TokenTally Privacy Policy

This Privacy Policy explains how TokenTally ("TokenTally", "we", "us") handles personal data in connection with our public website and our commercial/subscription platform (together, the "Site"). By using the Site, requesting installation, or completing checkout, you confirm you have read this Policy. It must be read together with our Terms of Use.

1. The most important point: the self-hosted Software

The TokenTally software is self-hosted. When a customer installs and runs it, any data that the customer or its users provide to, process, store, or generate using the Software ("Customer Data") stays inside the customer's own installation and is never transmitted to, accessed by, received by, or processed by TokenTally.

This Policy therefore covers only the limited "Commercial Data" we collect through the Site.

2. Who we are (controller)

TokenTally is the controller of Commercial Data collected via the Site. Contact: contact@nelio-tech.com. Where required by law, designate your EU/UK representative and Data Protection Officer before production use.

3. Commercial Data we collect

When you interact with the Site, we may collect:

We do not collect, through the Site, any data that a customer processes within its own installation of the Software. Such data never reaches us.

4. Why we use Commercial Data and our legal bases

PurposeLegal basis (GDPR Art. 6, where applicable)
Create and manage subscriptions, licenses, invoices, and installation requestsPerformance of a contract / steps prior to a contract
Deliver the purchased downloadsPerformance of a contract
Record and prove acceptance of the Terms and this PolicyLegal obligation; legitimate interests (evidence, fraud prevention)
Secure the Site and prevent abuseLegitimate interests (security)
Respond to enquiries and provide supportLegitimate interests / contract
Comply with legal, tax, and accounting obligationsLegal obligation

Where we rely on legitimate interests, you may object (see Section 9). We do not use Commercial Data for advertising profiling and we do not sell it.

5. Cookies and local storage

The Site does not use third-party advertising or tracking cookies. It stores a small amount of data in your browser (local storage) for functionality, such as your language preference and your purchase confirmation details. You can clear this at any time in your browser. Any strictly necessary or analytics storage we add will be disclosed and, where required, consented.

6. Sharing and disclosure

We share Commercial Data only with: (a) service providers that host or support the Site (such as infrastructure, email, and, where connected, a payment processor), under confidentiality and data-processing terms; (b) professional advisers, auditors, or authorities where legally required; and (c) a successor in a merger, acquisition, or asset sale, subject to this Policy. We do not sell personal data and do not share it for cross-context behavioral advertising.

7. International transfers

If Commercial Data is transferred across borders, we use a lawful transfer mechanism (such as the EU Standard Contractual Clauses or an adequacy decision) where required.

8. Retention

We keep Commercial Data only as long as necessary for the purposes above: subscription, license, invoice, and acceptance records for the life of the relationship and for the period required by tax, accounting, and limitation laws; technical and delivery records for a shorter operational period; and then we delete or anonymize it.

9. Your rights

Subject to applicable law (including the EU/UK GDPR, the CCPA/CPRA, PIPEDA, Morocco Law 09-08, and others), you may have the right to: access your data; correct or update it; delete it; restrict or object to processing; receive a portable copy; withdraw consent at any time (without affecting prior processing); and lodge a complaint with your supervisory authority. California residents may exercise CCPA/CPRA rights, including to know, delete, correct, and opt out of "sale"/"sharing" — note that we do not sell or share personal data as those terms are defined. To exercise rights regarding Commercial Data, contact contact@nelio-tech.com. For data inside a customer installation, contact the relevant customer (employer), which is the controller.

10. Security

We apply reasonable technical and organizational measures to protect Commercial Data. No method of transmission or storage is fully secure; we cannot guarantee absolute security.

11. Children

The Site and Software are for businesses and are not directed to children, and we do not knowingly collect children's data through the Site.

12. Changes

We may update this Policy. The current version and effective date are published on the Site; material changes take effect on publication, and your acceptance is required again at the next download.

13. Language

This Policy is published in English and may be offered in other languages for convenience. In case of conflict, the English version prevails to the maximum extent permitted by applicable mandatory local law.