Privacy Policy

Effective: June 9, 2026

TallyHQ, Inc. | Delaware, USA

arul@tally.kitchen | https://www.tally.kitchen

At a glance — financial data

Your wallet, your USDC purchases (Apple Pay), and your cash-outs to a bank are provided by Coinbase. Coinbase collects and processes your identity-verification (KYC) and payment information under the Coinbase Privacy Policy. Tally does not collect or store your government ID, card, or bank details, and never has access to your private keys. We store your public wallet address and on-chain transaction history.

Part One: Introduction

1. About This Policy

This Privacy Policy ("Policy") describes how TallyHQ, Inc. ("Tally," "we," "us," or "our") — the data controller — collects, uses, discloses, and protects your personal information when you use the Tally mobile application, website, and related services (collectively, the "Service"). The Service is available to users in the United States and Canada (excluding Quebec).

This Policy is incorporated into and forms part of our Terms of Service. Capitalized terms not defined here have the meanings given in our Terms.

Contact for privacy matters: arul@tally.kitchen · TallyHQ, Inc., Delaware, USA.

2. Coinbase Handles Your Financial Data

Your wallet, the purchase of USDC (via Coinbase Onramp / Apple Pay), and the sale of USDC to fiat (via Coinbase Offramp) are provided by Coinbase, Inc. and its affiliates ("Coinbase"). Coinbase, as an independent controller, collects and processes the information needed to provide those services — including identity-verification (KYC) data, payment-method data, and bank-account details — under the Coinbase Privacy Policy.

Tally does not collect, receive, or store your government-issued ID, Social Security number, card number, or bank-account credentials, and Tally never has access to your wallet's private keys or recovery material. We receive only your public wallet address and the on-chain result of your transactions.

Part Two: Information We Collect

3. Account and Identity Information

  • Phone number or email address (for one-time-passcode authentication)
  • Full name and username
  • Date of birth (used to verify you are 18 or older)
  • Profile photo (optional)
  • Device timezone

OTP codes are transient and never stored after verification. Phone numbers and email addresses are not displayed publicly.

4. Wallet and Transaction Information

To enable commitment deposits, we collect and store:

  • Your Coinbase Developer Platform (CDP) wallet address (a public Ethereum address)
  • Your CDP smart wallet address (ERC-4337 account-abstraction wallet)
  • On-chain USDC transaction history relevant to the Service — habit funding, resolution payouts, on-ramp deliveries, and off-ramp withdrawals — and the associated blockchain transaction hashes

Tally does not have access to your private keys or wallet recovery phrases. Key management is handled exclusively by Coinbase's infrastructure. We store wallet addresses (public on-chain information) but never private keys.

Blockchain permanence: wallet addresses, transaction hashes, and smart-contract interactions on the Base blockchain are public by design and cannot be deleted, even on request.

Your fiat payment data (Apple Pay, card, or bank account) used to buy or cash out USDC is collected and processed by Coinbase, not Tally — see Sections 2 and 7.

5. Habit and Verification Data

  • Habit name, type, frequency, commitment amount, and verification deadline
  • Verification records (pass/fail outcomes, timestamps, attempt counts)
  • Photo habits: front and back photos retained 30 days, then permanently deleted; pass/fail records and AI reasoning notes retained indefinitely
  • Screen Time habits: violation events only (app or category, threshold exceeded, timestamp) — not continuous app-usage logs
  • DNS habits: category-match events for active habits only, which may include the matched domain or root domain, matched category, and timestamp — not your full DNS query history
  • HealthKit habits: daily aggregate metrics for the metrics you select — not raw samples

6. Social and Technical Data

Social: friend relationships, friend requests, and push-notification tokens. Public profile data is limited to username, display name, profile photo, and account-creation date. Phone number, email, wallet address, and date of birth are not publicly visible.

