Tally Freight

Privacy Policy

Last updated: 2026-04-21

Who we are

Tally Freight is a rate-management tool for freight forwarders. Forwarders upload carrier rate contracts, search lanes across every uploaded carrier, and build customer quotes. This policy explains what we collect, how we use it, and the controls you have.

What we collect

  • Account data. Your email address, a hashed password (handled by Supabase Auth), the display name you provide, your company name, and the colleagues you invite.
  • Content you upload. Carrier rate contracts in Excel, PDF, or DOCX; the files themselves (stored in Supabase Storage); the parsed rates, surcharges, and lane data; the customer records you enter; and the quotes you build.
  • Outlook integration (optional). If you connect Outlook, we store OAuth tokens scoped to Mail.Send and User.Read. We send email through your Outlook mailbox only when you click Send Quote. We do not read your inbox.
  • Usage telemetry. Page views and feature-usage timestamps, anonymized and used to improve the product.

How we use it

  • Operate the service: store and search your contracts, compute lane comparisons, generate quotes, and send quote emails on your behalf.
  • Communicate with you: transactional email only. Account verification, password reset, invite delivery, trial reminders. No marketing email from this product.
  • Improve the product using aggregated usage patterns.
  • We do not sell your data. We do not use your contracts or quotes to train AI models.

Third-party processors

  • Supabase (United States): database, authentication, and file storage.
  • Vercel (United States): hosting and edge network.
  • Microsoft Graph API: Outlook send, on your explicit consent and revocable by you at any time.
  • Anthropic (United States): powers the in-app feature-request chatbot. Contract and quote data are not sent to Anthropic.
  • Resend (United States): delivers transactional email (verification, reset, invite).

Data retention

  • Account data is kept while your account is active, and for 30 days after you request deletion. After 30 days we purge it.
  • Uploaded contracts, quotes, and customer records stay as long as your account is active. You can delete them from inside the app at any time.
  • Outlook OAuth tokens are kept while the integration is connected. Disconnect at any time from Settings, Outlook.
  • Audit logs are retained for 180 days.

Security

Data is encrypted in transit over TLS and at rest in Supabase. Row-level security isolates your tenant from every other tenant in the database. Outlook refresh tokens live in Supabase's vault.secrets (encrypted at the row level). Password hashes never leave Supabase Auth.

Your rights

  • Access. Email privacy@tallyfreight.com from your account email for a copy of your data.
  • Deletion. Email the same address. We respond within 30 days.
  • Correction. You can edit your own data inside the app at any time.

Children

Tally Freight is not directed at anyone under 16 and we do not knowingly collect data from anyone under 16.

International data transfer

Data is hosted in the United States through Supabase and Vercel. If you use Tally Freight from outside the United States, you consent to transfer of your data to the United States for processing.

Changes to this policy

We may update this policy. Material changes are announced in-app at least 14 days before they take effect.

Contact

Data requests: privacy@tallyfreight.com. General questions: hello@tallyfreight.com.