MyTally
Get MyTally

Last updated · 13 June 2026

Privacy Policy

This policy explains what personal data MyTally collects, why, how it is protected, and the rights you have. It is written to align with the Nigeria Data Protection Act (NDPA) 2023 and the Nigeria Data Protection Regulation (NDPR). MyTally is the data controller for the information described here. For any privacy request, contact support@mytally.xyz.

The data we collect

  • Account details: your email address and display name.
  • Financial records you create: accounts, balances, transactions, categories, budgets, goals, debts, and subscriptions.
  • Email-alert data (only if you enable auto-tracking): transaction details extracted from bank alerts you forward to your MyTally address — such as amount, date, narration, the bank name, and the last 4 digits of an account. We do not store the raw forwarded emails.
  • Documents you import: statements or receipts you upload for transaction extraction.
  • Limited technical data needed to run the app reliably (for example, app and device basics and error diagnostics).
  • We do not collect your bank login, card numbers, card PIN, BVN, OTPs, or full account numbers, and we never ask for them.

Why we use it (lawful basis)

  • To provide the service you asked for — recording, categorising, syncing, and planning your finances — on the basis of our agreement with you.
  • For email auto-tracking and document import, on the basis of your explicit consent, which is recorded when you turn the feature on and which you can withdraw at any time.
  • To keep the app secure and working, and to respond to support requests, on the basis of our legitimate interest in providing a safe, reliable product.
  • We use the minimum data necessary and do not sell your personal data or use your financial details for advertising.

How email auto-tracking handles your data

You forward copies of your bank alerts to a private, unguessable address using a rule in your own email account. We never access your inbox.

Each forwarded alert must come from a known bank domain and pass sender-authentication checks (DKIM/SPF). It is parsed the moment it arrives and the raw email is immediately discarded — it is never written to our database.

We keep only the extracted transaction fields, and only to create your transactions. You can revoke your alert address at any time to stop all processing.

Automated document processing

When you upload a statement or receipt, the file is sent securely to a processing service that extracts the transactions and returns them to you for review. Documents are processed only to read the figures and are not used to profile you.

Categorisation suggestions are produced automatically to save you time; you can always change them, and no automated decision has a legal or similarly significant effect on you.

Service providers we use

We share data only with trusted providers that process it on our behalf to run the app: secure cloud hosting and authentication (our database and backend), email routing for the auto-tracking feature, an automated document/text extraction service for imports, and the app-store/update platform.

These providers act on our instructions under data-processing terms and are not permitted to use your data for their own purposes.

Where your data is processed

Our hosting and processing providers may store and process data on servers located outside Nigeria. Where data is transferred across borders, we rely on providers that apply recognised safeguards and appropriate protections, consistent with the NDPA/NDPR. By using the app you are informed of and consent to this processing.

How long we keep it

Your account and financial records are kept for as long as your account exists, so the app works across your devices.

Email-alert drafts awaiting review are deleted automatically (typically within about 90 days), and resolved drafts sooner (around 30 days). Raw forwarded emails are not kept at all.

When you delete your account, your data is permanently removed from our systems as described below.

How we protect your data

Access is restricted to your authenticated account, data is transmitted over encrypted connections, and each user can only access their own records.

No system is perfectly secure, so please use a strong, unique password and protect your device. If we ever become aware of a personal-data breach that poses a risk to you, we will act on it and notify the relevant authority and affected users as required by law.

Your rights

Under the NDPA/NDPR you have the right to access your data, correct it, delete it, restrict or object to certain processing, withdraw consent, and receive a copy of your data in a portable format.

In the app you can: edit your profile and records, export your transactions to a file, withdraw email-tracking consent by revoking your alert address, and permanently delete your account from Profile → Delete Account.

For any other request, email support@mytally.xyz. You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).

Deleting your account

Deleting your account is permanent and irreversible. It removes your account and all associated data from our servers — including accounts, transactions, categories, budgets, goals, debts, subscriptions, learned categorisation, your email alert address, and any pending alert drafts. You would need to create a new account to use MyTally again.

Children

MyTally is intended for adults and is not directed at children. We do not knowingly collect data from anyone under 18. If you believe a child has provided us data, contact us so we can remove it.

Changes and contact

We may update this policy as the app evolves; we will revise the "Last updated" date above and, for significant changes, aim to make them clear in the app.

For any privacy question or data-protection request, contact support@mytally.xyz.