Security & Privacy

How authentication works

Tallyman uses OAuth to connect to your email provider. We never see, store, or handle your email password. When you sign in, your provider (Google or Microsoft) issues a scoped access token that Tallyman uses to read and manage your email on your behalf.

What Tallyman can access

Only the OAuth scopes you explicitly authorize. This typically includes reading your inbox, sending email, and managing labels or folders. The exact scopes depend on your provider and the features you use.

What Tallyman does not do

• Store your email password
• Store full copies of your emails on our servers
• Share your data with third parties for advertising
• Access scopes beyond what is required for functionality

How to revoke provider access

You can revoke Tallyman's access at any time through your email provider's security settings. For Google, visit your Google Account > Security > Third-party apps. For Microsoft, visit your Microsoft Account > Privacy > Apps and services.

Infrastructure and sub-processors

Tallyman is hosted on Vercel (frontend) and Convex (backend). Data may be processed in the United States under EU Standard Contractual Clauses. For full details, see our Privacy Policy.

Contact

For security questions or to report a vulnerability, contact us at contact@tallyman.io.