Best practices for protecting sensitive information
Never store sensitive data directly in Tallyfy. Keep it in your secure systems and link to it from your workflows instead. Social Security numbers, credit card details, patient records - none of these belong in task descriptions or form fields.
Recommendations
Store data outside Tallyfy: Confidential info belongs in dedicated secure systems - encrypted databases, your HR platform, or specialized finance software. These systems already have the access controls you need.
Limit access: Only authorized users should reach the secure system where your data lives.
Never paste sensitive details into Tallyfy: Don’t type or paste confidential data into task names, descriptions, or form fields.
Link instead: Add secure links in your Tallyfy task descriptions that point to where the data actually lives.
How to link to sensitive data from Tallyfy
Store your sensitive info securely in your other system first.
Grab a secure link (URL) that lets authorized users access that specific data. Most systems can generate these.
Open the Tallyfy task where you need to reference this data.
In the task description, add your secure link. For example: “Review the customer’s credit application here: [secure link]”
Save the task description.
Your workflow now references the sensitive data without storing it in Tallyfy. The data stays safe in your secure system, and your team can still access it when needed.
Collecting sensitive documents
Need to collect sensitive documents from clients or external users? Use file request links from your document management system. People upload directly to your secure DMS without files ever passing through Tallyfy. This works well for law firms, healthcare providers, and financial services where compliance matters.
Tallyfy integrates with your existing document management system so workflows handle task assignments and timing while your DMS retains full control over document storage and security through file request links that let external users upload directly without needing accounts.
File request links let you collect documents from external people by generating unique upload URLs in your document management system and embedding them into Tallyfy workflow tasks so recipients can upload files directly without needing accounts or seeing other files while your team maintains full control over storage and compliance.
Tallyfy stores uploaded files securely in Amazon S3 with plan-based storage limits ranging from 5GB to 25GB per member and also lets you link to files in external cloud storage services like Dropbox or SharePoint without consuming your quota so most organizations use a hybrid approach where workflow-critical documents live in Tallyfy while collaborative drafts and sensitive files stay in dedicated document management systems.
Tallyfy’s privacy policy outlines how personal information is collected and used and protected while their security documentation at the compliance page details IT infrastructure and data protection measures and operational safeguards.