Privacy Policy

Last updated: December 11, 2025

Effective date: December 11, 2025

1. Introduction

Welcome to Tallyups. This Privacy Policy explains how Tallyups ("we", "our", "us", or the "Service") collects, uses, stores, and protects your personal information when you use our receipt management application.

By using Tallyups, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

Account Information: Your email address used for authentication via Google OAuth 2.0 or Apple Sign In
Transaction Data: Financial transaction records you voluntarily import for receipt matching
User Preferences: Settings and preferences you configure within the application

2.2 Information Collected Through Google APIs

With your explicit permission, we access the following data through Google APIs:

            Google API Scopes We Request:
            
                    Scope
                    Purpose
                    Data Accessed
                
                    gmail.readonly
                    Scan for receipt emails
                    Email messages matching receipt patterns
                
                    gmail.modify
                    Organize processed receipts
                    Apply labels to processed emails
                
                    gmail.labels
                    Create receipt labels
                    Create and manage labels
                
                    contacts.readonly
                    Identify known merchants
                    Contact names for merchant identification
                
                    calendar.readonly
                    Match receipts to events
                    Calendar events for date correlation

Scope	Purpose	Data Accessed
`gmail.readonly`	Scan for receipt emails	Email messages matching receipt patterns
`gmail.modify`	Organize processed receipts	Apply labels to processed emails
`gmail.labels`	Create receipt labels	Create and manage labels
`contacts.readonly`	Identify known merchants	Contact names for merchant identification
`calendar.readonly`	Match receipts to events	Calendar events for date correlation

2.3 Receipt Data Extracted

From your emails, we extract and store:

Merchant/vendor names
Transaction amounts
Purchase dates
Receipt images (PDF attachments or email screenshots)
Order/confirmation numbers

3. How We Use Your Information

We use the collected information solely to provide and improve the Tallyups service:

Receipt Organization: Automatically scan, categorize, and organize your receipts
Transaction Matching: Match receipts to your imported financial transactions
Expense Reporting: Generate expense reports for personal or business use
Search & Retrieval: Enable you to search and retrieve receipts quickly
Service Improvement: Improve receipt detection accuracy and user experience

            We do NOT:
            Sell your data to third parties
Use your data for advertising purposes
Share your email content with anyone
Access emails unrelated to receipts
Store your Google or Apple password (we use OAuth)

        

4. Google API Services User Data Policy Compliance

Tallyups' use and transfer of information received from Google APIs abizeres to the Google API Services User Data Policy, including the Limited Use requirements.

4.1 Limited Use Disclosure

Our use of Google user data is limited to providing and improving the receipt management features described in this policy. Specifically:

We only access, use, store, or share Google user data when necessary to provide the receipt management functionality
We do not use Google user data for serving advertisements
We do not allow humans to read your data unless: (a) we have your affirmative consent, (b) it's necessary for security purposes, (c) it's necessary to comply with applicable law, or (d) our use is limited to internal operations and the data has been aggregated and anonymized

5. Data Storage and Security

5.1 Where We Store Your Data

Database: MySQL database hosted on Railway with SSL/TLS encryption
Receipt Images: Cloudflare R2 object storage with encryption at rest
Authentication Tokens: Encrypted storage, never stored in plain text

5.2 Security Measures

All data transmitted over HTTPS (TLS 1.2+)
OAuth 2.0 for Google and Apple authentication (we never see your password)
Database connections encrypted with SSL
Regular security updates and monitoring
Access controls limiting data access to essential personnel only

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your data only in these limited circumstances:

Service Providers: With trusted third-party services that help us operate our Service (hosting, storage), bound by confidentiality agreements
Legal Requirements: When required by law, subpoena, or legal process
Safety: To protect the rights, safety, or property of Tallyups, our users, or others
Business Transfer: In connection with a merger, acquisition, or sale of assets (you will be notified)

6.1 Third-Party Services We Use

Service	Purpose	Privacy Policy
Google Gmail API	Email access for receipts	Google Privacy Policy
Apple Sign In	User authentication	Apple Privacy Policy
Cloudflare R2	Receipt image storage	Cloudflare Privacy Policy
Railway	Application hosting	Railway Privacy Policy

7. Your Rights and Choices

7.1 Access and Export

You have the right to:

Access all data we have stored about you
Export your receipts and data in standard formats
Request a copy of your personal data

7.2 Deletion

You may request deletion of your data at any time by:

Contacting us at [email protected]
We will delete your data within 30 days of request

7.3 Revoke Access

You can revoke Tallyups' access to your Google account at any time:

Visit Google Account Permissions
Find "Tallyups" in the list of connected apps
Click "Remove Access"

Note: Revoking access will stop new receipt scanning but won't automatically delete previously stored data. Contact us to request data deletion.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service:

Active accounts: Data retained indefinitely while you use the Service
Deleted accounts: Data deleted within 30 days of account deletion request
Backups: May persist in encrypted backups for up to 90 days

9. Children's Privacy

Tallyups is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in compliance with this Privacy Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

Posting the new Privacy Policy on this page
Updating the "Last updated" date at the top
Sending an email notification for significant changes

Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]
Response Time: We aim to respond within 48 hours

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information we collect
Right to delete your personal information
Right to opt-out of the sale of personal information (we do not sell your data)
Right to non-discrimination for exercising your rights

14. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

Right of access to your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing

To exercise these rights, contact us at [email protected].