Contacts: if you choose to find friends from contacts, phone numbers from your address book are normalized and hashed on your device before matching. Contact names are used locally to label matches in your app and are not sent to Tally. We do not upload your full address book.

Technical: device identifiers, crash reports (Sentry), edge-function execution logs (30-day retention), rate-limit records (1-hour retention), and session tokens.

Part Three: Sensitive Data Categories

7. Photos, AI Verification, and Biometric Data

Photo verifications are uploaded to Tally's storage (Supabase, hosted on AWS). Both photos are transmitted to Google Gemini (primary) and Anthropic Claude (fallback) for analysis. Photos are retained for 30 days, then permanently deleted; pass/fail records and AI reasoning notes are retained indefinitely for dispute review.

BIOMETRIC DATA NOTICE — Illinois BIPA, Texas CUBI, Washington Biometric Law, and similar state statutes:

AI services may analyze facial geometry in selfie photos as part of verification. This constitutes biometric-data processing under several state laws. By submitting a photo for AI verification, you provide explicit written consent to:

  • Capture, storage, transmission to Google Gemini and Anthropic Claude, and analysis of biometric identifiers contained in the photos
  • Retention under the schedule in Section 14 (photos: 30 days; pass/fail and AI reasoning records: indefinitely)

We do not sell biometric data, and we do not share it with third parties for any purpose other than the verification described above. To request a copy of our biometric retention and destruction policy, email arul@tally.kitchen.

8. Screen Time, DNS, and HealthKit

When you enable Screen Time monitoring, Tally collects only the apps/categories you select for habits and the violation events when thresholds are exceeded. We never collect a continuous log of your app usage or the full list of installed apps. App selections are stored as encrypted Apple FamilyActivitySelection tokens — not as readable app names.

When you enable Tally's DNS filter, queries are routed through an encrypted DNS-over-HTTPS connection (NextDNS). Tally stores only the domain-category matches that pertain to your active habits, including the matched domain or root domain when needed to audit the violation — all other DNS queries are processed in memory and immediately discarded by Tally.

HealthKit data access is read-only and limited to the metrics needed for your active habits. We collect daily aggregate totals, not raw samples. HealthKit data is never used for advertising, never shared with third parties for marketing or data mining, never stored in iCloud, and never written back to HealthKit.

Part Four: How We Use and Share Information

9. How We Use Your Information

  • Operating the Service (account, habits, verification, social features, on-chain commitments)
  • Improving AI verification accuracy and the dispute process
  • Fraud prevention and security monitoring
  • Sending transactional push notifications about your habits and account
  • Complying with applicable law

We never sell your personal information. We never use Screen Time, HealthKit, DNS, or biometric data for advertising or data mining. We do not engage in cross-context behavioral advertising.

10. Legal Bases for Processing

10.1 Contract Performance

Creating and managing your account, running your habits, funding and resolving on-chain commitments, verifying outcomes, and managing friend connections.

10.2 Explicit Consent

Screen Time monitoring, encrypted DNS resolution, HealthKit access, photo capture and AI processing (including biometric-data processing), and push notifications. You may withdraw consent at any time, with effect going forward.

10.3 Legitimate Interests

Fraud prevention, security monitoring, debugging, and dispute resolution.

10.4 Legal Obligations

Compliance with applicable laws, including responses to lawful requests from regulators and law-enforcement authorities, and anti-money-laundering obligations applicable to our service providers.

11. Service Providers

We share information with the following service providers, each subject to its own privacy obligations:

  • Coinbase — embedded smart wallet (Coinbase Developer Platform), USDC purchases (Coinbase Onramp / Coinbase Pay, via Apple Pay), and USDC cash-outs (Coinbase Offramp). Coinbase independently collects your identity-verification and payment data under its own privacy policy.
  • Supabase — backend infrastructure, database, file storage
  • Google (Gemini) — AI photo verification (primary)
  • Anthropic (Claude) — AI photo verification (fallback)
  • NextDNS — encrypted DNS resolution for DNS habits
  • Sentry — crash and error tracking
  • Apple Push Notification service / Expo — push notifications

We do not use a separate fiat payment processor; all fiat-to-USDC and USDC-to-fiat conversion is handled by Coinbase.

