We store OAuth access and refresh tokens in encrypted form (see §7). You can disconnect your QuickBooks account from the Service at any time from the in-app QuickBooks settings, which revokes our tokens with Intuit and stops further data exchange.

Our use of information received from QuickBooks APIs adheres to the Intuit Developer Policies, including the Limited Use requirements.

2.3 Information collected automatically

• Device and connection data. IP address, browser type and version, operating system, device model, time zone, language, referring URL, and approximate geolocation (derived from IP address, not precise GPS).
• Usage data. Pages and screens viewed, buttons tapped, features used, error events, performance metrics, and timestamps. Captured in aggregated and pseudonymous form.
• Cookies and local storage. Authentication cookies, a small number of first-party analytics cookies, and browser local/IndexedDB storage used for the offline capture queue. We do not use third-party advertising cookies.

3. How we use information

We use the information described above to:

• Provide the core Service: receive receipt images, run optical character recognition (OCR), extract structured data, match vendors and jobs, and write Purchases, Bills, and Attachables to your QuickBooks account on your instruction.
• Authenticate you, maintain your session, and enforce account-level access controls.
• Send transactional communications (sync failure alerts, reauthentication reminders, important service notices). You cannot opt out of transactional messages without closing your account.
• Detect, investigate, and prevent abuse, fraud, unauthorized access, and violations of our Terms.
• Measure, troubleshoot, and improve the Service, including diagnosing bugs, benchmarking performance, and analyzing feature adoption.
• Comply with legal obligations, respond to lawful requests from public authorities, and enforce our agreements.

We do not sell or rent your personal information or your receipt data. We do not use your receipt content or QuickBooks data to train generalized machine learning models, and we do not share it with third parties for their own marketing.

AI processing. Receipt images are sent to a commercial large language model provider (Anthropic, via the Vercel AI Gateway) to perform OCR and extract structured fields. Images and extracted text are processed under a Zero Data Retention arrangement: the provider does not retain your content after the request completes and does not use it to train models.

4. How we share information

We share information only with the sub-processors and third parties described below, and only to the extent necessary for the purposes listed in §3.

4.1 Sub-processors

Each sub-processor is contractually bound to use your information only to provide its service to us and to maintain appropriate security safeguards.

4.2 Other disclosures

• Legal and safety. We may disclose information to comply with applicable law, regulation, legal process, or enforceable governmental request; to protect the rights, property, or safety of Tally, our users, or others; or to investigate and prevent suspected fraud, abuse, or violations of our Terms.
• Business transfers. If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to standard confidentiality protections and notice to you where required by law.
• With your direction. We share information with third parties you explicitly connect (for example, your chosen QuickBooks realm) or authorize.

5. Data retention

• Receipt images and extracted data. Retained for as long as your account is active, plus up to 30 days after account deletion to allow for recovery and dispute resolution, then permanently deleted or de-identified. You can delete individual receipts from the app at any time.
• QuickBooks tokens and reference data. Deleted within 30 days of disconnecting your QuickBooks account or closing your Tally account.
• Audit logs and security events. Retained for up to 2 years to support incident investigation and legal obligations.
• Billing records. Retained for 7 years to comply with tax and accounting law.
• Backups. Encrypted backups may persist for up to 35 days after deletion from primary systems.

6. Cross-border transfers and storage

Your information is processed and stored in the United States. Tally is operated from Canada, but our hosting, database, object storage, AI processing, rate limiting, error monitoring, product analytics, and transactional email sub-processors are all based in the United States (see §4.1). This means that personal information that Tally collects in Canada is transferred to, processed in, and stored in the United States.

While the information is in the United States, it is subject to U.S. laws, including laws that may require disclosure to U.S. government agencies, law-enforcement authorities, and courts. U.S. privacy protections differ from those in Canada.

We require each U.S. sub-processor to provide a comparable level of protection through contractual safeguards, including confidentiality, security, breach notification, and purpose-limitation obligations. By using the Service, you consent to the transfer, processing, and storage of your information in the United States on the terms described here. You may contact our Privacy Officer (§13) for more information about the safeguards we have in place.

If you access the Service from outside Canada or the United States (for example, the European Economic Area or the United Kingdom), your information will also be transferred to and processed in Canada and the United States. Where required, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Addendum.

