Legal
Privacy Policy
Last updated: 25 June 2026
1. Introduction
This Privacy Policy (the "Policy") sets out how Tallo ("Tallo", "we", "us", "our") collects, holds, uses, and discloses Personal Information in connection with the Tallo mobile application (the "App").
Tallo is committed to the responsible handling of Personal Information in accordance with the Privacy Act 1988(Cth) and the Australian Privacy Principles ("APPs") set out in Schedule 1 of that Act.
This Policy is available at talloapp.com.au/privacy and from within the App at any time via Settings → Privacy Policy. By creating an account or using the App, you acknowledge that you have read and understood this Policy.
2. Definitions
In this Policy:
- "Personal Information" has the meaning given in the Privacy Act 1988 (Cth), and includes any information or opinion about an identified individual, or an individual who is reasonably identifiable.
- "Device Data" means information that exists solely on your device and is never transmitted to Tallo's servers.
- "Server Data" means information stored on Tallo's servers, hosted by Google LLC via Firebase.
- "Firebase" means the suite of backend services provided by Google LLC, including Firebase Authentication, Cloud Firestore, and Firebase Storage.
3. Contact Information
Email: info@talloapp.com.au
Website: talloapp.com.au
4. Collection of Personal Information
4.1 Device Data (not transmitted to Tallo)
The following information is stored solely on your device and is not transmitted to Tallo's servers under any circumstances:
- Favourites — products you save as favourites are stored in your device's local storage. Tallo does not receive, access, or hold this information.
- Shopping list — your shopping list is held in application memory for the duration of your session only and is not persisted to any server.
- Loyalty card numbers — if you elect to save a Flybuys or Everyday Rewards card number, it is stored on your device only and is not transmitted to Tallo's servers.
- Camera — the App requests access to your device camera for the sole purpose of scanning grocery barcodes. The live camera feed is not recorded, stored, or transmitted. Only the decoded barcode value is used, and only where you elect to submit a product contribution.
4.2 Server Data (stored on Tallo's servers)
Tallo collects the following Personal Information:
- Account information — upon signing in with Google or Apple, Tallo receives a unique identifier and basic profile information (name and email address) from the relevant provider.
- Recipe ratings — where you submit a star rating for a recipe, that rating is stored in Tallo's database linked to your user identifier.
- Recipe comments — where you submit a comment on a recipe, the comment text and your display name are stored in Tallo's database.
- Feedback and bug reports — content submitted through the in-app feedback form, including any accompanying name or email address.
- Barcode and price contributions — product information you submit to assist in improving the product catalogue.
4.3 Automatically Collected Information
- Authentication identifier — upon sign-in, Tallo receives a unique identifier from your chosen sign-in provider (Google or Apple).
- Anonymous session identifier — prior to sign-in, Firebase generates a randomly assigned installation identifier to enable basic App functionality. This identifier is not linked to your identity.
- Firebase SDK diagnostic data — the Firebase SDK may automatically collect limited technical data including app version, SDK version, and installation identifiers for the purposes of SDK stability. This data is collected by Google LLC pursuant to their own privacy policy and is not accessible to or controlled by Tallo.
4.4 Information Tallo Does Not Collect
Tallo does not collect:
- Precise geolocation data
- Device contacts or media library content
- Payment or financial information
- Health or biometric data
- Browsing history outside the App
- Behavioural profiles or advertising identifiers
5. Use of Personal Information
Tallo collects and uses Personal Information only for the following purposes:
| Purpose | Information used | Storage location |
|---|---|---|
| Authenticating users and enabling App functionality | Sign-in details, anonymous session identifier | Firebase (Google LLC) |
| Displaying community recipe ratings | User identifier, star rating | Firebase (Google LLC) |
| Displaying recipe comments | User identifier, display name, comment text | Firebase (Google LLC) |
| Responding to feedback and bug reports | Name, email address, message content | Email / Firebase (Google LLC) |
| Improving the product catalogue | Barcode and price contribution data | Firebase (Google LLC) |
| Fraud prevention and abuse detection | Account identifier, sign-in provider | Firebase (Google LLC) |
| Firebase SDK stability and performance | Anonymous installation and version data (Google LLC) | Google LLC |
| Compliance with legal obligations | Any relevant information | As required by law |
Tallo does not use Personal Information for advertising, behavioural profiling, or any commercial purpose beyond providing the App.
6. Disclosure of Personal Information
6.1 Third-Party Service Providers
Tallo discloses limited Personal Information to the following third-party service providers solely for the purpose of operating the App:
Google LLC (Firebase)
Firebase Authentication, Cloud Firestore, and Firebase Storage are operated by Google LLC. Personal Information stored in Firebase is subject to Google's privacy policy (policies.google.com/privacy) and Firebase's privacy and security terms (firebase.google.com/support/privacy).
Google LLC (Sign-in)
Where you elect to sign in with Google, Google LLC will transmit your name, email address, and a unique identifier to Tallo pursuant to Google's OAuth 2.0 terms.
