Privacy Policy

Last updated: March 21, 2026

FairTally respects your privacy. This policy explains what data we collect, why we collect it, how long we keep it, and what rights you have. FairTally is operated as a sole proprietorship—one person building a tool for shared expense tracking.

1. Who we are

FairTally is an app for tracking shared expenses and splitting costs fairly. We offer a website (with beta signup) and a mobile/web app where you can create an account and manage your expenses with others.

For data questions, contact us at hello@fairtally.com.

2. Information we collect

Information you give us

• Name. When you create an account, we collect a display name so other users can identify you in shared groups and expenses.
• Email address. Used to create and authenticate your account, send transactional messages (e.g., expense notifications, password reset), and communicate with you about the service. If you signed up for our beta waitlist, we also use it to notify you when the app is available.
• Financial data (expenses and settlements). When you use the app, we store the expense records, amounts, splits, and settlement transactions you create. This data is the core of the service and is tied to your account.
• Payment information. If you pay for a subscription, Stripe processes your payment card data directly under their own PCI-compliant infrastructure. We receive only a non-sensitive token and summary (e.g., last four digits, card type, expiry). We never see or store your full card number.

Information collected automatically

• IP address in audit logs. For security purposes, we record the IP address associated with certain account actions (e.g., login, account changes). These audit log entries are retained for 90 days and then deleted.
• Infrastructure logs. Our hosting providers may log standard request data (IP address, timestamp, request path) for availability and debugging. See section 4 for providers.
• Font requests. Our site loads fonts from Google Fonts. When your browser fetches those files, Google receives your IP address and standard HTTP headers. See Google's Privacy Policy.

We do not use cookies, analytics scripts, or third-party advertising trackers.

3. Legal basis for processing

We process your data under the following legal bases:

• Contract performance. We process your name, email, and financial data because it is necessary to provide the service you signed up for—account creation, expense tracking, and settlements.
• Legitimate interests. We log IP addresses in audit logs to detect and prevent fraud and unauthorized account access. Our legitimate interest in security outweighs the minimal privacy impact of retaining these logs for 90 days.
• Legal obligation. We may retain or disclose data where required by applicable law.

4. Third-party providers

We do not sell your information. We share data only with the providers necessary to run the service. All are US-based and process data only on our behalf:

• Stripe — payment processing. Handles payment card data directly under their own PCI-compliant infrastructure.
• Resend — transactional email delivery (e.g., account notifications, expense invites).
• Railway — application and database hosting.
• Cloudflare — DNS, CDN, and DDoS protection for the website.
• Google Fonts — web font delivery.

We may also disclose information if required by law or to protect the safety, rights, or property of FairTally or its users.

5. Data retention

• Audit log IP addresses: 90 days, then automatically deleted.
• Expense and settlement records: Retained for 1 year after the record is created or last modified, unless your account is deleted sooner.
• Account data (name, email, profile): Retained until you delete your account.
• Beta waitlist email: Retained until the beta period ends, after which it is deleted. You can request earlier deletion at any time.

After account deletion, we do not retain personal or financial data except where legally required (e.g., fraud prevention or legal hold).

6. Account and data deletion

You can delete your FairTally account at any time from the settings area in the app. Deletion removes your account, name, email, and all financial records you created. This is permanent and cannot be undone. Alternatively, email us at hello@fairtally.com and we will process your request promptly.

7. Your rights

You have the following rights over your data, all of which are available directly in the app or by contacting us:

• Access and export. You can view all your data in the app and request a full export of your account data.
• Rectification. You can correct your name, email, and other profile information at any time in the app settings.
• Deletion. You can delete your account and all associated data at any time (see section 6).
• Unsubscribe. You can opt out of non-essential emails via the unsubscribe link in any message or by contacting us directly.

If you're in the EEA, UK, or Switzerland, you can also withdraw consent, object to processing based on legitimate interests, or lodge a complaint with your local data protection authority. If you're in California, we do not sell your data; contact us to exercise any additional rights you may have.

8. App Store privacy labels

Apple requires us to declare the data categories the FairTally app collects. The following categories are collected, linked to your identity, and used for app functionality:

• Contact Info — email address (account creation and authentication)
• Financial Info — expenses and settlements (core app functionality)
• Identifiers — user ID (account and session management)
• Usage Data — IP address in audit logs (security logging, retained 90 days)

All data listed above is "Data Linked to You" and "Data Used for App Functionality." We do not collect data for tracking, advertising, or analytics beyond what is described in this policy.

9. Security and breach notification

We use HTTPS (TLS) for all data in transit. Access to production systems is restricted to authorized personnel. Audit logs capture key account actions for security review. We collect only the minimum data necessary to provide the service.

In the event of a personal data breach, we will notify affected users without undue delay and, where the breach is likely to result in a risk to your rights and freedoms, we will report it to the relevant supervisory authority within 72 hours of becoming aware of it, as required by applicable law (including GDPR Article 33 and 34). Notification to affected users will describe the nature of the breach, the data involved, the likely consequences, and the steps we have taken or propose to take to address it.

10. Children

The service is not for anyone under 18. We do not knowingly collect data from minors. If you believe we have, contact us and we will delete it promptly.

11. International transfers

Our providers are US-based, so data may be processed in the United States. If you are accessing the service from the EEA or another jurisdiction with data transfer restrictions, we rely on appropriate legal mechanisms for those transfers.

12. Changes

We may update this policy from time to time. Material changes will be communicated by email or a notice on the site. The "Last updated" date at the top always reflects the current version.

13. Contact

For privacy questions, data requests (access, export, deletion, rectification), or to report a concern, email hello@fairtally.com. We aim to respond within 5 business days.