Legal

Privacy Policy

How we collect, use, and protect your information when you use Tallie.

๐Ÿ“… Effective: March 29, 2026ยท๐Ÿ“‹ Last updated: March 29, 2026
01

Overview

Tallie (โ€œwe,โ€ โ€œour,โ€ or โ€œusโ€) is a recruiting operating system built for boutique recruiting agencies. We provide tools for managing candidates, clients, jobs, placements, interviews, and team communications โ€” all in one platform.

This Privacy Policy explains how we collect, use, store, and protect information when you use Tallie at app.tallieos.com and any associated services. By using Tallie, you agree to the practices described in this policy.

If you have questions, contact us at hello@tallieos.com.

02

Information We Collect

Account & Profile Information

When you create a Tallie account, we collect your name, email address, job title, and agency name. You may optionally upload a profile photo and agency logo.

Recruiting Data

As you use Tallie, we store the recruiting data you enter: candidate profiles, client records, job postings, placement details, interview notes, offer letters, and related documents. This includes candidate preference data recorded by recruiters based on conversations โ€” such as availability status, preferred roles, preferred locations, remote work preferences, salary expectations, and notice periods. We also store AI-generated data such as candidate match scores, match reasoning, and talent pool membership and match criteria. Additionally, we store email signatures, outreach templates, document presentations, and formatted resumes created within the platform. This data belongs to you and your agency.

Usage & Analytics

We collect information about how you interact with Tallie โ€” pages visited, features used, and actions taken โ€” to improve the platform and provide support.

Device & Technical Data

We automatically collect your IP address, browser type, operating system, and device identifiers for security and operational purposes.

03

Google User Data

Important: Tallie's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

When you connect your Google account to Tallie, you grant us access to specific Google services to enable platform features. Below is a precise description of what we access, why, and how we handle that data.

Scopes We Request

ScopeWhat We AccessWhy We Need It
gmail.modifyRead, compose, send, and modify Gmail messages and labelsAllows recruiters to send emails to candidates and clients directly from Tallie, and to read reply threads so correspondence is logged on the relevant record
userinfo.emailYour Google account email addressUsed to identify which Gmail account is connected and display it in your integration settings
userinfo.profileYour name and profile photoUsed to populate your Tallie profile with your name and avatar when you connect Google
calendarRead and write access to Google Calendar eventsAllows Tallie to create interview calendar invites, check interviewer availability, sync timezone information, and keep interview schedules in sync with Google Calendar

How We Use Google Data

  • Gmail data is used solely to send emails on your behalf, display email threads related to your candidates and clients within Tallie, and enable two-way email sync so that correspondence is logged on the relevant records.
  • Calendar data is used solely to create, update, and cancel interview events, check availability when scheduling, and sync timezone information.
  • We do not use Google data for advertising or to build advertising profiles.
  • We do not sell, rent, or share Google user data with any third party, except as required to operate the service (e.g., our infrastructure providers, who are bound by confidentiality agreements).
  • We do not allow humans at Tallie to read your Gmail messages except when you explicitly request support and grant temporary access.
  • We do not use Gmail data for any purpose other than providing and improving the email features you have enabled.
  • AI features within Tallie (such as candidate matching, outreach drafting, and document generation) do not send Google user data to third-party AI providers. Google data remains separate from AI processing pipelines.

Revoking Access

You can disconnect your Google account at any time from Settings โ†’ Integrations in Tallie. You can also revoke access directly from your Google Account permissions page. When access is revoked, we delete your stored OAuth tokens immediately and stop accessing your Google data.

Data Storage

OAuth access tokens and refresh tokens are stored encrypted in our database. Email content and calendar event data displayed within Tallie is not permanently stored on our servers โ€” it is fetched in real time from Google's APIs when you view it. Sent email records (metadata: recipient, subject, timestamp) are stored to provide your activity history within Tallie.

04

How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Tallie platform
  • Send emails and create calendar events on your behalf when you use those integrations
  • Generate analytics and reports within your account
  • Respond to your support requests and communications
  • Send product updates, security alerts, and administrative messages
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities
  • Power AI-powered candidate-job matching, using candidate preferences (availability, salary expectations, location, role preferences) alongside skills and experience to surface relevant candidates for open roles
  • Generate AI-drafted outreach emails, sequence steps, and document content on your behalf
  • Automatically match candidates to talent pools based on configured criteria
  • Generate email signatures from user profile data
  • Improve and develop new features for the platform
  • Comply with legal obligations

We do not use your data for advertising, and we do not build advertising profiles based on your usage of Tallie.

05

Sharing & Disclosure

We do not sell your personal data. We may share information in the following limited circumstances:

Service Providers (Sub-Processors)

We may disclose personal data to companies that assist us in providing our Service. These providers access only the data necessary to perform their services and are bound by their respective terms of service and privacy policies to protect it. Our current service providers include:

ProviderPurposeLocation
Supabase, Inc.Database, authentication, file storageUS
Vercel, Inc.Application hosting and edge networkUS
Resend, Inc.Transactional email deliveryUS
Anthropic, PBCAI services (matching, parsing, content generation)US
Google LLCEmail and calendar APIs (user-connected)US

We will update this list as service providers change.

Candidate Data Processing

Tallie is used by recruiting agencies to manage candidate information. When a candidate applies to a job through our careers pages, their personal data (name, email, phone, resume, and cover letter) is collected and stored on behalf of the recruiting agency. The agency is the data controller; Tallie acts as the data processor.

