Trust Center

The full detail — what we collect, why, how long we keep it, and who we share it with — lives in our Privacy Policy.

We aren't going to overstate this with badges we haven't earned. Here's what we actually do:

• Encryption in transit. The whole site runs over HTTPS/TLS, so traffic between you and us is encrypted.
• Reputable infrastructure. We host with established cloud providers whose data-center environments are built and independently audited against recognized security frameworks (such as ISO 27001, SOC 2, and NIST standards), and we rely on vetted services for the sensitive parts — for example, payments are handled by Stripe, a PCI-DSS Level 1 provider, so card data never sits on our servers.
• Access control. Access to production systems and customer data is limited to people who need it to operate the service.
• Least data by default. Because our free tools keep data on your device, the most sensitive thing for most people never leaves their browser in the first place.
• Stored data, for accounts. When you create an account and turn on cloud sync (a Pro feature), your saved data lives on the infrastructure above with these same protections — that's the part of the product where we actually hold your data, and we treat it accordingly.
• Responsible disclosure. Found a security issue? Email legal@digitaltallycounter.com and we'll look into it. Please don't publicly disclose until we've had a chance to respond.

An honest note on certifications. Those frameworks describe our providers' infrastructure, and Stripe carries the payment-card compliance. We don't dress that up as something it isn't: the product itself is not certified or audited under NIST, PCI-DSS, SOC 2, ISO 27001, HIPAA, or any other standard, and a subscription — at any price — doesn't make it a "compliant" product or grant you a certification. The tools also aren't built for regulated data (e.g. HIPAA-protected health information). If your organization needs formal security documentation, a data processing agreement, regulated-data handling, or a custom arrangement, get in touch — see "What we build, and how to ask for more" below.

Depending on where you live, you may have rights under laws like the GDPR (Europe/UK), the CCPA/CPRA (California), and POPIA (South Africa). We extend the core of these controls to everyone:

• Access & export. Ask for a copy of the account data we hold about you.
• Correction. Fix information that's wrong.
• Deletion. Delete your account and associated data.
• Opt out of "sale" / "sharing." Use our Do Not Sell or Share My Personal Information page.
• Limit certain uses. Object to or restrict specific processing where the law gives you that right.

To exercise any of these, email legal@digitaltallycounter.com (EU/EEA & UK residents can use eugdpr@digitaltallycounter.com). We'll verify your request and respond within the timeframes the applicable law requires.

We keep our free tools general-purpose on purpose — that's what lets us offer them to so many people. We can't build a bespoke free system for every individual request, and we'd rather be straight with you about that than quietly let requests pile up.

Here's how to get what you need:

• It's a feature lots of people would use? Pro members can submit feature requests that go on our roadmap, and we build what our users need. Create an account to add yours.
• It's specific to your team or organization? We may be able to build a custom system or arrangement for you. Tell us what you're trying to do and we'll see if it's a fit.