Data Retention and Disposal Policy

Mali | Effective: March 20, 2026 | Review cycle: Annually

1. Purpose

This policy defines how Mali collects, retains, and disposes of user data, including financial data retrieved from Teller and other sources, in compliance with applicable data privacy laws (CCPA, GDPR where applicable).

2. Data We Collect

Data Type	Source	Storage Location
Authentication identity (name, email)	Google Sign-In	Firebase Auth
Chat conversation history	User-generated	Firebase Firestore (per-user isolation)
Uploaded financial documents (extracted text)	User upload	AES-256-GCM encrypted blob in Firestore + local IndexedDB
Bank transaction data	Teller API	AES-256-GCM encrypted blob in Firestore + local IndexedDB
Subscription status	Stripe	Firebase Firestore
Usage counters	System-generated	Firebase Firestore

3. Retention Periods

Data Type	Retention Period	Basis
Authentication identity	Duration of account + 30 days after deletion	Service delivery
Conversation history	Duration of account; user can clear at any time	Service delivery / user control
Uploaded financial documents	Duration of account; user can delete at any time	Service delivery / user control
Teller transaction data	Duration of active Teller connection; deleted on disconnect	Service delivery / user control
Encrypted vault blob	Duration of account; deleted on account deletion	Service delivery
Subscription/billing records	7 years	Legal / tax compliance
Audit logs	12 months	Security / compliance

4. User-Initiated Deletion

Users may delete all their data at any time via Settings → "Delete all my data." This action permanently removes:

All conversation history from Firestore
All uploaded document content and encrypted vault blobs
All Teller connection credentials and retrieved transaction data
Usage counters and subscription metadata

Deletion is executed immediately and is irreversible. Billing records are retained per Section 3.

5. Automated Disposal

Teller access tokens are revoked and deleted upon user disconnection of a bank account.
Inactive accounts (no login for 24 months) are flagged for deletion review.
Audit logs are purged after 12 months via automated Firestore TTL rules.

6. Encryption and Disposal Method

All financial data (uploaded documents and Teller transaction data) is encrypted client-side using AES-256-GCM before storage. Upon deletion, both the encrypted blob and the PBKDF2 salt used for key derivation are deleted, rendering any residual data cryptographically unrecoverable.

7. Third-Party Data Processors

Processor	Purpose	Data Shared
Google Firebase / GCP	Infrastructure, auth, database	Encrypted blobs, auth tokens
xAI (Grok)	Primary AI chat and voice processing	Decrypted financial context (per-request, not stored)
OpenAI	Standby fallback AI text-chat processing	Decrypted financial context (per-request, not stored)
Teller	Bank account connectivity	User-authorized bank data
Stripe	Payment processing	Billing information

8. Policy Review

This policy is reviewed annually and updated as required by changes in applicable law or business practices. Users are notified of material changes via email or in-app notice.

9. Contact

For data deletion requests or questions: privacy@toddbsmith.com

Last reviewed: March 20, 2026