Tally You

01 · The short version

Tally You is a tracker, not a medical device. We collect what you tell us — food, water, supplements, body composition, voice transcripts — and we use it to do exactly one thing: power the app for you. We do not sell your data, we do not show you ads, and we do not feed your data into anyone's general-purpose model training.

  • Where it lives: EU-region servers (Supabase, Frankfurt). Your raw voice audio is processed in-memory by Anthropic's Claude API and not retained by us once a transcript is produced.
  • Who can see it: you, and Luiz da Motta as the data controller. No third-party access. No advertisers.
  • How long we keep it: as long as your account exists, plus a thirty-day grace window after deletion in case you change your mind.
  • How to delete it: in-app, one tap. Or email privacy@tallyyou.com. We respond within 30 days as required by GDPR.

The sections below are the formal version. If anything below contradicts the summary above, the formal section wins — but tell us, because it shouldn't.

02 · Who we are

Tally You is operated by Corcovado Consulting Ltd., a company registered in England and Wales (registered office: London, United Kingdom). For data-protection purposes Corcovado Consulting Ltd. is the data controller: we decide what data is collected and what it is used for.

You can reach the controller at privacy@tallyyou.com. We don't currently have a designated DPO (we're below the GDPR threshold), but the founder — Luiz da Motta — handles privacy questions personally.

03 · What we collect

Account data

Email address, display name, and an authentication identifier from your sign-in provider (Sign in with Apple, Google, or email/password). If you sign in with Apple or Google, we receive an opaque user ID; we do not receive your password.

Voice and text input

When you press the mic and speak, your audio is streamed to Anthropic's Claude API for transcription and structuring. The audio is processed in-memory and is not retained by Anthropic or by us after the call returns. What we do retain is the resulting transcript and the structured log entries (food items, portions, supplements, etc.) you confirm.

Health and body data

What you log: food entries, hydration, supplements and medications, training sessions, weight, body-composition readings, sleep markers if you choose to import them. None of this is “medical” data in the regulatory sense — we don't diagnose, treat or prescribe — but it is sensitive, and we treat it as such.

Calendar context (optional)

If you grant the app calendar access, we read your event titles, start/end times and locations only to time recommendations around them. We do not store the events; we read them on-device and the structured “free-window” output is what reaches the server.

Device and usage

Platform (iOS/Android), app version, language, timezone, anonymised crash reports, and product analytics events (e.g. “logged a meal via voice”). Analytics are event-shaped; we do not capture screen recordings, keystrokes, or microphone audio outside of voice capture you initiate.

Payments (when paid tiers launch)

Purchases are processed by Apple, Google, or RevenueCat. We receive a subscription status and a customer identifier — we do not receive your card number, bank details, or billing address.

04 · How we use it

We use the data above to do four things, and nothing else:

  • Run the product. Display your log, compute targets, time recommendations, sync across your devices.
  • Improve the product. Aggregated, de-identified analytics to understand where capture fails, which screens churn, which features get used. Never tied to your account in reporting.
  • Communicate with you. Transactional emails (sign-in, password reset, “you asked us to delete your account”). Optionally, beta updates — you can unsubscribe at any time.
  • Comply with law. Tax records for paid subscriptions; lawful requests from competent authorities, with notice to you where legally permitted.

We do not sell, rent or share your personal data with advertisers, data brokers, or third-party model trainers. Your voice transcripts and food log are not training data for anyone's foundation model — not Anthropic's, not ours, not anyone else's.

05 · Voice and AI processing

The voice capture flow is the core of the product and deserves its own section.

  • You tap the mic. Recording starts on-device. You see and hear an indicator the whole time.
  • Audio is sent to Anthropic's Claude API (EU endpoint where available) for transcription and structuring. Anthropic's API terms commit to processing data in-memory and not retaining inputs beyond the request lifecycle, and not using your inputs to train their models.
  • We receive a structured response — the transcript plus parsed food items, portions, macros, etc.
  • You confirm or edit the parse on the review screen. Nothing is written to your log until you confirm.
  • Only the confirmed entries are written to your account database. The raw audio is gone.

If you'd like us to delete a specific transcript or log entry, you can do so in-app or by email. There is no “shadow” copy on a separate server.

06 · Sub-processors

The vendors below process data on our behalf. Each is bound by a Data Processing Agreement; each is screened against EU adequacy and Standard Contractual Clauses where relevant.

VendorWhat forWhere
SupabaseAccount database, file storage, edge functionsEU (Frankfurt)
AnthropicVoice transcription and structured-output generation (Claude API)EU endpoint where available; US fallback under SCCs
PostHogProduct analytics (event-shaped, de-identified in reporting)EU
SentryCrash and error reportingEU
RevenueCatSubscription management (paid tiers only)US, under SCCs
Apple, GoogleSign-in, push notifications, in-app purchasesPer platform

We will update this table when sub-processors change. Material changes will be announced in-app and by email at least 30 days before they take effect.

07 · Retention

  • Account & log data: retained while your account is active.
  • Deleted account: 30-day soft delete (recoverable on request), then hard-deleted from primary storage. Backups roll off within a further 30 days.
  • Voice audio: never retained — processed in-memory only.
  • Crash & analytics events: 90 days.
  • Tax / payment records: 7 years (UK statutory minimum), held in financial systems — not in the app database.

08 · Your rights

Under UK GDPR and EU GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectify — correct anything that's wrong. Most of this you can do in-app.
  • Erase — delete your account and all associated logs. In-app or by email.
  • Restrict processing while a dispute is being resolved.
  • Portability — export your log as JSON or CSV. Self-serve in Settings.
  • Object — tell us to stop using your data for a specific purpose (e.g. beta marketing emails).
  • Withdraw consent — at any time, without affecting prior lawful processing.
  • Complain — to the UK ICO (ico.org.uk) or your local EU supervisory authority.

Email privacy@tallyyou.com and we will respond within 30 days.

09 · Security

Data in transit is protected by TLS 1.2+. Data at rest is encrypted at the storage layer (Supabase / Postgres) using vendor-managed keys. Application-level access is gated by row-level security — you can only read and write your own rows. We hold no production database credentials on developer laptops.

No system is perfect. If we discover a breach affecting your personal data we will notify you and the relevant supervisory authority within 72 hours where required by law.

10 · Children

Tally You is intended for adults. We do not knowingly collect data from children under 16. If you believe a minor has signed up, please tell us at privacy@tallyyou.com and we will remove the account.

11 · International transfers

Our primary storage is in the EU. Some sub-processors (notably RevenueCat and the US fallback for Anthropic) are based in the United States. Where data is transferred outside the UK/EEA we rely on the European Commission's Standard Contractual Clauses (SCCs) and additional safeguards as required by case law.

12 · Changes to this policy

We will update this policy when we add features, change sub-processors, or refine our practices. The “Last updated” date at the top reflects the most recent change. Material changes will be announced in-app and by email at least 30 days before they take effect.

13 · Contact

Corcovado Consulting Ltd.
London, United Kingdom
Privacy: privacy@tallyyou.com
General: hello@tallyyou.com

14 · Terms of use

By using Tally You you agree that: you are 16 or older; you will not attempt to reverse-engineer, scrape, or rate-abuse the service; you understand the product is a personal tracker and not medical advice; and you accept that the service is provided “as is” while in beta. We may suspend or terminate accounts that abuse the service or that we believe pose a security or legal risk. Disputes will be resolved under the laws of England and Wales.