Tally Academy — Privacy Policy

Last updated: December 2, 2025 · App package: com.tallyacademy · Current version: 1.0 (1)

This Privacy Policy explains how Tally Academy (the "App"), its mobile applications, and related services collect, use, disclose, and protect your information. By using the App you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Personal & Authentication Data (Collected & Stored)

• Student ID (e.g., "COLL-2025-12345")
• Full name
• Phone number (including "+91" country code for India)
• Email address (if provided)
• Login credentials (student ID and password) — stored locally in encrypted form
• Course ID, student type (guest/registered/franchise), certificate status

1.2 Enquiry & Form Data

When you submit an enquiry through the app we collect:

• Name
• Email
• Phone number
• Selected franchise/location
• Enquiry message

1.3 App & Device Data

• App version and build info
• Basic device metadata (platform, screen dimensions, Android/iOS version) used for compatibility
• Network connectivity state (online/offline) for app behavior

2. Permissions Requested

• INTERNET — Required for API calls, content loading, and interaction with backend services.
• VIBRATE — Optional, used for haptic feedback during user interactions.
• READ/WRITE_EXTERNAL_STORAGE / MANAGE_EXTERNAL_STORAGE — Used to download and cache PDF e‑books and other files for offline access (required for offline content access). Not used for side-loading or app updates; Play Store handles updates.

3. How We Store Your Data

Local storage in the app uses industry-standard encryption:

• EncryptedStorage (react-native-encrypted-storage) — stores userData, isLoggedIn, and loginCredentials encrypted at rest.
• Android: AES encryption with keys stored in the Android Keystore (hardware-backed where supported).
• iOS: Data stored in the iOS Keychain.
• Cached files (PDFs, images) kept in device cache or file system to enable offline access; cached files may remain until app uninstall or explicit cache cleanup.

4. Transmission & External APIs

• All API calls to Tally Academy backend servers are made via HTTPS (TLS/SSL).
• Authentication endpoints accept student_id/username and password (POST) and return profile information on successful authentication.
• Certificate and ID card endpoints may return PDFs and may require authentication (student_id/password).
• The app uses Google Docs Viewer to display some PDFs; PDF URLs may include the student_id in query parameters — those URLs are loaded by Google and may be subject to Google's privacy policies.

5. Third‑Party Services & CDNs

We rely on a small set of third‑party software and services for functionality (no analytics or advertising services are used):

• React Native and common open-source libraries (no data collection by these libraries themselves).
• Google Play Services — used only for in-app update notifications (no analytics from our side).
• Google Docs Viewer (docs.google.com/gview) — used to render PDFs in a WebView. Using this service may send PDF URL and metadata to Google.
• CDNs (Cloudflare) for serving some JavaScript libraries for the flipbook feature; CDNs may collect standard request metadata (IP, user agent).

6. Analytics, Logging & Tracking

The app does not include third-party analytics (e.g., Firebase Analytics, Google Analytics, Facebook Analytics) or advertising networks. Console logging is used only for development/debugging and is not transmitted to our servers.

7. How We Use Your Data

• Authenticate and authorize access to protected content (certificates, ID cards, job portal).
• Provide course materials, e-books, and offline access.
• Respond to enquiries and communicate about enrolment, support, and account issues.
• Support job portal functionality for certified students.
• Provide mandatory update prompts via Google Play Store.

8. Data Sharing & Disclosure

• We share personal data with our backend servers to provide app functionality.
• We do not share personal data with advertising networks, analytics companies, data brokers, or marketing companies.
• PDFs displayed via Google Docs Viewer are subject to Google’s privacy practices.
• CDN providers (e.g., Cloudflare) may process IP address and user agent for requests to their servers.

9. Data Retention & Deletion

• Local data: Encrypted local data and cached files remain on the device until logout, cache cleanup, or app uninstall.
• Server data: Retention policies for server-side data are governed by Tally Academy backend systems — not available inside the app. To request deletion or export of server-side data, contact Tally Academy (contact details below).
• Logout: The app’s logout function clears local encrypted storage keys: userData, isLoggedIn, and loginCredentials. Cached files may require manual cleanup or uninstall to remove.

10. Your Rights & Controls

• Access: You can view your profile data inside the app.
• Rectification: To correct or update your data, contact Tally Academy via the website or phone.
• Deletion: To request deletion of your account and server‑side data, contact Tally Academy (details below). Local data can be removed by logging out and uninstalling the app.
• Withdraw consent: For processing based on consent, you may withdraw consent by contacting us; this may limit app functionality.
• Data portability: To request a copy of your data, contact Tally Academy; export functionality is not available in-app at this time.

11. Sensitive Data Handling & Security

• Passwords and login credentials are stored encrypted using platform mechanisms (Android Keystore / iOS Keychain) via react-native-encrypted-storage.
• All network communications with backend APIs use HTTPS to encrypt data in transit.
• On sensitive screens (certificate or ID display), screenshots are prevented using native FLAG_SECURE behavior where supported.

12. Children’s Privacy

The App does not implement age verification or parental consent flows. The App is designed for students and educational use. If you are a parent or guardian and believe your child’s information has been collected, contact us to request deletion.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide notice in the App or via the contact information on our website. The policy's "Last updated" date at the top will reflect the effective date.

14. Contact & Data Requests

To make data access, deletion, export, or other privacy-related requests, or if you have privacy questions, please contact Tally Academy:

• Website: https://tallyacademy.co/
• Enquiries endpoint: /enquiries_submitted.php (used by the app) — please use the website contact form or phone listed on our website.
• Phone: Available on the website.

15. Developer & App Information

Tally Academy mobile app (package com.tallyacademy) — current build: 1.0 (versionCode: 1). App update checks are managed exclusively by Google Play Store via Google Play In-App Updates API.

---

This Privacy Policy was last updated onDecember 2, 2025