What this policy covers

This Privacy Policy explains how TallyArk handles personal data when people visit the public website, create an account, use the invoicing workspace, access a client portal, contact support, or receive invoice-related emails.

TallyArk is built for business invoice management. That means users may enter organization details, client contact details, invoice details, payment records, comments, email delivery records, and activity history.

Information we collect

We collect account information such as name, email address, password authentication data, organization name, role, and email verification status.

We collect workspace content entered by users, including business profiles, clients, vendors, invoices, quotations, line items, payment schedules, payment records, bank-transfer details, terms templates, comments, portal shares, and uploaded or generated document context.

We collect operational information such as audit logs, email logs, notification preferences, IP-derived request information used for rate limiting and security, and support/contact messages submitted through the website.

When card payment features are used, TallyArk stores Stripe account and payment references needed to connect the invoice to the payment flow. Full card details are handled by Stripe, not stored by TallyArk.

How we use information

We use data to provide the product: authenticate users, manage organizations, create invoices and quotations, generate PDFs, send emails, share portal links, record payments, show dashboards, and provide support.

We use operational data to protect accounts, investigate issues, enforce permissions, maintain audit history, and improve reliability.

We may use contact messages to reply to product questions, support requests, or security concerns.

Sharing and processors

TallyArk does not sell personal data. Data is shared only where needed to operate the service, comply with law, protect the platform, or provide requested functionality.

Typical processors may include hosting providers, database infrastructure, SMTP/email providers, payment providers such as Stripe, and support or monitoring tools that are configured for the production environment.

Retention

Workspace records are retained while an organization account is active, unless deleted by authorized users or removed according to an agreed retention process.

Audit, security, email, and payment records may be retained for longer where needed for legal, accounting, fraud-prevention, or operational reasons.

Your choices

Users can update account profile details, notification preferences, organization settings, clients, invoices, payment records, and other workspace records through the app, subject to role permissions.

To request access, correction, export, deletion, or another privacy action, contact TallyArk with enough information to identify the relevant account or organization.

Security

TallyArk uses organization-scoped access, role permissions, httpOnly authentication cookies, email verification, server-side validation, rate limiting, and audit logs to reduce common risks.

No internet service can be guaranteed completely secure. Users should use strong passwords, protect admin accounts, and avoid entering unnecessary sensitive information into invoice descriptions or comments.

Questions about these terms or how TallyArk handles data? Contact us.