Privacy Policy
Last updated: May 28, 2026 Effective date: May 28, 2026
This Privacy Policy explains how Tallify (“we”, “our”, “the app”) collects, uses, shares, and protects your personal information when you use the Tallify mobile application and the website at tallifyapp.com.
Tallify is operated by Milan Santosh Mishra, based in India. If you have any questions about this policy or your personal data, email us at [email protected].
By using Tallify, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the app.
1. Who we are
Tallify is a height-growth companion app for people aged 13 and older. We provide a personalized nutrition plan, an exercise program, sleep guidance, progress tracking, an AI coach, and an optional community feed — all designed to help users work toward their height potential.
Data controller: Milan Santosh Mishra, India. Contact: [email protected]
2. What information we collect
We only collect what we need to personalize your plan and run the app. We do not sell your data, and we do not share it with advertising networks or data brokers.
2.1 Information you provide during onboarding
When you sign up and complete the onboarding flow, you share:
| Category | Examples |
|---|---|
| Account identifiers | Email address, password (stored hashed by our auth provider). If you use Sign in with Apple, your identity token plus your full name on first sign-in (or Apple’s private relay address if you choose “Hide My Email”). If you use Continue with Google, your identity token plus your Google email and display name. |
| Demographic data | Date of birth, gender, ethnicity |
| Body measurements | Current height, current weight, foot size |
| Family information | Mother’s height, father’s height, information about taller relatives |
| Lifestyle inputs | Sleep hours, weekly activity level, diet quality, diet type, allergies, dislikes |
| Sensitive puberty indicators (13–25 users) | Facial hair stage, acne level |
| Goal | Dream height target |
If you sign in with Apple and choose “Hide My Email,” Apple gives us a private relay address (@privaterelay.appleid.com) instead of your real email. Any email we send you is forwarded by Apple to your real address; we never see it directly.
2.2 Information generated as you use the app
As you use Tallify day-to-day, we log:
| Category | Examples |
|---|---|
| Progress tracking | Meals you mark as eaten, exercises you complete, sleep habits checked, sleep rating, daily habits checklist |
| Height and weight history | Every height log you save, every weight log you save, the date of each measurement |
| Derived health metrics | Calculated BMR, TDEE, growth surplus, BMI, daily calorie and macro targets, Growth Score |
| Community activity (if you post) | Chosen username, posts, comments, likes, reports you submit, users you block |
| Subscription status | Whether you are on a trial, monthly, or 6-month plan; trial start and end dates |
| AI interactions | Messages you send to the Tallify AI coach and the Meal Planner AI, including ingredient lists. The Tallify AI coach also receives a snapshot of your current profile (age, current height, dream height, gender, sleep hours, diet quality self-rating, workout frequency, growth-window status, and a reference to your stored predicted-height range — the literal number is not sent to the model) as part of every prompt so its responses are grounded in your real numbers. The text of any community post or comment you draft is sent to Anthropic Claude (Haiku) for safety screening before publication — see Section 3 below. |
2.3 Technical information
Like most apps, we automatically collect some technical data when you use Tallify:
- Device operating system and version
- App version
- Approximate IP address at the time of API calls (used by our infrastructure for rate limiting and anti-abuse)
- Timestamps of your activity
- Anonymized crash reports and performance traces sent to Sentry (Functional Software, Inc.). We do not attach your email or full name to these reports; the only identifier is your anonymous Supabase user ID so we can tell whether one user is hitting many crashes or many users are hitting one. Stack traces, device model, OS version, and the screen you were on when the crash happened are included.
We do not use third-party advertising SDKs and we do not track you across other apps or websites. Sentry is used for crash + performance diagnostics only — not behavioral analytics.
2.4 Photos
If you tap “Share progress card,” the app saves the generated image to your device’s photo library. This only happens when you explicitly request it, and the image never leaves your device unless you share it yourself.