7. Security

We protect your information with layered safeguards, including:

• TLS 1.2+ encryption in transit for all Service endpoints.
• Encryption at rest for database contents and object storage.
• Envelope encryption of QuickBooks OAuth access and refresh tokens using pgsodium with keys managed by Supabase Vault.
• Row-Level Security (RLS) in Postgres as the primary authorization boundary between tenants.
• Short-lived signed URLs for all receipt image access.
• Rate limiting, bot detection, HMAC webhook verification, and replay protection on all inbound integrations.
• Least-privilege access for personnel, audit logging, and secret rotation.

No security program is perfect. If we discover a breach affecting your information, we will notify you and the relevant authorities without undue delay and in accordance with applicable law.

8. Your rights and choices

Under PIPEDA, Quebec Law 25, Alberta PIPA, BC PIPA, and other applicable laws, you have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate or incomplete information.
• Withdraw your consent to our collection, use, or disclosure of your information, subject to legal or contractual restrictions and reasonable notice.
• Request the deletion (de-indexing or destruction) of your personal information, subject to legal retention requirements.
• Request that your information be communicated to you or transferred to another organization in a structured, commonly used technological format (data portability, Quebec Law 25).
• Be informed about and object to any decision based exclusively on automated processing that produces legal or similarly significant effects on you (Quebec Law 25).
• Not be subject to unlawful discrimination or retaliation for exercising any of these rights.

Automated decision-making. Tally uses AI to suggest categorizations, vendor matches, and job mappings for your receipts, but all such suggestions are advisory only. You (or the user you designate) must review and approve or override the suggestions before data is written to QuickBooks. We do not make decisions about you based solely on automated processing that produce legal or similarly significant effects.

To exercise a right, email our Privacy Officer at privacy@tally.contractors. We will respond within 30 days as required by PIPEDA (or sooner where required by applicable provincial law). If you are an employee or contractor of a Tally Customer, we will refer your request to your employer as the organization accountable for that information.

If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or your provincial privacy regulator (for example, the Commission d’accès à l’information du Québec, the Office of the Information and Privacy Commissioner of Alberta, or the Office of the Information and Privacy Commissioner for British Columbia).

9. Children’s privacy

The Service is not directed to, and we do not knowingly collect personal information from, individuals under 18 years of age. Where required by Quebec Law 25 or other applicable legislation, we will obtain parental consent before collecting personal information from a person under 14 years of age. If you believe a minor has provided us with personal information, contact us and we will take steps to delete it.

10. Quebec residents (Law 25 supplemental notice)

If you reside in the Province of Quebec, the following supplemental disclosures apply under Quebec’s Act respecting the protection of personal information in the private sector (as amended by Law 25):

• Person in charge.The person in charge of the protection of personal information is our Privacy Officer, whose contact information is in §13.
• Purposes and means of collection.We collect your personal information for the purposes described in §3, through the means described in §2 (directly from you, from connected services you authorize, and automatically when you use the Service).
• Third parties and locations.Your personal information may be communicated to the sub-processors listed in §4.1, which are located in the United States. See §6 for our cross-border transfer disclosures.
• Rights.You have the rights described in §8, including the right to access, correction, withdrawal of consent, de-indexing, cessation of dissemination, and portability.
• Cookies and similar technologies. Our website uses a small number of strictly necessary and first-party analytics cookies. We do not use third-party advertising cookies.

French language. If you are a Quebec resident or your contractor business is established in Quebec, a French-language version of this Privacy Policy is available on request from our Privacy Officer. By using the Service in English, you confirm that this is your express wish (Vous confirmez votre volonté expresse que la présente politique soit rédigée en anglais).

11. Mobile application permissions

Our mobile application requests the following device permissions to provide its features:

• Camera. To photograph receipts. Images are uploaded only when you confirm the capture.
• Photo Library (read-only).Optional. Used only to import an existing receipt photo if you tap “Import.”
• Notifications. Optional. Used to alert you when a receipt fails to sync or your QuickBooks connection needs to be refreshed.

You can change these permissions at any time in your device settings. The app does not request location, contacts, microphone, or background location access.

12. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you in the app and by email before the changes take effect. The “Last updated” date at the top of this page indicates when the policy was most recently revised.

13. Contact us

If you have questions or concerns about this Privacy Policy, wish to exercise a privacy right, or wish to file a complaint, contact our Privacy Officer: