Privacy Policy

1. Who We Are

Tally (tally.fm) is operated by Tally Technologies Inc., a Delaware corporation ("Tally," "we," "us"). This policy explains what personal information we collect, how we use it, and the choices you have. For data we process on behalf of an organization ("Org") using the Service, the Org is generally the controller of that data and we act as a processor. Questions: support@tally.fm.

2. Data We Collect

• Account information. Name, email address, password (hashed), Org membership and role, and profile settings.
• Customer content. Content you or your Org submit to the Service, including podcast RSS feeds, audio recordings, live-session audio, transcripts, saved media (articles, videos, posts), notes, and guest materials. Audio and transcripts may contain the voices and statements of you, your co-hosts, and your guests — you are responsible for obtaining any consents required to record and process that content.
• Usage analytics. Product usage events, device and browser information, and approximate location derived from IP, collected through self-hosted analytics tools (see Cookies below).
• Payment data. Payments are handled by Stripe. We receive billing status, plan, and the last four digits/card brand for support purposes. We never store full card numbers.
• Communications. Support requests and emails you send us.

3. How We Use Data

• Provide and operate the Service: ingestion, transcription, indexing, search, prep reports, and live-session insights.
• Authenticate users and secure accounts and Orgs.
• Process subscriptions and billing (via Stripe).
• Send transactional email such as sign-in links, notifications, and billing receipts (via Resend).
• Understand product usage and improve the Service (self-hosted analytics).
• Create aggregated, de-identified, or derived data that does not identify you, your Org, or reveal your non-public content, as described in our Terms of Service (Org-level opt-out available via support@tally.fm).
• Comply with legal obligations and enforce our Terms.

We do not sell personal information, and we do not use your content for advertising.

4. AI Processing

Core features of the Service are powered by third-party AI providers. Customer content (such as audio, transcripts, and saved media) may be sent to the AI subprocessors listed on our Subprocessors page — including AssemblyAI (transcription), OpenAI (embeddings), Anthropic and AWS Bedrock (AI analysis and insight generation), and Perplexity (web research) — solely to provide the Service. We use API tiers under which these providers do not train their models on our customers' data, where such tiers are offered.

5. Voice Data (Forward-Looking)

Today, Tally transcribes audio but does not create voice profiles or perform voice identification. In the future, we may offer optional features that recognize individual speakers by voice (for example, automatically attributing speech to a host or returning guest). If and when such features launch:

• No voice profile will be created for any person without that person's explicit, per-person consent collected before processing begins.
• Each person will be able to withdraw consent and have their voice profile deleted at any time.
• We will update this policy and provide notice before these features go live, and we will design them to comply with applicable biometric-privacy laws.

6. Cookies and Analytics

• Session cookie. We set an authentication session cookie (tally_session) on the .tally.fm domain so you stay signed in across Tally subdomains. It is httpOnly and secure in production.
• Analytics. We use self-hosted Umami on the marketing site, and PostHog (hosted in the US) for product analytics and feature flags. PostHog receives usage events, organization identifiers, and plan tier — never your audio, transcripts, or library content.
• No third-party ad trackers. We do not use third-party advertising cookies or trackers.

7. Sharing and Subprocessors

We share data only with the service providers needed to operate Tally — listed on our Subprocessors page — and as required by law (for example, in response to a valid legal request). We may also share data in connection with a merger or acquisition, with notice to you. We do not sell personal information.

8. Data Retention

We retain account data for as long as your account is active. Customer content is retained until you delete it or your Org's account is deleted, after which it is removed from production systems within a commercially reasonable period and from backups on our regular backup cycle. Billing records are retained as required by tax and accounting law. Analytics data is retained in aggregate form.

9. Your Rights

You may request access to, correction of, export of, or deletion of your personal data and your Org's customer content at any time by emailing support@tally.fm. We will respond within the timeframes required by applicable law.

GDPR (EEA/UK users). Our legal bases are: performance of a contract (providing the Service), legitimate interests (security, product improvement, aggregated analytics), consent (where required, e.g., future voice features), and legal obligation (billing records). You have the rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with your supervisory authority.

CCPA/CPRA (California users). You have the right to know, delete, correct, and to non-discrimination for exercising your rights. We do not sell or share personal information as those terms are defined under the CCPA. Aggregated, de-identified data is handled as described in our Terms and is not re-identified.

10. Security

We use industry-standard safeguards including encryption in transit, scoped multi-tenant access controls, role-based permissions, and least-privilege credentials for service providers. No system is perfectly secure; we will notify affected users of any breach as required by law.

11. International Transfers

Our infrastructure and subprocessors are located primarily in the United States. If you use the Service from outside the US, your data will be transferred to and processed in the US. Where required, we rely on appropriate transfer safeguards such as standard contractual clauses with our subprocessors.

12. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact support@tally.fm and we will delete it.

13. Changes and Contact

We may update this policy from time to time; material changes will be announced by email or in-app notice before they take effect. Contact:

Tally Technologies Inc.
support@tally.fm