TallyScout — Privacy Policy
Last updated: 15 June 2026
This Privacy Policy explains how WBS, a sole trader of England, United Kingdom ("Tallyscout", "we", "us") collects and handles personal data when you use the Tallyscout iOS app and related services (the "Service").
We are the data controller for the personal data described in this Policy. For privacy questions or to exercise your rights, contact [email protected].
1. What we collect
1.1 You give us
| Category | Examples |
|---|---|
| Account | Email address, password (hashed), user ID |
| Profile | Display name, optional profile photo |
| Your Content | Shopping lists, trip history, prices, stores, product photos |
| Communications | Emails you send to our support, legal, or privacy inboxes |
1.2 Collected automatically
| Category | Examples |
|---|---|
| Device & technical | Device model, OS version, app version, language, time zone, IP address |
| Usage analytics | Screen views, feature interactions, session metadata |
| Diagnostic & crash data | Crash reports, error stack traces, breadcrumbs, request metadata |
| Bot-protection signals | IP, device/browser characteristics gathered by Cloudflare Turnstile |
| Subscription state | In-App Purchase status, receipts, and a pseudonymous app-user-ID (from Apple, via RevenueCat) |
1.3 From third parties
- Apple — subscription and purchase status linked to your Apple ID.
- RevenueCat — subscription status, entitlements, and receipt validation, linked to a pseudonymous app-user-ID we send (not your email or Apple ID).
- Open Food Facts / Open Library — public product data we look up by barcode. These third parties do not receive your identity from us; only the scanned identifier is sent.
We do not knowingly collect special-category data under UK GDPR Art. 9 (e.g. health, biometric, political, religious data).
2. Why we use it, and our lawful basis
| Purpose | Lawful basis (UK GDPR Art. 6) |
|---|---|
| Create and maintain your account; sync your data across devices | Contract — Art. 6(1)(b) |
| Process subscriptions and respect Apple's billing flow | Contract — Art. 6(1)(b) |
| Respond to your support, legal, and privacy enquiries | Contract / Legitimate interests |
| Diagnose crashes and errors (Sentry) to keep the Service working | Legitimate interests — Art. 6(1)(f) |
| Understand product usage and improve features (PostHog) | Legitimate interests — Art. 6(1)(f) |
| Detect and prevent abuse, bots, and fraud (Cloudflare Turnstile) | Legitimate interests — Art. 6(1)(f) |
| Produce aggregated and anonymised datasets (see §6) | Legitimate interests — Art. 6(1)(f) |
| Comply with tax, accounting, and other legal duties | Legal obligation — Art. 6(1)(c) |
| Optional marketing communications (only if you opt in) | Consent — Art. 6(1)(a) |
Where we rely on legitimate interests, we have balanced our interests against your rights and consider the processing limited and proportionate. You can object at any time (see §7).
3. Who we share data with
We do not sell personal data. We share personal data only with the processors and recipients below, each under a written Data Processing Agreement (DPA).
| Processor / recipient | Role | Where processed |
|---|---|---|
| Apple | App distribution, sign-in, in-app billing | EU / US |
| RevenueCat | Subscription management, receipt validation, entitlements | US |
| Supabase | Database, authentication, file storage | EU (region pinned) |
| Cloudflare | CDN, Pages, Workers, R2 storage, Turnstile | Global edge network |
| Sentry | Error and crash monitoring | EU |
| PostHog | Product analytics | EU |
We may also disclose personal data:
- to professional advisers (accountants, lawyers) under a duty of confidentiality;
- to law enforcement or regulators where required by a valid legal request;
- to a buyer or successor in the event of a merger, acquisition, or asset sale of Tallyscout — in which case we will notify you and ensure equivalent protection.
4. International transfers
Some processors are based outside the UK. Where personal data leaves the UK to a country without an adequacy decision, we rely on the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses (SCCs) with the UK Addendum, together with appropriate technical and organisational measures.
