Privacy Policy

This policy explains how Taly handles data when operating conversations, customers, orders, bookings, integrations, automation, and related services.

Last updated: June 18, 2026Version 1.0

Welcome to Taly.

We respect your privacy and understand that the data handled through Taly is not just a set of numbers or messages. It is part of your daily operations and your relationship with customers.

This policy explains what data we collect or process, why we use it, when it may be shared, how we protect it, and what rights may be available to you.

This policy applies to the Taly website, dashboard, services, integrations, APIs, and features connected to conversations, customers, teams, orders, bookings, campaigns, automation, and AI-assisted capabilities.

In this policy, Taly, we, us, or our refers to the Taly platform and the company that owns or operates it.

For privacy requests, contact support@talyapp.net.

01

Taly's role in data processing

Taly may act in different roles depending on the type of data and the way the service is used.

For data about Taly users, such as account owners, admins, team members, subscription details, billing data, account settings, and login records, Taly may determine the purposes and means of processing needed to operate the service.

For data about the customers of businesses using Taly, such as phone numbers, conversations, orders, bookings, tickets, notes, payment proofs, or uploaded records, the business customer is usually the controller of that data, while Taly acts as a processor that helps operate the service based on that customer's settings and instructions.

This distinction matters because each business using Taly is responsible for how it collects customer data, informs customers, and obtains the appropriate consent or legal basis for contacting them.

02

Data we may collect or process

We may collect or process different categories of data depending on how you use Taly.

Account and user data

  • Name.
  • Email address.
  • Phone number.
  • Encrypted password.
  • Role inside the account.
  • Permissions.
  • Account settings.
  • Account status.
  • Login history.
  • Security and verification data.

Organization and workspace data

  • Company or business name.
  • Branch or team details.
  • Team members.
  • Workspace settings.
  • Channel and integration settings.
  • Plans and subscriptions.
  • Usage limits.
  • Subscription billing and payment data.

Customer and contact data

  • Customer names.
  • Phone numbers.
  • Email addresses when provided.
  • Groups or segments.
  • Custom fields.
  • Interaction history.
  • Team notes.
  • Data connected to orders, bookings, or tickets.

Conversation and message data

  • WhatsApp messages.
  • Instagram or Messenger messages when enabled.
  • Message content.
  • Media and file attachments.
  • Message status.
  • Sending and receiving timestamps.
  • Channel identity.
  • Conversation data such as owner or status.

Tickets and support data

  • Ticket title or reason.
  • Ticket status.
  • Assigned team member.
  • Priority.
  • Internal notes.
  • Open and close dates.
  • Follow-up history.

Commerce and order data

  • Products and categories.
  • Cart data.
  • Orders.
  • Order status.
  • Delivery data.
  • Address or area.
  • Delivery fees.
  • Payment proofs.
  • Receipts.
  • Pickup or delivery details.
  • Order notes.

Booking and appointment data

  • Service type.
  • Service provider.
  • Appointment time.
  • Booking status.
  • Service duration.
  • Customer data connected to the booking.
  • Deposit or payment proof when enabled.
  • Reminders and notifications related to the appointment.

Campaign and automation data

  • Templates.
  • Target audience or segment.
  • Sending status.
  • Messages sent.
  • Success or failure rates.
  • Retry logs.
  • Automation rules.
  • Flow steps.
  • Auto replies.

Integration and channel data

  • Meta or WhatsApp account identifiers.
  • Instagram or Facebook page identifiers.
  • Access or connection tokens after securing them.
  • Webhook events.
  • API settings.
  • Keys or tokens masked or encrypted where practical.
  • Connection logs between Taly and service providers.

Technical data

  • IP address.
  • Device type.
  • Browser type.
  • Operating system.
  • Pages or features used.
  • Usage date and time.
  • Error logs.
  • Performance data.
  • Cookies or similar technologies.
  • Session data.
  • Device notification tokens when enabled.
03

How we use data

We use data to operate, provide, improve, and protect Taly.

We may use data to:

  • Create and manage accounts.
  • Operate workspaces.
  • Enable users and teams to manage conversations.
  • Send and receive messages through enabled channels.
  • Store and organize customers and contacts.
  • Manage tickets and follow-up.
  • Operate orders, commerce, and receipts.
  • Operate bookings and reminders.
  • Run campaigns, templates, and automation.
  • Send alerts and notifications.
  • Process subscriptions, invoices, and payments.
  • Provide support.
  • Detect issues and improve performance.
  • Protect accounts and prevent misuse.
  • Analyze service usage for improvement.
  • Comply with legal or regulatory requirements.
  • Enforce our terms, policies, and connected channel rules.

We do not sell your conversation data or your customer data.

04

WhatsApp, Meta, and social channel data

When Taly is connected to channels such as WhatsApp, Instagram, or Messenger, certain data may be exchanged between Taly and those providers to operate the service.

This may include:

  • Account or page identifiers.
  • Message and event data.
  • Sending and delivery status.
  • Templates.
  • Channel settings.
  • Interaction data needed to operate conversations.

Each business customer using Taly must comply with WhatsApp and Meta policies, including obtaining proper permission to contact customers, respecting opt-out requests, and avoiding spam or prohibited content.

Meta or WhatsApp reviews, restrictions, or policy changes may affect features such as templates, campaigns, webhooks, or social channels.

05

AI features inside Taly

Taly may provide AI-assisted features such as suggested reply drafts, conversation summaries, message classification, or context assistance for team members.

When these features are enabled, part of the conversation context, customer data, or connected knowledge base may be processed to generate a suggestion or result inside Taly.

AI should support the team, not replace human review. Users should review suggested replies before sending them when appropriate.

