Privacy Policy

This Privacy Policy describes how Tally ("we," "our," or "us") collects, uses, stores, and protects your personal information when you use the Tally mobile application (the "App"). We are committed to protecting your privacy and handling your data transparently. By using the App, you consent to the data practices described in this policy.

If you have any questions about this policy, contact us at m.raslan97@gmail.com or write to us at Tally, 5 As-Sarayat st., Cairo, Egypt.

1. Information We Collect

We collect information you provide directly to us, information collected automatically when you use the App, and information from third-party services you choose to connect.

Personal Information

• Name and email address
• Authentication provider identifiers (Google Sign-In, Sign in with Apple, or email/password)
• Profile photo (if provided)

Health & Biometric Data

• Body measurements (weight, height, body fat %, waist circumference, muscle mass)
• Medical conditions, medications, and allergies (only if you choose to provide them)
• Blood pressure, blood sugar, and blood type (only if you choose to provide them)
• Activity level, exercise data, and sleep patterns

Nutrition & Diet Data

• Health and dietary preferences (including halal/haram preferences)
• Meal plans and food logs
• Scanned food images and AI-generated nutritional analysis
• Water intake logs
• Grocery budget and shopping preferences

Voice & Audio Data

Audio captured when you use voice input with Jasmine (our AI assistant). Audio is transcribed using on-device or platform speech-to-text services where available; transcripts may be sent to our AI provider for processing. Raw audio is not stored on our servers.

Device Permissions We Request

• Camera — to scan food items and barcodes for nutritional analysis
• Photo Library — to select existing food photos for analysis
• Microphone — to enable voice input with Jasmine
• Notifications — to send meal reminders, water reminders, and goal progress updates
• Apple HealthKit / Health Connect — to read activity and write nutrition data, only with your explicit permission

You can revoke any of these permissions at any time in your device settings.

Device & Usage Data

• Device type, operating system version, and app version
• Crash reports and error logs (via Firebase Crashlytics)
• App usage analytics and feature interaction events (with your consent)

2. How We Use Your Information

We use the information we collect to provide, maintain, and improve our services. Specifically:

• Generate personalized meal plans
• Track your health and nutrition goals
• Analyze food images using AI to identify items and estimate nutritional content
• Personalize Jasmine's responses based on your health profile and goals
• Calculate personalized daily nutrition targets based on your biometric data and fitness goals
• Send important notifications and reminders
• Diagnose crashes and improve App functionality and user experience

We do not sell your data. We do not use your data for advertising. We do not use your personal data to train AI models.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, our legal bases for processing your personal data are:

• Consent — for optional analytics, sensitive health data you provide, and marketing communications.
• Performance of a contract — to deliver the core App functionality (meal planning, food logging, AI analysis).
• Legitimate interests — for security, fraud prevention, crash diagnostics, and service improvement, balanced against your rights.
• Legal obligations — where we are required by law to retain or disclose data.

You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

4. AI Data Processing

Our App uses Google Gemini AI to process food images and provide personalized nutrition guidance. When you scan a meal, your food image is sent to Google's servers for AI analysis. Jasmine uses your health profile data (goals, dietary preferences, biometrics) to provide personalized responses; this contextual data is sent to Google's servers during chat sessions. We do not use your personal data to train AI models. Chat conversation history is stored only on your local device and is never uploaded to our cloud servers. Google's use of data sent to Gemini AI is governed by Google's Privacy Policy.

5. Data Storage & Security

Your data is stored using a combination of local and cloud storage to ensure both offline functionality and backup:

• Local device database (SQLite, encrypted via SQLCipher) for offline access to your profiles, meal logs, health metrics, and settings
• Google Firebase Cloud Firestore for secure cloud backup and cross-device data synchronization
• AI chat conversations are stored exclusively on your device and are never synced to our cloud servers
• Authentication tokens are stored in platform-secure storage (iOS Keychain / Android EncryptedSharedPreferences)
• Data is encrypted in transit using TLS and at rest using provider-managed encryption

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. No method of electronic storage is 100% secure; we cannot guarantee absolute security.

6. Third-Party Services

We use trusted third-party services to operate the App. These services may collect and process data as described in their own privacy policies:

• Google Firebase — authentication, cloud database, file storage, remote configuration (Privacy Policy)
• Google Gemini AI — food image recognition, nutritional analysis, and AI chat processing (Privacy Policy)
• USDA FoodData Central — primary nutritional data lookup for identified foods
• Open Food Facts — supplementary food and nutrition database
• Apple HealthKit / Google Health Connect — reading and writing health and activity data with your explicit permission
• Firebase Crashlytics — anonymous crash reporting and error diagnostics to improve App stability

7. International Data Transfers

Our cloud infrastructure (Firebase, Gemini AI) is operated by Google and may process your data in the United States and other countries outside your country of residence. Where data is transferred out of the EEA, UK, or Switzerland, we rely on Google's Standard Contractual Clauses and other approved transfer mechanisms to ensure your data receives an adequate level of protection.

8. Data Sharing & Disclosure

We do not sell, trade, or rent your personal information to third parties. We do not share your data for advertising purposes. We may share your data only in the following limited circumstances:

1. With third-party service providers listed above, solely to operate the App's features
2. If required by law, regulation, legal process, or governmental request
3. To protect the rights, property, or safety of our users or the public
4. In connection with a merger, acquisition, or sale of assets, in which case you would be notified via in-app notification or email

Any data shared with third-party service providers is limited to what is necessary to provide their specific service.

9. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

• Access your personal data
• Correct inaccurate or incomplete data
• Request data deletion ("right to be forgotten")
• Export your data in a portable format
• Restrict or object to certain processing
• Withdraw consent for analytics data collection at any time
• Opt out of data collection where lawful
• Lodge a complaint with your local data protection authority

To exercise any of these rights, use the in-app Settings → Account → Delete Account / Export Data controls, or email us at m.raslan97@gmail.com. We will respond within 30 days.

California Residents (CCPA / CPRA)

California residents have the right to know what personal information we collect, to request deletion, to correct inaccurate information, and to opt out of the "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under the CCPA/CPRA. To submit a request, email m.raslan97@gmail.com. We will not discriminate against you for exercising these rights.

10. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by applicable law or legitimate business purposes (such as resolving disputes or enforcing agreements). Encrypted Firebase backups may persist for up to 90 days after deletion before being purged from backup systems. Locally stored data, including chat history, is removed when you uninstall the App or clear app data.

11. Children's Privacy

The App is not intended for use by children under 16. We do not knowingly collect personal information from children under 16. In compliance with the U.S. Children's Online Privacy Protection Act (COPPA), we additionally do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under the applicable age without verifiable parental consent, we will take steps to delete that information as soon as possible. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at m.raslan97@gmail.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy within the App and updating the "Last updated" date. For significant changes, we will provide prominent notice via in-app notification at least 30 days before the changes take effect. Your continued use of the App after any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: m.raslan97@gmail.com
• Postal address: Tally, 5 As-Sarayat st., Cairo, Egypt

We will respond to your inquiry within a reasonable timeframe and in accordance with applicable data protection regulations.