Apple Inc. (Sign-in)
Where you elect to sign in with Apple, Apple Inc. may transmit your name and email address (or a private relay email address) to Tallo pursuant to Apple's Sign in with Apple terms.
6.2 No Sale or Commercial Exploitation of Personal Information
Tallo does not sell, rent, licence, trade, or otherwise commercially exploit Personal Information to or with any third party.
6.3 Disclosure Required by Law
Tallo may disclose Personal Information where required to do so by a court order, subpoena, or other lawful authority. In such circumstances, Tallo will disclose only the minimum information required to satisfy that obligation.
7. Cross-Border Disclosure
Google LLC operates infrastructure in multiple jurisdictions, including jurisdictions outside Australia. By using the App, you consent to the transfer and processing of your Personal Information on servers that may be located outside Australia, including in the United States of America.
Tallo takes reasonable steps to ensure that any overseas recipient of Personal Information is subject to privacy obligations that are substantially similar to the Australian Privacy Principles, including by relying on Google LLC's compliance with applicable data protection frameworks.
8. Data Storage and Security
8.1 Device Data
The following information is stored solely on your device and is not held by Tallo:
| Data | Storage mechanism |
|---|---|
| Favourites | Device local storage |
| Shopping list | Application memory (session only) |
| Loyalty card numbers | Device local storage |
8.2 Server Data
The following information is stored on Firebase infrastructure operated by Google LLC:
| Data | Purpose |
|---|---|
| Account information (name, email address, user identifier) | Authentication and App personalisation |
| Recipe ratings | Display of community average ratings |
| Recipe comments | Recipe community functionality |
| Feedback and bug reports | App improvement |
| Barcode and price contributions | Product catalogue improvement |
All data held in Firebase is protected by industry-standard encryption in transit (TLS) and at rest. Administrative access to Tallo's Firebase project is restricted to senior app developers.
Tallo does not aggregate, commercially analyse, or use Server Data for any purpose beyond those stated in this Policy.
9. Retention of Personal Information
| Information | Retention period |
|---|---|
| Account information (name, email address, user identifier) | Until account deletion |
| Recipe ratings | Until account deletion or written request for removal |
| Recipe comments | Until deletion by the user, account deletion, or written request for removal |
| Feedback and bug reports | Up to two (2) years from submission, then deleted |
| Barcode and price contributions | Retained indefinitely as part of the product catalogue |
| Anonymous session identifiers | Until sign-in or uninstallation of the App |
| Firebase SDK diagnostic data | Subject to Google LLC's retention policy |
10. Your Rights
Under the Australian Privacy Principles, you have the following rights:
- Access — you may request access to the Personal Information Tallo holds about you.
- Correction — you may request correction of Personal Information that is inaccurate, out of date, incomplete, or misleading.
- Deletion — you may delete your account and all associated Server Data at any time from within the App via Settings → Delete Account. This action permanently deletes your account information, ratings, and comments from Tallo's servers. Device Data is removed upon uninstallation of the App.
- Complaint — you may lodge a complaint if you believe Tallo has interfered with your privacy.
To exercise any of the above rights, or for assistance with account deletion, contact Tallo at brett@talloapp.com.au. Tallo will respond within 30 days of receipt of your request.
If you are not satisfied with Tallo's response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
- Website: oaic.gov.au
- Phone: 1300 363 992
11. Children
The App is not directed at children under the age of 13. Tallo does not knowingly collect Personal Information from children under 13. If you have reason to believe that a child under 13 has provided Personal Information to Tallo, please contact info@talloapp.com.au and Tallo will take prompt steps to delete that information.
12. Analytics and Tracking
Tallo does not use any third-party analytics services, advertising networks, or behavioural tracking tools. Tallo does not engage in cross-app or cross-website tracking. The only automated data collection in the App is the Firebase SDK diagnostic data described in clause 4.3(c), which is collected by Google LLC and is not used by Tallo for any analytical purpose.
13. Notifiable Data Breaches
In the event of an eligible data breach that is likely to result in serious harm to one or more affected individuals, Tallo will, as soon as practicable:
- notify all affected individuals; and
- notify the Office of the Australian Information Commissioner,
in accordance with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988 (Cth). Tallo will also take immediate steps to contain the breach and prevent further unauthorised access to or disclosure of Personal Information.
14. Changes to This Policy
Tallo may amend this Policy from time to time. The current version is identified by the "Last updated" date at the top of this document. Where an amendment is material, Tallo will notify users within the App prior to the change taking effect. Continued use of the App following notification of an amendment constitutes acceptance of the amended Policy.
15. Governing Law
This Policy is governed by the laws of the State of Victoria, Australia. You submit to the non-exclusive jurisdiction of the courts of Victoria and the federal courts of Australia.
16. Severability
If any provision of this Policy is held to be invalid, unlawful, or unenforceable, that provision will be severed and the remaining provisions will continue in full force and effect.
17. Contact
Operator: TalloApp
Email: info@talloapp.com.au
Website: talloapp.com.au
Jurisdiction: New South Wales, Australia
This Policy is prepared in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles, and the requirements of the Apple App Store and Google Play Store.