Terms of Service

Last updated: January 2025

Overview

TallyHo is developed and maintained by Steve Leggat (Front&Back) to help freelancers and sole traders manage their time tracking and invoicing efficiently. This document outlines how the application works, what data is collected, your rights regarding that data, and the terms of using our service.

Using TallyHo

By creating an account and using TallyHo, you agree to these terms. You're responsible for keeping your account secure and for all activity that happens under your account.

You retain ownership of all content you create in TallyHo (clients, projects, tasks, invoices, and time entries). We provide the platform; you own your data.

Legal Basis for Data Processing (GDPR)

Under GDPR, we process your data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide TallyHo services (Article 6(1)(b))
  • Legitimate Interest: Analytics and service improvement (Article 6(1)(f))
  • Consent: Marketing communications (where applicable) (Article 6(1)(a))
  • Legal Obligation: Compliance with tax and business record requirements (Article 6(1)(c))

Data Collection & Use

We collect and process the following types of data:

Essential Account Data

  • Email address (for account creation and communication)
  • Password (encrypted and hashed)
  • Account preferences and settings
  • Your time tracking data (clients, projects, tasks, time entries)

Analytics Data (Matomo)

To improve TallyHo and fix issues, we collect anonymized usage information:

  • Application interactions (features used, pages visited, buttons clicked)
  • Time spent using different parts of the application
  • Error information when something goes wrong
  • Browser and device information for debugging compatibility issues
  • Anonymized usage patterns to identify areas for improvement

This data is anonymized and used solely for improving the application, fixing bugs, and developing new features. No personal information from your time tracking data is included in these analytics.

Your Data Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

Right of Access (Article 15)

You can request a copy of all personal data we hold about you. Contact us and we'll provide this within 30 days.

Right to Rectification (Article 16)

You can correct inaccurate personal data directly in your TallyHo account, or contact us for assistance.

Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your personal data by contacting us at [email protected]. We're currently developing a self-service account deletion feature. Note: We may retain some data for legal obligations (e.g., business records) and data may persist in encrypted backups for up to 30 days.

Right to Data Portability (Article 20)

You can export your data from TallyHo at any time in machine-readable formats (CSV, JSON). This feature is currently being developed and will be available in your account settings soon. In the meantime, contact us for a data export.

Right to Object (Article 21)

You can object to processing based on legitimate interests (like analytics). Contact us to opt-out of analytics tracking.

Right to Restrict Processing (Article 18)

You can request we limit how we process your data in certain circumstances.

Exercising Your Rights: Contact us at [email protected] to exercise any of these rights. We'll respond within 30 days.

Data Retention & Backups

  • Active Accounts: Data retained while your account is active
  • Deleted Accounts: Most data deleted within 30 days; some records retained for legal/tax obligations (up to 7 years)
  • System Backups: We maintain compressed backups of all data twice daily for disaster recovery, stored securely on Dropbox Business with restricted access. Deleted data may persist in these backups for up to 30 days
  • Analytics Data: Anonymized data retained for up to 2 years for service improvement
  • Communication Records: Support emails retained for up to 3 years

Your Privacy & Data Security

The content you create in TallyHo (your clients, projects, tasks, and invoices) belongs to you. Your data is stored securely using industry-standard encryption and we do not access this information except when necessary to troubleshoot specific technical issues you report, and only with your explicit permission.

Admin Access: For technical support and troubleshooting purposes, authorized administrators can access your account data when necessary for resolving reported issues. All admin access is logged and limited to essential personnel.

International Data Transfers

Your data is stored on servers in the United States (Hostinger VPS) and backed up to secure cloud storage. When we transfer data outside the EU/EEA, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) with service providers
  • Adequate security measures including encryption in transit and at rest
  • Limiting data access to authorized personnel only
  • Other appropriate safeguards as required by GDPR

Third-Party Services

TallyHo uses the following third-party services that may process your data:

  • Matomo Analytics: For anonymized usage analytics (privacy-focused, GDPR compliant)
  • Cloudflare CDN: For content delivery and basic security protection (Standard Contractual Clauses)
  • Hostinger VPS: For secure application hosting and data storage (US-based, Standard Contractual Clauses)
  • Dropbox Business: For encrypted backup storage (Standard Contractual Clauses)
  • SendGrid: For sending transactional emails (password resets, notifications) (Standard Contractual Clauses)

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Notify affected users without undue delay if the breach is likely to result in high risk
  • Provide clear information about the breach and steps being taken

Children's Privacy

TallyHo is not intended for children under 16. We do not knowingly collect personal data from children under 16. If we become aware of such collection, we will delete the data promptly.

Service Availability

We strive to keep TallyHo running smoothly and available, but like all online services, there may be occasional downtime for maintenance or due to technical issues. We'll do our best to notify users of planned maintenance when possible.

TallyHo is provided "as is" without warranties. While we work hard to make it reliable and useful, we can't guarantee it will always be perfect or meet all your specific needs.

Changes to Terms

We may update these terms occasionally. When we do, we'll update the date at the top and notify active users via email and in-app notification. Continued use of TallyHo after changes means you accept the updated terms.

Supervisory Authority

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with your local data protection authority. For EU residents, you can find your local authority at edpb.europa.eu.

Contact & Data Protection Officer

For questions about these terms, your data rights, privacy concerns, or support:

Steve Leggat

General inquiries: [email protected]

Privacy & Data Protection: [email protected]

Front&Back NZ
Auckland, New Zealand

We aim to respond to all inquiries within 30 days (48 hours for general support).