Operators

Maximilian Leodolter & Tobias Leodolter
Austria

Contact

Email: contact@tallyman.io

EU Dispute Resolution

The European Commission provides a platform for online dispute resolution (OS): ec.europa.eu/consumers/odr. We are neither obligated nor willing to participate in dispute resolution proceedings before a consumer arbitration board.

1. Data Controller

The data controller for this website is Maximilian Leodolter & Tobias Leodolter, Austria. You can reach us at contact@tallyman.io.

2. What Data We Collect

We collect data that you provide directly when creating an account or using our service, such as your name and email address. We also collect technical data automatically, including your IP address, browser type, operating system, referring URL, and pages visited. This data is processed to provide and improve our service based on Art. 6(1)(b) and Art. 6(1)(f) GDPR.

3. Cookies & Analytics

We use PostHog (PostHog Inc., USA) for web analytics. PostHog sets cookies to identify sessions and returning visitors. Analytics requests are proxied through our own domain to ensure reliable delivery; no data is shared with additional third parties through this proxy. Analytics tracking is disabled by default and only activated if you give explicit consent via our cookie banner, pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time by clearing your browser cookies or contacting us.

4. Authentication

We offer sign‑in via third‑party OAuth providers such as Google. When you authenticate this way, we receive your name, email address, and profile picture from the provider. We do not receive or store your password. This processing is based on Art. 6(1)(b) GDPR as it is necessary to provide your account.

5. Email Integration

Tallyman connects to your email provider (e.g. Gmail, Outlook) via OAuth to provide its core service. We request only the minimum scopes necessary: read and modify access (labels, drafts, trash) and send access. We do not request or use permission to permanently delete emails. Full email content is fetched on‑demand from your provider and is not persisted on our servers. You can revoke access at any time through your email provider's security settings.

6. Data Protection & Security

We implement the following measures to protect your data:

• Encryption in transit — all communication between your browser, our servers, and email providers is encrypted via TLS / HTTPS.
• Encryption at rest — cached email metadata and OAuth tokens are stored encrypted server‑side in our database.
• Minimal data caching — we cache only lightweight metadata (subject, sender, snippet, date, labels, read/starred status) for your most recent emails to enable fast inbox loading. Full email bodies and attachments are never stored.
• Cache lifecycle — cached metadata is automatically pruned on every sync and fully deleted when you disconnect an email account or delete your Tallyman account.
• Access controls — email data is accessible only to the authenticated account owner. OAuth tokens are never exposed to client‑side code.
• No secondary use — we do not use your email data for advertising, analytics, market research, or AI/ML model training.

7. Hosting & Sub‑processors

Our application is hosted on infrastructure provided by third‑party services including Vercel (frontend), Convex (backend), and PostHog (analytics, when consented). These providers may process data on our behalf in accordance with data processing agreements. Data may be transferred to the United States under appropriate safeguards (EU Standard Contractual Clauses).

8. Data Retention

We retain your personal data only as long as your account is active or as needed to provide the service. If you delete your account, we will erase your personal data within 30 days, except where we are legally required to retain it (e.g. invoices under Austrian tax law for 7 years).

9. Your Rights

Under the GDPR, you have the right to access, rectify, erase, or restrict the processing of your personal data. You may also request data portability or object to processing. To exercise any of these rights, contact us at contact@tallyman.io. You also have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde) at dsb.gv.at.

10. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify you via email or a prominent notice on our website. Your continued use of the service after such changes constitutes your acceptance of the updated policy.