Integrations

Connected to 14 systems your business already uses.

Tally maintains live integrations with the major accounting, payment, payroll, e-commerce, CRM, and communication systems used by Ballast's clients. Each integration follows the same safety pattern: minimum scope, allowlisted endpoints, encrypted credentials, and revocable access.

OAuth-based connection where supported•AES-256-GCM credential encryption•Path allowlists at the application layer•Per-client isolation

Access types:Read-onlyNo data ever modifiedRead & limited writeSpecific writes only — drafts, memos, approval-gated entriesRead & WriteFull create/update with audit tagging

Accounting2 integrations

QuickBooks Online

Tally's accounting backbone. Reads chart of accounts, transactions, vendors, customers, and reports. Creates bills, invoices, payments, journal entries, deposits, transfers, and credit memos through approval-gated workflows. Tagged with [Modified by Ballast-Tally] for full auditability.

ClosePilot

Read-only access to month-end close review issues, severity classifications, and tech-debt tracking from ClosePilot. Maps to QuickBooks via realm ID. Strictly read-only — Tally cannot modify close reviews.

Finance & Spend3 integrations

Ramp

Ramp

Spend management

Read & limited write

Reads card transactions, bills, reimbursements, statements, and vendors. Writes are limited to bill drafts, transaction memos, and ready-to-sync flags. Direct bill creation that bypasses draft is hard-blocked. Cannot move money or change cards.

Bill.com

Bill.com

Accounts payable

Read & limited write

Reads bills, vendors, vendor credits, chart of accounts, and approval policies. Creates bills and vendor credits — but only when an approval policy exists in the org. Payments, vendor bank accounts, and approval-policy mutations are hard-blocked at the code level.

Stripe

Read-only access to charges, payment intents, refunds, balance transactions, payouts, disputes, customers, products, prices, invoices, and subscriptions. Card fingerprints, bank account numbers, and street addresses are stripped from all responses.

E-commerce2 integrations

Shopify

Shopify

Read-only access to orders, transactions, refunds, payouts, disputes, products, customers, and inventory levels. Buyer addresses, phone numbers, IPs, and credit card details are stripped from all responses. Supports both Shopify Payments and external payment providers.

Amazon

Amazon Seller Central

Read-only SP-API access to orders, financial event groups, settlement reports, FBA inventory, catalog items, fee estimates, and competitive pricing. Buyer PII (names, emails, addresses, tax info) is automatically stripped. Settlement reconciliation against QuickBooks deposits.

Communication2 integrations

Outlook

Read & limited write

Reads shared mailbox messages, folders, and attachments. Creates drafts only — Tally cannot send email. Per-client allowed-recipient-domains list prevents data exfiltration. Email bodies are sanitized for prompt-injection mitigation before reaching the agent.

Slack

Per-client dedicated channel for Tally conversations. The agent posts answers, asks clarifying questions, and surfaces approvals. Channel-to-client mapping is enforced server-side — Tally cannot leak data across client boundaries.

Payroll & HR1 integration

Gusto

Read-only access to employees, payrolls, contractors, contractor payments, departments, locations, pay schedules, benefits, and time-off. SSNs, home addresses, dates of birth, and bank accounts are stripped at the integration layer and never accessible.

CRM1 integration

HubSpot CRM

Reads companies, contacts, deals, pipelines, activities, and associations. Creates and updates CRM objects, plus notes and call logs (tagged with [Modified by Ballast-Tally]). Marketing, CMS, automation, and conversations endpoints are hard-blocked — CRM-only.

Documents2 integrations

SharePoint

Reads and writes files in per-client allowlisted SharePoint folders. Used for source-document storage, statement uploads, and workpaper management. Per-client folder paths prevent cross-client access.

Google Sheets

Google Sheets

Reads and writes Google Sheets spreadsheets shared with the Ballast team. Per-client allowlist of spreadsheet IDs enforces isolation. No delete capability — Tally cannot trash sheets, copy them, or modify permissions.

Automation1 integration

Browser Extension

A Chrome extension for browser-based workflows that have no API — bank feed classification, portal logins, and legacy systems. Per-client allowed-domains list restricts where the extension can act. Visible banner displays on every Tally-controlled tab.

Same safety model, every integration

Built the same way, on purpose.

Every integration in Tally is built on the same architectural pattern. Credentials are encrypted at rest with AES-256-GCM. Every API request passes through an allowlist of permitted paths and methods before transmission. Personally identifiable information is stripped at the integration layer before reaching dashboards or AI agents. Audit tags identify Tally-originated writes.

The result: when a Ballast accountant connects a new system to a client's engagement, you get the same security posture you got with the last one — no surprises, no special cases.

Read the full Privacy Policy →

Need an integration that isn't listed?

We add integrations as our clients need them. If your business runs on a system Tally doesn't connect to yet, let us know.

Request an integration Back to home