Candidates have the right to request access to, correction of, or deletion of their personal data at any time by contacting the recruiting agency directly. Agencies using Tallie can fulfill these requests through the platform's built-in consent management and data deletion tools. Data marked for deletion is permanently purged within 30 days.

Candidate data sourced from public profiles (e.g., LinkedIn) is processed under the legal basis of Legitimate Interest for recruitment purposes. Candidates can opt out by contacting the agency or replying REMOVE to any outreach email.

Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers

If Tallie is acquired, merged, or undergoes a change of ownership, your data may be transferred as part of that transaction. We will notify you in advance if this occurs.

With Your Consent

We may share information in other circumstances with your explicit consent.

06

Data Retention

We retain your account data for as long as your account is active. If you cancel your account, we will delete your data within 30 days, except where we are required to retain it for legal or compliance purposes.

You can request deletion of your data at any time by contacting hello@tallieos.com or using the data export and deletion tools in Settings โ†’ Data & Privacy.

07

Security

Tallie is committed to achieving SOC 2 Type II certification. Our security practices are designed to meet or exceed the Trust Services Criteria for Security, Availability, and Confidentiality.

We take reasonable technical and organizational measures to protect your data, including:

  • Encryption of data in transit (TLS) and at rest
  • Encrypted storage of OAuth tokens and credentials
  • Role-based access controls limiting which team members can access data
  • Regular security reviews of our infrastructure
  • Automated vulnerability scanning and dependency auditing
  • Logical access controls with principle of least privilege
  • Incident response procedures with defined escalation paths
  • Annual security reviews and penetration testing
  • Audit logging of administrative actions and data access

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If you discover a security vulnerability, please disclose it responsibly to hello@tallieos.com.

08

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access โ€” Request a copy of the data we hold about you
  • Correction โ€” Request correction of inaccurate or incomplete data
  • Deletion โ€” Request deletion of your personal data
  • Portability โ€” Request an export of your data in a machine-readable format
  • Objection โ€” Object to certain types of processing
  • Withdrawal of consent โ€” Withdraw consent for processing where consent is the legal basis

To exercise any of these rights, use the tools in Settings โ†’ Data & Privacy or contact us at hello@tallieos.com. We will respond within 30 days.

09

GDPR & International Data Protection

Tallie is working toward compliance with the General Data Protection Regulation (GDPR) and other applicable international data protection laws. While we have not yet completed formal GDPR certification or legal verification, we have designed our platform with data protection principles in mind from day one. This section outlines our current practices and commitments for users in the European Union, European Economic Area, and other jurisdictions with similar requirements.

Lawful Basis for Processing

We process personal data only when we have a valid legal basis to do so. The table below summarizes the lawful bases we rely on for different processing activities:

PurposeLawful BasisDetails
Account creation and managementContract PerformanceProcessing is necessary to provide you with the Tallie platform and fulfill our contractual obligations to your agency
Analytics and platform improvementLegitimate InterestWe analyze usage patterns to improve features, fix issues, and enhance the overall user experience
Security and fraud preventionLegitimate InterestWe monitor for unauthorized access, abuse, and security threats to protect our users and platform
Recruitment operationsLegitimate InterestProcessing candidate and client data is necessary for the core recruiting activities that agencies perform through Tallie
Email and calendar integrationsConsentWe only access your email and calendar data after you explicitly connect your Google or Microsoft account and grant permission

Data Processing Addendum

We are in the process of preparing a Data Processing Addendum (DPA) for customers in the EU/EEA. A DPA is a legal agreement that formalizes the obligations of both data controllers and data processors under GDPR. Once available, it will be provided upon request. If you have questions about data processing arrangements in the meantime, please contact us at hello@tallieos.com.

Cross-Border Data Transfers

Tallie processes data in the United States through our infrastructure providers, including Supabase (US), Vercel (US), and Anthropic (US). We are working to implement appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) where required. If you have specific questions about how your data is transferred or stored, please contact us at hello@tallieos.com.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, Tallie will make reasonable efforts to notify affected users and relevant authorities promptly. Our goal is to provide notification within 72 hours of becoming aware of the breach, consistent with GDPR Article 33 standards. Notifications will include the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken or proposed to address the breach.

Privacy Contact

We do not currently have a designated Data Protection Officer. For privacy inquiries, data protection questions, or to exercise your data rights, please contact us at hello@tallieos.com. We aim to respond to all privacy-related requests within 30 days.

10

Cookies

Tallie uses cookies and similar technologies for authentication (keeping you logged in) and session management. We do not use advertising cookies or third-party tracking cookies.

You can control cookies through your browser settings, but disabling cookies may affect your ability to log in and use Tallie.

11

Children's Privacy

Tallie is a professional business tool intended for adults. We do not knowingly collect personal data from anyone under the age of 16. If you believe a minor has provided us with personal data, please contact us at hello@tallieos.com and we will delete it promptly.

12

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and by posting a notice within the Tallie platform at least 14 days before the changes take effect. The updated policy will always be available at tallieos.com/privacy.

Your continued use of Tallie after changes take effect constitutes your acceptance of the updated policy.

13

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please reach out:

Tallie Privacy Team

Email: hello@tallieos.com
Website: tallieos.com

We aim to respond to all privacy-related inquiries within 5 business days.