Privacy Policy

• Signup form: name, church name, and email address. Managed through Resend for transactional and service emails.
• Account signup: church name, admin email, and password (hashed using scrypt). Stored on our relay server for authentication.
• Payment: billing is handled entirely by Stripe. We never see or store credit card numbers. We store only your Stripe customer ID and subscription status.
• Device telemetry: equipment connection status, hardware model identifiers, and configuration data from ATEM switchers, OBS, vMix, ProPresenter, audio consoles, and other connected devices. Collected solely to provide monitoring and remote control.
• Stream health metrics: bitrate, frame rate, encoder status, and streaming platform connection data. Used for alerts, auto-recovery, and session recaps.
• Stream platform accounts: if you connect YouTube, Facebook, or Vimeo accounts for viewer analytics, we store OAuth access tokens to collect viewer counts during live streams. We do not access your video content, subscriber lists, or post on your behalf.
• Planning Center: if you enable Planning Center integration, we sync service schedules, team assignments, and volunteer check-in data. We store a Planning Center API token and cached schedule data. We do not modify your Planning Center data without explicit action.
• Video preview data: low-resolution preview frames may be transmitted for live monitoring. This data is transient, transmitted in real-time, and never stored on our servers.
• AI chat conversations: if you use the built-in AI support chat, your questions are processed by Anthropic's Claude API to generate responses. Chat transcripts are not stored permanently. See “Third-Party Services” below for details.
• Support requests: if you contact us via email, we retain the correspondence to resolve your issue and improve our service.

We do not use cookies for tracking or advertising. Tally does not set any third-party cookies, tracking pixels, or advertising beacons on our website or in our application.

• Session cookies: we may use strictly necessary session cookies to maintain your login state in the church portal. These expire when you close your browser or after 24 hours.
• Local storage: the Tally website may store an authentication token in your browser's local storage to keep you signed in. You can clear this at any time by signing out or clearing your browser data.
• Third-party cookies: Stripe may set functional cookies during checkout to prevent fraud. These are strictly necessary for payment processing and are not used for tracking or advertising. Our analytics solution (Plausible) is cookieless.

We share data with the following third-party services only as necessary to operate Tally:

• Stripe (payments) — processes subscription billing and payments. Stripe receives your email and payment information. Their privacy policy: stripe.com/privacy.
• Plausible Analytics (analytics) — receives anonymized, aggregate page view data. No personal data is transmitted. Their data policy: plausible.io/data-policy.
• Anthropic (AI support) — if you use the AI chat feature, your messages are sent to Anthropic's Claude API for processing. Anthropic does not use your data to train models. Their privacy policy: anthropic.com/privacy.
• Telegram (alerts & commands) — if your church configures Telegram alerts, Tally sends alert messages and receives commands via the Telegram Bot API. Your Telegram chat ID and messages exchanged with the Tally bot are processed by Telegram. Their privacy policy: telegram.org/privacy.
• Upstash (rate limiting) — we use Upstash Redis to enforce API rate limits. Only anonymized request counters are stored; no personal data is sent to Upstash. Their privacy policy: upstash.com/trust/privacy.
• Resend (transactional email) — we use Resend to send account onboarding, alert, and service emails. Your email address is shared with Resend solely for email delivery. Their privacy policy: resend.com/legal/privacy-policy.
• Vercel (hosting) — hosts the Tally website. Vercel may collect standard server access logs (IP address, browser type, requested URL). Their privacy policy: vercel.com/legal/privacy-policy.
• Railway (infrastructure) — hosts the Tally relay server. Railway processes data transmitted between the Tally desktop app and the cloud. Their privacy policy: railway.app/legal/privacy.
• YouTube / Google (viewer analytics) — if connected, we use YouTube Data API v3 to read live broadcast viewer counts. Subject to Google's Privacy Policy.
• Facebook / Meta (viewer analytics) — if connected, we use the Facebook Graph API to read live video viewer counts. Subject to Meta's Privacy Policy.
• Vimeo (viewer analytics) — if connected, we use Vimeo's API to read live event viewer counts (Enterprise accounts only). Subject to Vimeo's Privacy Policy.

We do not sell, rent, or share your personal information with third parties for marketing or advertising purposes.

• To provide and maintain the Tally monitoring service
• To authenticate your account and manage your subscription
• To send service-related emails (alerts, onboarding, updates)
• To process payments through Stripe
• To respond to support requests
• To improve the product based on aggregated, anonymized usage patterns
• To detect and prevent abuse or unauthorized access

We take reasonable measures to protect your data:

• Encryption in transit: all data transmitted between your browser, the Tally desktop app, and our servers is encrypted using TLS (HTTPS).
• Password hashing: passwords are hashed using scrypt before storage. We never store plaintext passwords.
• Access controls: access to production infrastructure is restricted to authorized personnel only and protected by multi-factor authentication.
• No credit card storage: payment data is handled entirely by Stripe. Credit card numbers never touch our servers.
• Transient video data: video preview frames are transmitted in real-time and never stored. Stream health metrics are retained only for the duration specified in our retention policy.

No system is 100% secure. If we become aware of a data breach that affects your personal information, we will notify you via email within 72 hours of discovery.

• Active accounts: data is retained while your subscription is active.
• After cancellation: account data, monitoring history, and session recaps are retained for 30 days, then permanently deleted.
• After trial expiration: if you do not subscribe, data is retained for 30 days then deleted.
• Stream/preview data: video preview frames are transient and never stored. Stream health metrics are retained for 90 days for session history.
• Stripe billing data: payment history and subscription records are managed by Stripe under their privacy policy. We store only your Stripe customer ID and subscription status.
• Email marketing data: if you unsubscribe from marketing emails, your email is removed from our mailing list within 30 days.
• Support correspondence: retained for up to 12 months after resolution, then deleted.

Regardless of where you live, you have the following rights with respect to your data:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Deletion: request permanent deletion of your data. We will comply within 30 days unless we are legally required to retain it.
• Portability: request your data in a machine-readable format (JSON).
• Objection: object to processing of your data for specific purposes.
• Withdrawal of consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at support@tallyconnect.app. We will respond within 30 days.

If you are located in the European Economic Area (EEA), the UK, or Switzerland, the following additional provisions apply:

• Legal basis for processing: we process your personal data based on (a) your consent (e.g., creating an account), (b) performance of a contract (e.g., providing the Tally service you subscribed to), and (c) our legitimate interests (e.g., improving the product, preventing abuse).
• Data controller: Disbrow Productions, LLC is the data controller for personal data collected through Tally Connect.
• International transfers: your data may be transferred to and processed in the United States, where our servers are located. We rely on standard contractual clauses and adequate security measures to protect data during transfer.
• Right to lodge a complaint: you have the right to lodge a complaint with your local data protection authority if you believe your data has been processed unlawfully.

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights:

• Right to know: you may request details about the categories and specific pieces of personal information we have collected about you.
• Right to delete: you may request deletion of your personal information, subject to certain exceptions.
• Right to opt out of sale: we do not sell your personal information. No opt-out is necessary.
• Non-discrimination: we will not discriminate against you for exercising any of your CCPA rights.