Cost CalculatorROI CalculatorPricingBlog
Log inJoin Waitlist

Privacy Policy

Last updated: March 2026

Tolly, Inc. ("Tolly", "we", "us", or "our") operates the trytolly.ai website and the Tolly meeting cost intelligence platform, including browser extensions, calendar add-ins, and associated services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, job title, company name, and password when you create an account.
  • Organization Information: Company size, department structure, cost approach preferences, and team configuration.
  • Payment Information: Billing address and payment method details (processed securely by Stripe; we do not store full credit card numbers).
  • Communications: Information you provide when contacting support, completing surveys, or joining our waitlist.

1.2 Information Collected Automatically

  • Calendar Metadata: Meeting titles, durations, attendee lists, recurrence patterns, and organizer information from connected calendar services (Google Calendar, Microsoft Outlook). We do not access meeting content, notes, recordings, or attachments.
  • Usage Data: Pages visited, features used, interaction timestamps, browser type, device information, and IP address.
  • Extension Data: For Chrome extension users, meeting cost overlay interactions and calendar page visit frequency.

1.3 Information from Third Parties

  • Calendar Providers: Calendar event metadata via Google Calendar API and Microsoft Graph API.
  • SSO Providers: Authentication data when you sign in via Google or Microsoft SSO.

2. How We Use Your Information

  • Provide the Service: Calculate meeting costs, generate reports, dashboards, and intelligence insights.
  • Improve the Service: Analyze usage patterns to enhance features, performance, and user experience.
  • Communications: Send transactional emails (welcome, invitations, password resets), weekly digests, and product updates.
  • Billing: Process payments, manage subscriptions, and send invoices.
  • Security: Detect, prevent, and respond to fraud, abuse, and security incidents.
  • Aggregated Insights: Create anonymized, aggregated benchmarks and industry reports that do not identify individual users or organizations.
  • Legal Compliance: Comply with applicable laws, regulations, and legal processes.

3. How We Share Your Information

We do not sell your personal information to third parties. We share your information only in the following circumstances:

  • Within Your Organization: Meeting cost data and reports are shared with other members of your organization according to your organization's configured access controls and role-based permissions.
  • Service Providers: We use third-party services to operate the platform (see Section 5). These providers access your data only to perform services on our behalf and are contractually obligated to protect your information.
  • Legal Obligations: We may disclose information if required by law, subpoena, or government request, or to protect our rights, safety, or property.
  • Business Transfer: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change.

4. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Essential Cookies: Maintain your session, remember preferences, and ensure the Service functions properly.
  • Analytics Cookies: Understand how the Service is used and identify areas for improvement (via PostHog).

You can control cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the Service.

5. Third-Party Services

We use the following third-party services to operate the platform:

ProviderPurposeData Shared
SupabaseDatabase, authentication, and storageAccount data, meeting metadata, application data
StripePayment processingBilling information, payment method details
ResendTransactional email deliveryEmail address, name, email content
PostHogProduct analyticsUsage events, page views, anonymized interaction data
VercelHosting and deploymentServer logs, IP addresses

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specific retention periods include:

  • Account Data: Retained while your account is active and for 30 days after account deletion.
  • Meeting Data: Retained according to your organization's configured retention policy (default: 24 months of historical data).
  • Usage Logs: Retained for 12 months for analytics and security purposes.
  • Billing Records: Retained for 7 years as required by financial regulations.

You can request deletion of your data at any time by contacting us at privacy@trytolly.ai.

7. Your Rights Under GDPR (European Users)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to Restrict Processing: Request that we limit how we use your data.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.

To exercise these rights, contact us at privacy@trytolly.ai. We will respond within 30 days. Our legal basis for processing is contractual necessity (to provide the Service), legitimate interests (to improve the Service and ensure security), and consent (for optional communications).

8. Your Rights Under CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

  • Right to Know: Request information about the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
  • Right to Opt-Out of Sale: We do not sell personal information. No opt-out is necessary.

To exercise these rights, contact us at privacy@trytolly.ai or use the "Data & Privacy" section in your account settings. We will verify your identity before processing any request.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit (TLS 1.2+) and at rest.
  • Row-level security (RLS) policies ensuring data isolation between organizations.
  • Regular security assessments and vulnerability testing.
  • Access controls and audit logging for internal systems.
  • Employee training on data protection and security best practices.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We encourage you to use strong, unique passwords and enable multi-factor authentication.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@trytolly.ai.

11. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws different from those in your jurisdiction. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, when transferring data internationally.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will also send an email notification to the address associated with your account.

Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Tolly, Inc.

Privacy inquiries: privacy@trytolly.ai

General support: support@trytolly.ai

Website: trytolly.ai