When you sync Tally to your workspace, the information flowing in is not only about you. Vouchers, ledger entries, and master records also contain names, contact details, and transaction history of your customers, suppliers, and employees. This page explains how we look after that information on your behalf. It is meant to be read by a person, not by a lawyer.
The product is operated by Ryon, a sole proprietorship registered in India (GSTIN 36AVBPV6074H1Z7, office at 4th Floor, 6-3-456/A/20/402, Maruthi Grandeuer Apartments, Behind Model House Lane, Dwarkapuri Colony, Hyderabad, Telangana 500082).
1. Whose information shows up here
Two groups. The first is you and any teammate you invite. The second is anyone whose name appears in the accounting data you upload. That typically means the people behind your customer ledgers, supplier ledgers, and salary entries. If you run an accounting firm, it also includes the same people for each of your clients whose books you upload.
2. What flows in
From the people who sign in, we receive the items in section 2 of the Privacy page. From your accounting records, we receive whatever Tally exports for the companies you choose to sync. That includes contact identifiers such as name, email, postal address, and phone where they exist on a ledger, plus the financial transaction detail present in vouchers, ledger entries, masters, GST returns, the trial balance, profit and loss, balance sheet, and stock summary.
We do not expect health records, biometric records, or any other special category of information to be in your books. If a ledger entry you upload happens to contain something like that, please check that you are allowed to keep it and that you are allowed to upload it.
3. How long it stays
The information stays as long as you are using the product. When you close the account, we hold it for thirty days so you can change your mind. After thirty days the workspace database is deleted and the related account records are removed. The audit log is kept for between twelve and thirteen months to satisfy Indian record-keeping rules, and is removed after that.
4. What we do with it
We use the information only to do what you ask. The portal commands you click, the configuration you set, and the questions your connected AI clients send all act as your instructions. We do not use the contents of your workspace to train any model, to look up analytics for our own purposes, or to share with anyone we have not listed at /policy/sub-processors.
5. Who can see it
Your workspace database is encrypted at rest. Opening it needs a key. The key lives inside our infrastructure so the product can do its job, and never leaves it. Privileged actions on your workspace, including any direct query from a connected AI client and any export you run yourself, write a row in the audit log.
Where someone on our team needs to look at something to answer a support request from you, that access is logged the same way. The audit log is part of the copy you can download from Account closure.
6. How we keep it safe
We use the practices on the Security page. Every database file is encrypted with SQLCipher and a per-workspace key, every request uses modern TLS, every token is hashed before storage, and every workspace lives in its own file with its own permissions on disk. We also stress-test workspace isolation in our own test suite so accidental leakage is caught before release.
7. External services we use
We use a small number of services to run the product. The full list, what each one receives, where each one is located, and the safeguards they publish are at /policy/sub-processors. If we plan to add a new one, we publish the change on that page before it goes live. If something on the list does not work for you, write to us and we will discuss alternatives.
8. Where it stays
The main store of your workspace information is on a server located in India. We do not plan to move it. A small number of the external services on the sub-processors page sit outside India and we pick providers who publish their own safeguards before connecting.
9. If a customer of yours asks about their information
You are the right person to answer questions from people in your books. If one of your customers contacts us directly, we will point them back to you, except where the law requires us to answer ourselves. We will help you with what you need, including reading what we hold or removing a record, on a reasonable request through [email protected].
10. If something goes wrong
We follow the practices on the Security page and we keep improving them. No system anywhere is ever completely safe though. If we become aware of an incident that affects your workspace, we will let you know. We do not accept responsibility for incidents that happen on infrastructure we do not run, for the behaviour of the AI clients or third-party services you choose to connect, for force majeure events, or for indirect costs such as lost business or lost goodwill that may follow.
11. When you leave
When you close your account, the workspace database and the related account records are deleted after the thirty-day grace period. You can ask us to delete sooner. The audit log stays for the minimum record-keeping window described in section 3 and is then removed.
12. Talk to us
Any question about this page goes to [email protected].