← Back to TallyUp Finance

Privacy Policy

Last updated: February 28, 2026

Overview

TallyUp Finance is a personal finance tracking application. Your privacy is fundamental to how we built this product. We designed TallyUp so that your financial data stays in your control.

Data We Store

• Account profile: Your Google account email, name, and user ID are stored in our database (Supabase) to manage your account and link to your spreadsheet.
• Spreadsheet reference: We store the ID of the Google Sheet created for your account. We do not store the contents of your spreadsheet.
• Subscription status: Payment tier and subscription information if applicable.

Data We Do NOT Store

• Your financial data (account balances, investments, budgets, etc.) lives entirely in a Google Sheet in your Google Drive.
• We do not have access to your Google Drive files beyond the single spreadsheet TallyUp Finance creates.
• We do not sell, share, or monetize your data in any way.

Google API Usage

TallyUp Finance uses the Google Sheets API to read and write data to a single spreadsheet in your Google Drive. We request the drive.file scope, which limits access exclusively to files created by TallyUp Finance — we cannot see, access, or modify any other files in your Google Drive. We do not access your email, contacts, calendar, or any other Google services.

Data Protection

We take the security of your data seriously and implement the following safeguards:

• Encryption in transit: All communication between your browser, our servers, and third-party services (Google APIs, Supabase) is encrypted using TLS/HTTPS.
• Encryption at rest: Account data stored in our database (Supabase) is encrypted at rest using AES-256 encryption.
• Minimal data collection: We only store what is necessary to operate your account (profile info, spreadsheet ID, subscription status). Your financial data remains in your Google Drive, not on our servers.
• Scoped API access: We use the drive.file scope, which restricts our access to only the single spreadsheet TallyUp Finance creates. We cannot access any other files in your Google Drive.
• No server-side storage of tokens: Google OAuth access tokens are held only in your browser session memory and are never persisted to our database or servers.
• No third-party data sharing: We do not sell, share, transfer, or disclose your personal or financial data to any third parties for advertising, analytics, or any other purpose.
• Access controls: Administrative access to our infrastructure is restricted and requires multi-factor authentication.

Authentication

We use Google OAuth via Supabase for authentication. Your Google password is never shared with us. OAuth tokens are stored temporarily in your browser session and are not persisted on our servers.

Cookies & Local Storage

We use browser local storage and session storage to maintain your session, cache preferences (dark mode, dashboard tab), and improve load times. We do not use third-party tracking cookies or analytics.

Data Deletion

You can delete your account directly from the app — go to your dashboard, click the settings gear icon, and click “Delete Account.” This will permanently remove your profile, subscription data, and account from our system. Your Google Sheet will remain in your Google Drive, where you can delete it at any time.