5. Retention
| Data | How long we keep it |
|---|---|
| Account, profile, Your Content | Until you delete your account |
| Anonymised, aggregated data | Indefinitely (no longer personal data — see §6) |
| Diagnostic and crash logs (Sentry) | Up to 30 days |
| Product analytics events (PostHog) | Up to 90 days |
| Bot-protection signals (Cloudflare) | As per Cloudflare's retention defaults (short-lived) |
| Subscription records (RevenueCat) | For the life of the subscription, per RevenueCat retention |
| Communications with our inboxes | Up to 24 months from last interaction |
| Billing records required by law | 6 years from the end of the relevant financial year (HMRC rules) |
| Backups | Overwritten on a rolling 30-day cycle |
6. Aggregated and anonymised data
We may produce aggregated and anonymised datasets derived from Your Content and other users' content (for example, average prices of products by region or category). Once data has been anonymised so it cannot be linked back to you, it is no longer personal data under UK GDPR, and we may use, publish, or commercialise it (including selling or licensing it to third parties) without further notice. We will not sell data that personally identifies you without your separate, explicit consent.
7. Your rights
Under UK GDPR you have the right to:
- access the personal data we hold about you;
- rectify inaccurate or incomplete data;
- erase your data ("right to be forgotten");
- restrict or object to certain processing, including processing based on legitimate interests;
- portability — receive your data in a machine-readable format;
- withdraw consent at any time, where processing is based on consent (without affecting earlier processing);
- lodge a complaint with the UK Information Commissioner's Office (ICO) at https://ico.org.uk/make-a-complaint/ or by calling 0303 123 1113.
To exercise these rights, email [email protected]. We will respond within one month (extendable by two further months for complex requests, with notice). We will ask you to verify your identity before acting.
8. Account deletion
You can delete your account at any time from in-app settings or by emailing [email protected]. On deletion:
- your profile and identifying information are removed;
- product, price, and aggregate usage data may be anonymised and retained for analytics, abuse prevention, improving the Service, and the aggregated datasets described in §6;
- backups containing your data are overwritten on our normal backup cycle (up to 30 days);
- certain records (e.g. billing) are kept where required by law (§5).
9. Security
We protect your data with industry-standard measures, including:
- TLS encryption in transit and at-rest encryption for stored data;
- access controls and least-privilege for all internal systems;
- password hashing via Supabase Auth (we never see your plaintext password);
- Cloudflare Turnstile to deter automated abuse;
- monitoring and alerting on production systems.
No system is perfectly secure. If a personal-data breach is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where the risk is high, notify you directly.
10. Bot protection signals
We use Cloudflare Turnstile, including invisible challenges, to detect automated abuse. Turnstile collects device, browser, and request signals (such as IP address and behavioural fingerprints) and processes them on Cloudflare's edge network. Turnstile is designed to avoid persistent tracking and does not require cookies for end users. See Cloudflare's Turnstile-specific privacy notice at https://www.cloudflare.com/en-gb/turnstile-privacy-policy and the general Cloudflare privacy policy at https://www.cloudflare.com/privacypolicy/.
11. Children
The Service is intended for users aged 13 and over. We do not knowingly collect data from children under 13. Under UK GDPR, users under 16 should have a parent or guardian review this Policy on their behalf. If you believe a child has provided us with personal data, contact [email protected] and we will delete it.
12. Third-party links and services
The Service may surface information from third parties (e.g. Open Food Facts, Open Library). Their privacy practices are governed by their own policies, not this one.
13. Changes to this Policy
We may update this Policy from time to time. Material changes will be notified in-app or by email at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent revision.
14. Contact
- General enquiries: [email protected]
- Account, billing, and support: [email protected]
- Privacy and data-subject requests: [email protected]
- Legal notices: [email protected]
- Product feedback: [email protected]
You also have the right to complain to the UK Information Commissioner's Office at https://ico.org.uk.