12. Disclosures Required by Law and Business Transfers

We may disclose information in response to valid legal process, regulatory authority requests, law-enforcement requests, or to protect Tally's rights and the safety of our users.

In a merger, acquisition, sale of all or substantially all of our assets, or similar transaction, your information may be transferred to the surviving or acquiring entity, subject to this Policy or a successor policy with at least equivalent protections. We will notify you of any such transfer.

Part Five: Retention and Your Rights

13. Data Retention

  • Account information: life of account plus 7 years
  • Verification photos: 30 days
  • Pass/fail records and AI reasoning notes: indefinitely
  • Screen Time / DNS / HealthKit violation records, including matched DNS domains for habit violations: indefinitely
  • Push-notification records: 30 days
  • Edge-function error logs: 30 days
  • Rate-limiting records: 1 hour
  • DNS query logs that don't match a habit category: not retained
  • Raw HealthKit samples: not retained
  • Blockchain transaction records (wallet address, tx hash): permanent on-chain by design

14. Your Privacy Rights

14.1 All Users

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Delete your account and associated information once active habits, pending escrow creation, and pending resolutions are complete (with the on-chain exception noted in Section 4)
  • Withdraw consent for Screen Time, DNS, HealthKit, photo, or push-notification access at any time

To exercise any of these rights, email arul@tally.kitchen. We will respond within 45 days. For data held by Coinbase (identity and payment data), contact Coinbase directly.

14.2 California Residents (CCPA/CPRA)

You have the right to:

  • Know what personal information we collect, use, disclose, and retain
  • Delete your personal information, subject to legal exceptions
  • Correct inaccurate personal information
  • Opt out of sale or sharing — Tally does not sell or share your personal information
  • Limit our use of sensitive personal information (which for us includes biometric, precise health, and financial data)
  • Be free from discrimination for exercising any of the above rights

To exercise a California right, email arul@tally.kitchen with subject "California Privacy Request."

14.3 Canadian Residents (PIPEDA)

You have the right to access and correct your personal information, withdraw consent for collection or use, and file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.

14.4 Illinois, Texas, Washington Residents (Biometric Laws)

See Section 7 for the BIPA / Texas CUBI / Washington Biometric Law disclosure and consent. To request a copy of our biometric-data retention and destruction policy, or to revoke biometric consent, email arul@tally.kitchen.

Part Six: Automated Decisions, Security, and More

15. Automated Decision-Making

The Service uses automated systems to determine habit outcomes, which affect your on-chain commitment deposits:

  • AI photo verification determines pass/fail for photo habits
  • Apple Screen Time threshold detection determines whether you exceeded an allowance
  • DNS category matching determines whether a domain you visited counted as a violation
  • HealthKit progress tracking determines whether you met a daily metric target

You may dispute AI photo-verification outcomes through the in-app dispute interface within 24 hours. Outcomes from Screen Time, DNS, and HealthKit verification are not subject to manual dispute, because they are derived directly from on-device data you control.

16. Security and Data-Breach Response

We use TLS 1.2+ in transit, AES-256 at rest, row-level security on our database, rate limiting, and access controls. If a security breach affects your information, we will assess the scope within 72 hours, notify affected users within 30 days, notify regulators as required by law, and — for breaches affecting health-related data — notify the FTC under the Health Breach Notification Rule.

17. Children's Privacy

The Service is not directed to children under 18, and we do not knowingly collect information from anyone under 18. If we discover an account belongs to a minor, the account will be suspended and any associated information deleted.

18. Changes to This Policy

We will provide at least 30 days' notice of material changes via push notification and email, and post the updated policy at tally.kitchen/privacy.

19. Contact Us