TALLY
TallyPrivacy Policy

Legal

Privacy Policy

Last updated: April 6, 2026

Ballast Consulting Group, LLC ("Ballast," "we," "our") operates the Tally application. This Privacy Policy explains how we collect, use, store, and protect your information when you use Tally.

1. Information We Collect

Account Information

When you sign in via Microsoft Single Sign-On, we receive your email address, display name, and Microsoft Azure AD object identifier. This information is used solely for authentication and access control.

QuickBooks Online Data

When you connect a QuickBooks Online company to Tally, we access accounting data including but not limited to: chart of accounts, transactions (invoices, bills, payments, journal entries), vendors, customers, items, and financial reports. This data is accessed via Intuit's QuickBooks API using OAuth 2.0 authorization.

Integration Credentials

Tally may store API credentials for connected services (QuickBooks, Ramp, Bill.com, Stripe, Shopify, Amazon Seller Central, HubSpot, Outlook, Gusto, Google Sheets, and others) to maintain active connections on your behalf. All credentials are encrypted at rest using AES-256-GCM.

2. How We Use Your Information

  • To provide accounting automation and agent-assisted workflows;
  • To authenticate and authorize your access to Tally;
  • To maintain active connections to integrated services;
  • To improve the functionality and reliability of Tally.

3. Data Storage and Security

All API tokens and credentials are encrypted at rest using AES-256-GCM encryption. Encrypted data is stored in a secure PostgreSQL database hosted on Supabase with row-level security enabled.

We use industry-standard security practices including:

  • Server-side encryption for all sensitive credentials;
  • HTTPS for all data in transit;
  • HttpOnly, Secure session cookies;
  • CSRF protection on all authentication flows;
  • Role-based access control limiting data visibility;
  • Per-integration path allowlists rejecting non-approved API calls at the application layer;
  • PII filtering at the integration layer, removing buyer and employee personally identifiable information before data reaches dashboards or AI agents.

4. Data Retention

We retain your account information and integration credentials for as long as your account is active. When you disconnect a service or deactivate your account, associated tokens are revoked and deleted.

Session data expires automatically after 8 hours and is purged from the database.

5. Third-Party Sharing

We do not sell, trade, or share your personal information or financial data with third parties. Data is accessed only through authorized API connections (Intuit QuickBooks, Microsoft 365, Ramp, Bill.com, Stripe, Shopify, Amazon Seller Central, HubSpot, Gusto, Google, etc.) and is not transmitted to any other services beyond those you have explicitly connected.

6. Your Rights

You have the right to:

  • Disconnect any integrated service at any time via Tally settings;
  • Request deletion of your account and associated data;
  • Request a copy of data we store about you;
  • Revoke Tally's access to any third-party service through that service's account settings (e.g., Intuit, Amazon Seller Central, Shopify Admin).

7. Chrome Extension (Tally Browser Bridge)

The Tally Browser Bridge Chrome extension connects your browser to the Tally agent for automated accounting workflows in QuickBooks Online and other browser-based portals.

Data Collected by the Extension

  • Authentication token: A JWT token is stored locally in Chrome storage to maintain the connection to the Tally relay server. This token contains a client identifier and expiration date only — no personal information.

Data NOT Collected by the Extension

  • The extension does not collect browsing history, passwords, or personal information;
  • The extension does not access or read any tabs other than those it creates for Tally workflows;
  • The extension does not transmit page content to any third party — data is relayed only to the Tally agent server operated by Ballast;
  • The extension does not use cookies, tracking pixels, or analytics.

How the Extension Works

When the Tally agent needs browser access, it creates a new dedicated tab and performs actions (navigating, clicking, typing) in that tab only. The extension cannot interact with your existing browser tabs. A visible banner is displayed on any tab controlled by Tally.

8. Cookies

Tally uses essential cookies only: session cookies for authentication and CSRF state cookies during OAuth flows. We do not use tracking cookies or third-party analytics.

9. Children's Privacy

Tally is not intended for use by individuals under the age of 18. We do not knowingly collect information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date.

11. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at admin@ballastconsultinggroup.com.

Ballast Consulting Group, LLC
Your finance and accounting department for small businesses. U.S.-based.
jallen@ballastconsultinggroup.com
HomeIntegrationsPrivacyTermsballastconsultinggroup.com
© 2026 Ballast Consulting Group, LLC. All rights reserved. Tally is the internal accounting platform Ballast uses to service its accounting clients. All third-party trademarks referenced (QuickBooks, Amazon, Shopify, Stripe, HubSpot, Ramp, Bill.com, Gusto, Microsoft, Google) are the property of their respective owners. Tally is not affiliated with or endorsed by any of these companies.