What we do with your data.

1. What we collect

• Account info. Email, display name, timezone, and the authentication record Supabase keeps for signing you in (a hashed password or OAuth identifier; we never see your password in plaintext).
• Brokerage data via SnapTrade. When you connect a brokerage, we receive account names, balances, holdings, and transactions on a read-only basis through SnapTrade. We never see your brokerage password and we cannot place trades on your behalf. Transaction history starts from the day you connect — we do not backfill prior history.
• User-generated content. Goals you set, plans you enroll in, challenges you join, competitions you start or accept invitations to, notes you write, and reactions you post on shared activity.
• Behavior data.Computed server-side from your transaction history: cadence (how often you contribute), streaks, contribution patterns, personal records, and similar aggregates. These computed values are stored in our database alongside the raw transactions they're derived from.
• Device data. If you opt in to browser push notifications, we store the push subscription token your browser issues. If you opt in to mobile push later, we store the equivalent mobile token. Tokens are revoked when you opt out.
• Telemetry. Error logs (via Sentry) and product analytics (via PostHog), used to find bugs and understand which surfaces people use. Both can be opted out of — see Your rights below.

2. What we don't collect

• Tracking pixels, behavior fingerprints, or cross-site cookies
• Advertising identifiers
• Anything from your brokerage we don't need (no statements, no tax documents, no beneficiary information)
• Data we sell to anyone — your data is never sold and is not used for advertising

3. How AI processing works

Most of Tally's outputs — daily and weekly dispatches, Ask Tally responses, insights — are generated by an AI model. We currently use Anthropic Claude. To generate a response, we send the relevant portion of your portfolio context (holdings, transactions, goals, computed patterns) to Anthropic's API.

• Your data is not used to train Anthropic's models. This is enforced by Anthropic's commercial API policy.
• Anthropic may retain API inputs and outputs for limited windows (typically up to 30 days) for safety and abuse-detection purposes. They do not access this data for any other purpose without legal compulsion.
• We use prompt caching to reduce the cost and latency of repeated queries. Cached prompts persist on Anthropic's infrastructure for short windows (currently up to one hour, per their published documentation).
• AI-generated outputs (dispatches, recap text, Ask Tally answers) are stored in our database and shown only to you, unless you explicitly share them via a comparison surface or invite link.

4. Who sees what

On any shared surface (competitions, paired comparisons, public shares), the people you've invited see what that surface's visibility setting allows — either full snapshots (balance and contributions) or aggregate-only (numbers without holdings). You control the visibility setting per surface. Nobody outside your shared surfaces sees anything about you.

Tally staff can read aggregate operational stats (e.g., how many users have at least one connected brokerage, how often an AI surface is used). We don't go reading individual portfolios. We may need to look at your specific data to debug an issue you've reported — in that case, we'll only do it after you ask us to and we'll only look at what's needed to fix the bug.

5. Service providers

We use the following third parties to operate Tally. Each has its own privacy policy linked below; using Tally means accepting that your data passes through these providers.

• Supabase — Postgres database and authentication. supabase.com/privacy
• SnapTrade — read-only brokerage data bridge. snaptrade.com/privacy
• Anthropic — AI model provider for dispatches, Ask Tally, and insights. anthropic.com/legal/privacy
• Vercel — hosting and edge compute. vercel.com/legal/privacy-policy
• Resend — transactional email (recap emails, password resets). resend.com/legal/privacy-policy
• Sentry — error tracking. sentry.io/privacy
• PostHog — product analytics. posthog.com/privacy

We may share data with these providers as needed to operate the service. We do not share your data with any other third party unless required by law (e.g., subpoenas, court orders), in which case we'll notify you when legally permitted.

6. Data retention

• Active accounts: retained indefinitely while your account is open. Your data is your data.
• Deleted accounts: removed from our primary database immediately on request. Backups may retain a copy for up to 30 days before they roll over.
• Transaction history: retained from your signup date forward, for as long as your account is active.
• AI insight history: retained for up to one year, then archived or deleted.
• Logs: error logs and access logs are retained for up to 90 days.
• Email opt-out preferences: retained indefinitely even after account deletion, so we never re-email someone who asked us to stop.

7. Your rights

• Access.You can request a copy of your data at any time. A self-serve export is on the roadmap; for now, email us and we'll send you a JSON export within a reasonable window.
• Deletion. Delete your account from settings. This takes effect immediately in our primary database; backups roll over within 30 days. We also disconnect your SnapTrade link as part of deletion.
• Correction.Update your profile (display name, timezone, email preferences) directly from settings. For corrections to data you can't edit yourself, email us.
• Telemetry opt-out. Toggle Sentry and PostHog reporting in settings. Errors will still be logged server-side (we need that to keep the service running); client-side tracking and analytics will stop.
• Push notification revocation. Revoke per browser via the browser's site settings, or disable from Tally's settings page.

8. Children's privacy

Tally is for users 18 and older. We don't knowingly collect data from anyone under 18. If you believe a minor has created an account, email us and we'll delete it.

9. International users

Tally's data is stored on Supabase and Vercel infrastructure, currently in US and Canadian regions. If you're in the EU, UK, or another jurisdiction with cross-border data transfer requirements, this means your data crosses borders to reach us. We rely on the standard contractual clauses of our subprocessors to provide a lawful basis for transfer.

If you're in California, the CCPA gives you specific rights (access, deletion, opt-out of sale). We don't sell data — period — so the opt-out doesn't apply. The access and deletion rights are covered by the "Your rights" section above.

10. Cookies

We use the minimum cookies needed to keep you signed in (Supabase session cookies) and to remember your theme preference (light or dark). We do not set advertising cookies, cross-site tracking cookies, or fingerprinting cookies. PostHog uses a first-party cookie for product analytics; you can opt out from settings.

11. Changes to this policy

We version this policy. When material changes happen, we bump the version string at the bottom of this page, and you'll be re-prompted to accept the new version the next time you visit Tally. The changelog below lists what changed.

12. Contact

Privacy questions, complaints, data access or deletion requests: hello@tallyup.live.