Privacy Policy

1. Who We Are

Tally ("Tally," "we," "our," or "us") is an iOS application that helps families and caregivers track, organize, and understand care information for their loved ones. Our contact information is listed at the end of this policy.

2. Information We Collect

Information you provide directly

• Account information: Email address and password when you create an account. Authentication is handled via AWS Cognito.
• Care notes and events: Text and voice messages you send to Tally, including descriptions of medications, appointments, behaviors, incidents, and other care events you choose to log.
• Documents and files: Any photos or documents you upload through the app.
• Profile information: Names and basic details about the loved ones you're caring for, as you choose to provide them.

Information collected automatically

• Device information: Device type, operating system version, and app version for debugging and compatibility purposes.
• Usage analytics: Aggregated, anonymized information about how features are used, collected via Datadog RUM with privacy masking enabled. We do not record session replays. We do not log the content of your care notes.
• Error logs: Technical error information to help us fix bugs. Logs are designed to exclude the content of your care notes or any personal information.

3. How We Use Your Information

• To provide, operate, and improve the Tally service
• To process your messages and generate responses using AI (see Section 4)
• To send you reminders and notifications you've configured in the app
• To authenticate your account and protect against unauthorized access
• To respond to support requests you initiate
• To send product updates and launch notifications, if you've opted in (you can unsubscribe at any time)

We do not use your care notes or personal information to train AI models. We do not sell your personal information to any third party.

4. AI Processing

Tally uses AI to understand your messages and generate helpful responses. Specifically:

• Voice transcription is processed on your device using Apple's on-device speech recognition where available.
• Conversational AI is powered by Claude, a large language model developed by Anthropic. When you send a message to Tally, the text is transmitted securely to Anthropic's API for processing. Anthropic's API is used under a data processing agreement that prohibits using your inputs to train their models.
• Your conversation context (recent messages) is passed with each request to maintain continuity within a session, then is not retained by Anthropic after processing.

For more information about Anthropic's data practices, see anthropic.com/privacy.

5. How We Store and Protect Your Information

Your data is stored on Amazon Web Services (AWS) infrastructure in the United States. We use the following security measures:

• All data is encrypted in transit using TLS
• All data is encrypted at rest using AES-256
• Each user's data is logically isolated using a unique tenant identifier derived from their authenticated account — no user can access another's data
• Files are stored in Amazon S3 and accessed only via short-lived signed URLs
• Authentication tokens are short-lived and cryptographically signed
• Access to production systems is restricted and logged

6. Data Retention

We retain your account data and care records for as long as your account is active. If you delete your account, we will delete your data within 30 days, except where we are required to retain it for legal or compliance purposes.

Analytics logs are retained for up to 90 days.

7. Sharing Your Information

We do not sell, rent, or trade your personal information. We may share data with:

• Service providers: AWS (infrastructure), Anthropic (AI processing), Datadog (analytics) — each under contractual obligations to protect your data and use it only to provide services to us.
• Other users you authorize: If you use care sharing features to share notes with family members or other caregivers, those users will see the content you share.
• Legal requirements: If required by law, court order, or to protect the safety of users or the public.

8. Your Rights and Choices

Depending on where you live, you may have certain rights regarding your personal information:

• Access: You can request a copy of the personal information we hold about you.
• Correction: You can update or correct your account information within the app.
• Deletion: You can request deletion of your account and all associated data. We will process deletion requests within 30 days.
• Portability: You can request an export of your care data in a machine-readable format.
• Opt-out of marketing: You can unsubscribe from marketing emails at any time using the unsubscribe link in any email we send.

To exercise any of these rights, contact us at privacy@tallycare.app.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of your personal information. We do not sell personal information. To submit a CCPA request, contact us at privacy@tallycare.app.

10. Children's Privacy

Tally is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at privacy@tallycare.app.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app or by email. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of Tally after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@tallycare.app
• Support: support@tallycare.app