We do not use WhatsApp conversations or the customer data of businesses using Taly to train general AI models for third parties. AI providers may be used only when the feature is enabled and only as needed to provide it.

Business customers should avoid adding unnecessary or sensitive data to conversations, knowledge bases, or instructions used with AI features.

06

Sharing data with service providers

We may share data with service providers that help us operate, protect, or improve Taly, only as needed for those purposes.

Service providers may include:

  • Infrastructure and hosting providers.
  • WhatsApp, Meta, and social channel providers.
  • Email providers.
  • Notification providers.
  • Storage providers.
  • Payment and billing providers.
  • Analytics providers when enabled.
  • AI providers when related features are enabled.
  • Support and error monitoring tools.

We aim to choose appropriate providers and use contractual or technical safeguards where practical.

We may provide a list of subprocessors on request or through a dedicated page if published.

07

Business customer responsibilities

If you use Taly for a company or business, you are responsible for how data is used inside your account.

Your responsibilities include:

  • Obtaining appropriate consent or legal basis to contact your customers.
  • Informing customers about how their data is used.
  • Complying with WhatsApp, Meta, and connected channel policies.
  • Avoiding spam or unauthorized messages.
  • Respecting opt-out and deletion requests.
  • Ensuring imported or uploaded data is accurate and lawful.
  • Managing team permissions inside Taly.
  • Reviewing message, campaign, and template content.
  • Avoiding unnecessary sensitive data.
  • Responding to customer privacy requests when you are responsible for them.

If one of your end customers contacts us about their data, we may direct them to you as the party responsible for the customer relationship, and we may help you handle the request within Taly's available capabilities.

08

Cookies and similar technologies

The Taly website and dashboard may use cookies or similar technologies to operate the service and improve the experience.

We may use:

  • Essential cookies for login, sessions, and security.
  • Cookies that protect requests from abuse.
  • Cookies for language or user interface preferences.
  • Functional cookies that improve usability.
  • Analytics cookies when measurement tools are enabled.
  • Marketing cookies in the future if enabled.

Essential cookies are required to operate the service and cannot be disabled through the service without affecting core functionality.

For non-essential cookies such as analytics or marketing, we may request consent where required by law, and you may manage preferences through cookie settings or browser settings when available.

09

Data retention

We retain data only for as long as needed to provide the service, comply with legal obligations, protect rights, resolve disputes, or enforce agreements.

Retention periods may vary by data type:

  • Account data usually remains while the account is active.
  • Billing data may be kept for accounting or legal periods.
  • Conversation and customer data may remain according to account settings, deletion requests, and operational needs.
  • Security and error logs may be kept for a limited period for protection and improvement.
  • Backups may keep data for a limited time before deletion or replacement within the backup cycle.

When an account is deleted or a deletion request is processed, we will delete or restrict access to data according to available technical and legal procedures, while considering backups and legal obligations.

10

Data security

We use reasonable technical and organizational measures to protect data from unauthorized access, loss, alteration, or disclosure.

These measures may include:

  • Password encryption.
  • Role-based access restrictions.
  • Session protection.
  • Error and log monitoring.
  • Secure connections where practical.
  • Limiting internal data access.
  • Protecting integration tokens and connection keys.
  • Ongoing review and improvement of security practices.

No digital service can be guaranteed to be fully secure. You should also protect your account, use strong passwords, avoid sharing login credentials, and manage team permissions carefully.

11

International data transfers

Data may be processed or stored in different countries depending on the service providers and infrastructure used.

When data is transferred internationally, we aim to use appropriate safeguards where required by law, such as contractual clauses, data processing arrangements, or other suitable legal mechanisms.

12

Your data rights

Depending on the laws that apply to you, you may have certain rights over your data, such as:

  • Requesting access to your data.
  • Requesting correction of inaccurate data.
  • Requesting deletion.
  • Requesting restriction of processing.
  • Objecting to certain processing.
  • Requesting data export when available.
  • Withdrawing consent when processing is based on consent.
  • Closing an account or requesting deletion of connection data.

To exercise these rights, contact us through the privacy email. We may need to verify your identity before completing the request.

If you are an end customer of a business using Taly, we may ask you to contact that business directly because it is usually the controller of your data, while Taly acts as its processor.

13

Deleting Meta or connected channel data

If you connect your account to Meta, WhatsApp, Instagram, or Messenger services, you may request deletion of connection data or remove the integration from account settings when available.

We may also provide a dedicated path for Meta data deletion requests through a page or endpoint such as /data-deletion.

Removing an integration may stop features such as receiving messages, sending replies, templates, webhooks, or channel synchronization.

14

Sensitive data

We do not recommend using Taly to store or send unnecessary sensitive data, such as:

  • Full payment card numbers.
  • Full financial account numbers.
  • Full identity numbers.
  • Sensitive health data unless your use complies with all relevant laws and requirements.
  • Any data your business does not need to provide the service.

If your business operates in medical, financial, or another regulated sector, you are responsible for ensuring your use of Taly complies with your sector requirements.

15

Children's privacy

Taly is intended for business use and is not directed to children.

We do not knowingly request data from children or minors. If we learn that data has been collected inappropriately, we will work to delete it or handle it according to applicable law and procedures.

16

Updates to this Privacy Policy

We may update this policy from time to time because of changes in the service, laws, service providers, or feature operations.

When material changes are made, we may show a notice inside the service or update the last modified date at the top of the page.

Continuing to use Taly after an update means you have reviewed the new version, unless the law requires express consent in another way.

17

Contact us

If you have questions about this policy or how data is processed inside Taly, contact us at support@talyapp.net.

Please include the request type, related account, and data involved so we can help you faster.

Privacy Policy | Taly