Privacy Policy

Effective April 25, 2026

Talli (“we,” “us,” or “our”) makes a household task app designed for families. This policy explains what information we collect, how we use it, and the choices you have. We built Talli with privacy in mind — especially for the children whose accounts are created by their parents or guardians.

1. Information we collect

From all users

• Account identity via Firebase Authentication: email address and authentication provider (Apple, Google, or email/password).
• Profile data: display name and an optional avatar image you choose.
• Push notification tokens (Firebase Cloud Messaging) so we can deliver task and reward notifications.
• Subscription state from Apple StoreKit (transaction id and tier) to unlock paid features.
• Diagnostics: crash reports, performance metrics, and product analytics via Firebase Crashlytics, Performance Monitoring, and Analytics. Disabled for child accounts.

From child accounts

Children do not sign up themselves. A parent or guardian (the family administrator) creates a child account and shares a one-time setup code. Children authenticate with that code — we do not collect a child’s email address or password.

• Display name only.
• Photos a child submits as task verification (stored in Firebase Storage, viewable only by members of the same family group).
• Achievement and streak data.
• We do not enable analytics or crash reporting for child accounts.

2. How we use information

• To operate the app — assigning tasks, awarding points, redeeming rewards, sending notifications.
• To process task verification photos with Google Vertex AI (Gemini) for the sole purpose of scoring task completion. Photos are not used to train AI models, shown publicly, or used for advertising.
• To diagnose bugs and improve performance (adult accounts only).
• To verify subscription entitlements with Apple.

3. How we share information

We do not sell or rent personal information, and we do not share data with advertising networks or data brokers. We share information only with:

• Apple — App Store, Sign in with Apple, and push notification delivery.
• Google / Firebase — Authentication, Firestore, Storage, Cloud Functions, Crashlytics, Analytics, Remote Config, Performance Monitoring, Cloud Messaging, and Vertex AI (Gemini) for image analysis.
• Other members of your household group — by design, your name, avatar, points, achievements, and submitted photos are visible to other members of the family group you join.

4. Children’s privacy (COPPA)

Talli supports child accounts that are created and managed exclusively by an adult administrator. Creating a child account constitutes verifiable parental consent under the Children’s Online Privacy Protection Act (COPPA). Administrators can:

• Review and approve or reject any task submission a child sends, including any submitted photo.
• Delete the child’s photos at any time.
• Delete the child’s account, which removes their profile, tasks, achievements, and submissions.

We do not collect children’s email addresses, phone numbers, geolocation, contacts, or biometric data. Analytics and crash reporting are disabled for child accounts.

5. Photo handling

Photos submitted as task verification are stored in our private database (Firebase Storage) and accessible only to authenticated members of the same family group. Each photo is processed by Google’s Vertex AI (Gemini) to score task completion. Photos are not shared publicly, used for advertising, or used to train AI models. Family administrators can delete photos at any time.

6. Data retention

We retain account data for as long as your account is active. Notifications are automatically deleted after 30 days. You may delete your account in-app at any time, which removes your profile and associated data from our active systems. Backups may persist for up to 35 days for disaster-recovery purposes (Firestore point-in-time recovery).

7. Your rights

Depending on where you live, you may have the right to:

• Access the data we hold about you.
• Export your data — available in-app via the “Export My Data” option.
• Delete your account and associated data — available in-app via the “Delete Account” option.
• Opt out of analytics — adult accounts may disable analytics in Settings; child accounts are opted out by default.

California residents have additional rights under the CCPA / CPRA. EU residents have rights under the GDPR. To exercise any of these rights, email us at privacy@talliapp.co.

8. Security

Talli encrypts data in transit (HTTPS) and at rest. Authentication is enforced for every read and write through Firebase Security Rules and App Check. PINs and authentication tokens are stored in the iOS Keychain. We do our best to protect your information, but no system is perfectly secure.

9. What Talli does not do

• No location tracking.
• No access to contacts, calendars, or messages.
• No third-party advertising or ad networks.
• No selling or sharing of personal data with data brokers.
• No public profiles, friend system, or chat with people outside your household.

10. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you in-app or by email. The “Effective” date at the top of this page indicates when the current version took effect.

11. Contact

Questions about this policy or our privacy practices? privacy@talliapp.co