Controller
TallyhubGH
Products
Web, desktop, mobile & /pay
Privacy requests
Within 30 days
1Scope
This policy applies where TallyhubGH determines the means and purposes of processing personal and business data — including account holders, invited team members, partner users, and visitors to our marketing site and hosted checkout pages. It does not cover third-party sites you link to from the Service.
2Products and Surfaces
- Marketing site: tallyhubgh.com pages, contact forms, download links, and locale preferences.
- Web dashboard: inventory, POS, sales, purchases, dispatch, settlements, reports, billing, team management, and integrations.
- Desktop app: offline POS with local SQLite; sync metadata and transaction payloads when online.
- Mobile apps: staff, customer, and organization apps with device identifiers and push notification tokens where enabled.
- Hosted /pay: public checkout sessions; payers may not have TallyhubGH accounts.
- Partner portal: referral tracking, commission records, and partner profile data.
3Information We Collect
We collect information you provide, information generated through use of the Service, and technical data needed to operate securely.
- Account data: name, email, phone, organization, role, tenant settings, verification status, and invitation metadata.
- Commercial records: products, stock levels, sales, purchases, invoices, orders, customers, suppliers, locations, and reports you create.
- Payment data: plan selections, billing contacts, Paystack references, authorization metadata, settlement and payout records — not full card numbers stored by us.
- Dispatch & wholesale: warehouse transfers, dispatch history, settlement balances, and partial payment records.
- Support data: messages, attachments, and contact details from support and contact forms.
- Technical & security: IP address, device type, user-agent, session events, audit logs, and error diagnostics.
- Marketplace: storefront configuration, catalog visibility, and buyer order details when you enable marketplace features.
- Partner program: referral codes, referred merchant metadata, and commission calculations.
4How We Use Information
- Provide inventory, POS, sales, purchases, dispatch, settlements, reporting, marketplace, and related features.
- Authenticate users, enforce tenant isolation and RBAC, and prevent abuse.
- Process subscriptions, hosted checkout, settlements, and payout configuration via Paystack.
- Monitor uptime, diagnose errors, detect fraud, and maintain audit trails.
- Respond to inquiries, onboarding, and account recovery.
- Power AI assistant, catalog import, and similar features you opt into.
- Deliver in-app, email, push, or webhook notifications you configure or that are essential to the Service.
5Legal Bases for Processing
- Contract: to provide the Service you subscribe to or trial.
- Legitimate interests: security, fraud prevention, product improvement, and analytics in proportion to impact.
- Legal obligations: tax, accounting, regulatory requests, and lawful orders.
- Consent: where required for non-essential cookies, certain marketing, or optional AI processing.
6Payments and Billing Data
Subscription and checkout flows use Paystack. We receive transaction references, status, amounts, and payer contact details needed for reconciliation — not full payment card numbers. Payout subaccount configuration includes business identifiers required by the payment provider. Retention follows accounting and provider requirements.
7Hosted Checkout (/pay)
Payers on public checkout pages may enter name, email, phone, and payment method details handled by Paystack. Page locale may be chosen per session without changing the merchant's account settings. Checkout session metadata links payments to your invoices or orders.
8Mobile and Desktop Data
Desktop offline mode stores operational data locally on your device until sync. Mobile apps may collect device tokens for push notifications and coarse location only if you enable features that require it. You control device access through OS-level permissions.
9AI Processing
When you use AI assistant or catalog import, prompts, uploaded files, and generated outputs may be processed to deliver the feature and improve safety. Do not submit sensitive personal data unrelated to business operations. We apply access controls and retention limits appropriate to AI subprocessors.
10Security and Access Controls
We use JWT authentication, refresh-token cookies with strict settings in production, password hashing, email verification, tenant-scoped queries, role-based permissions, and security event logging. Administrators control who can access locations, reports, and payout settings.
11Data Sharing
We share data only as needed to operate the Service: payment processors (Paystack), cloud infrastructure, email and notification providers, analytics where enabled, and integrations you activate.
We do not sell personal data. Processors must protect data and use it only for permitted purposes under contract.
We may disclose information when required by law, to protect rights and safety, or in connection with a merger or acquisition with notice where practicable.
12International Transfers
Data may be processed in Ghana and other countries where we or subprocessors operate. Where required, we implement contractual and organizational safeguards designed to maintain appropriate protection levels.
13Retention
We retain data for the life of your account and as needed for legal, tax, and security purposes. Session artifacts, temporary tokens, and stale notification subscriptions are cleaned up automatically. After account closure, some records may be retained in anonymized or aggregated form, or as required by law.
14Your Privacy Rights
Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, port, or object to processing of personal data, and to withdraw consent where processing is consent-based. Contact us to exercise rights; we may verify identity before responding.
15Your Choices
You may update profile data in settings, manage team access, configure notification preferences, and request export or deletion subject to legal retention requirements. See our Cookies Policy for browser controls.
16Merchant Responsibilities for End Customers
If you collect personal data from your customers through POS, marketplace, or hosted checkout, you are typically the data controller for that relationship. You must provide your own privacy notice, obtain required consents, and honor data subject requests for customer records you control. We process end-customer payment data as a processor on your instructions where applicable.
17Children's Data
TallyhubGH is designed for business users and is not directed to children under 16. We do not knowingly collect children's personal information for marketing purposes.
18Policy Changes
We may update this policy from time to time. Material changes will be reflected by updating the "Last updated" date and, where appropriate, additional in-product or email notice.
19Contact
For privacy questions or requests, contact us through /contact.
Related policies