2.5 Push notifications (coming in a future update)
When push notifications ship in a future release, enabling them in Settings will let us send reminders for meals, workouts, bedtime, and weekly progress. You will be able to turn them off at any time in Settings or in your device’s system settings. The current build does not send any push notifications.
3. How we use your information
We use your data only for the purposes listed below:
- To build your personalized plan. Your body measurements, demographic data, lifestyle inputs, diet preferences, and goals are fed into our nutrition engine and exercise program to generate a plan tailored to you.
- To track your progress. Height logs, weight logs, meal logs, exercise logs, and sleep logs power the progress charts, the Growth Score, streaks, achievements, and the Journey screen.
- To personalize AI responses. When you chat with the Tallify AI coach, your current profile (age, height, sleep, diet, gender, workout frequency, dream height, growth-window status, and a reference to your stored predicted-height range) is included in the prompt so the response is grounded in your real numbers. The literal predicted-height number is intentionally NOT sent to the AI to prevent it from quoting specific future-height predictions as if they were guaranteed. The Meal Planner AI receives only your diet type, allergies, dislikes, and the ingredients you enter — not your full profile.
- To run the community feed. If you choose to post, your username, post text, comments, and likes are visible to other Tallify users.
- To manage your subscription. Your trial and subscription status is used to determine whether you have access to the app.
- To communicate with you. We may email you at the address on your account about important account or service changes. We do not send marketing emails.
- To keep the app secure. We use IP address and activity timestamps to detect abuse and protect the service.
- To comply with law. We may process your data where required to comply with a lawful request from a government authority.
4. Legal basis for processing (for users in the EU/UK)
If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR:
- Performance of a contract — to deliver the app services you signed up for.
- Legitimate interests — to keep the app secure and improve the product.
- Consent — for push notifications and for writing images to your photo library. You can withdraw consent at any time.
- Legal obligation — to comply with tax, consumer protection, and other applicable laws.
5. Who we share your information with
We do not sell your personal information. We share it only with the third-party service providers listed below, and only to the extent necessary to operate the app.
| Provider | What they receive | Why | Location |
|---|---|---|---|
| Supabase, Inc. | Account email, onboarding data, logs, community posts, comments, likes | Cloud database, authentication, real-time sync | United States |
| Anthropic PBC (Claude API) | The contents of your AI chat messages (with a profile snapshot), Meal Planner AI prompts (your ingredients + diet type, allergies, and dislikes), and community-post-moderation text drafts | To generate AI responses and to screen community posts for safety violations before publication | United States |
| RevenueCat, Inc. | Anonymous user identifier, subscription status, trial state | Subscription management, entitlement checks | United States |
| Apple, Inc. (Sign in with Apple) | Apple-issued identity token; your full name on first sign-in; relay email if you choose “Hide My Email” | Authentication only | Apple-controlled (United States / Ireland) |
| Apple, Inc. (App Store) | Your purchase if you subscribe via the App Store | Payment processing, subscription management | United States / Ireland |
| Google LLC (Sign-in) | Google-issued identity token; your Google email and display name | Authentication only | United States |
| Google LLC (Google Play) | Your purchase if you subscribe via Google Play | Payment processing, subscription management | United States |
| Sentry (Functional Software, Inc.) | Anonymized crash reports and performance traces (anonymous user ID only — no email, no full name, no IP) | Crash diagnostics and performance monitoring | United States |
| Expo, Inc. | App crash reports and basic telemetry (aggregated) | App delivery and diagnostics | United States |
| Cloudflare, Inc. | Proxied request metadata between the app and Supabase (the Worker forwards traffic transparently because some Indian ISPs DNS-block Supabase directly) | Network reliability in India | Global edge (Cloudflare-controlled) |
We never share your data with advertising networks, analytics brokers, or resellers. We do not share your community posts with anyone outside Tallify, other than the community feed that is visible to other Tallify users.
We do not handle your payment card information
When you subscribe, the transaction happens directly between you and Apple or Google. Tallify and RevenueCat only receive a confirmation that a valid subscription exists — we never see your card number, CVV, or billing address.
6. International data transfers
Tallify is operated from India. The third-party providers listed in Section 5 — Supabase, Anthropic, RevenueCat, Apple, Google, Sentry, Expo, and Cloudflare — host their infrastructure in the United States and other regions outside India.
This means that when you use Tallify:
- Your account data is stored on Supabase servers in the United States.
- Your AI chat messages and community-post screening text are sent to Anthropic Claude servers in the United States for processing.
- Your subscription status is stored with RevenueCat in the United States.
- Your anonymized crash reports are sent to Sentry servers in the United States.
- If you sign in with Apple or Google, your identity token is verified by their authentication servers (Apple-controlled / United States).
By using Tallify, you consent to this international transfer of your data. Where required by the Indian Digital Personal Data Protection Act, 2023 (DPDP Act), the EU General Data Protection Regulation (GDPR), or similar laws, we rely on standard contractual clauses and the providers’ own transfer mechanisms to protect your data.
7. How long we keep your data
We retain your data for as long as your account is active. If you delete your account, we remove your data from our active systems within 30 days. Backups are rotated out within 90 days of account deletion.
Some data may be retained longer where required by law (for example, tax records related to your subscription).
AI chat messages sent to Anthropic Claude are processed in real time to generate a response. Per Anthropic’s API privacy commitments, API inputs and outputs are not used to train Anthropic’s models. They may be retained for up to 30 days for abuse monitoring and Trust & Safety purposes, after which they are deleted. See Anthropic’s privacy policy for the current terms.
8. How we protect your data
- All data transmitted between the app and our servers is encrypted in transit using TLS.
- Data stored in Supabase is encrypted at rest.
- Access to your data is protected by per-user Row Level Security policies — other Tallify users can only see what you have chosen to post publicly.
- Passwords are never stored in plain text; they are hashed by Supabase Auth.
No system is perfectly secure. If we ever detect a security incident that affects your personal data, we will notify you in accordance with applicable law.
9. Your rights
Depending on where you live, you may have the following rights over your personal data:
| Right | What it means | How to use it |
|---|---|---|
| Access | Request a copy of the data we have about you | Email [email protected] |
| Correction | Fix inaccurate data | Edit it in the app, or email us |
| Deletion | Have us delete your account and data | Settings → Delete account |
| Portability | Get your data in a portable JSON format | Email [email protected] |
| Objection | Object to certain processing based on legitimate interests | Email [email protected] |
| Withdraw consent | Turn off features that rely on consent, like notifications | Settings or device settings |
| Complain to a regulator | File a complaint with your data protection authority | See your local authority’s website |
These rights apply under the GDPR (EU/UK), CCPA/CPRA (California), and the DPDP Act, 2023 (India). We will respond to verified requests within 30 days.
California residents
If you are a California resident, the California Consumer Privacy Act (CCPA) gives you the rights listed above, plus the right to opt out of the “sale” of personal information. Tallify does not sell personal information, so there is nothing to opt out of.
10. Children’s privacy
Tallify is intended for users aged 13 and older. We collect date of birth during onboarding and do not knowingly allow accounts for users under 13.
If you are a parent or guardian and you believe your child under 13 has created a Tallify account, please email [email protected] with the account email. We will delete the account and all associated data within 30 days of verifying your request.
For users aged 13 to 17, we recommend using Tallify with the knowledge and support of a parent or guardian. The predictions and recommendations in the app are for guidance and education — not medical advice.
11. Third-party links
The app and website may contain links to third-party websites (for example, to open the App Store to manage your subscription). This Privacy Policy does not apply to those third-party sites. We encourage you to read their privacy policies before sharing information with them.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top and, where required, notify you in the app or by email. Your continued use of Tallify after changes take effect means you accept the updated policy.
13. Contact us
If you have any questions, requests, or complaints about this Privacy Policy or your personal data, please contact:
Milan Santosh Mishra Email: [email protected] Website: tallifyapp.com
We aim to respond to all privacy requests within 30 days.