Privacy Policy

Effective date: 16 September 2025

Last updated: 15 December 2025 (Google Calendar integration)

This Privacy Policy explains how Alexander Zakharov (“we”, “us”, “our”) processes your personal data when you use the malife mobile application and related services.

Controller: Alexander Zakharov, Turmweg 31, 20148 Hamburg, Germany

Email: privacy@malife.app

Target markets: Global

DPO: Not appointed

1. What this policy covers

  • The malife app and any in‑app/website features we operate.
  • It does not cover third‑party websites you may access via links.

We keep this policy clear and practical. Technical terms appear in the Data Flows appendix.

2. Data we process

We only collect what we need to provide the service. We do not sell data or use cross‑app advertising trackers.

Account & Profile

  • What: Name, email address (incl. Apple private relay), avatar, user identifiers.
  • Why: Create your account, authenticate you, sync your data across devices.
  • Source: You; sign‑in providers (Apple/Google).
  • Retention: Until account deletion (see §8).

User Content (synced)

  • What: Life Areas, Projects, Tasks, subtasks, tags, notes, journal entries, calendar events (if Google Calendar is connected).
  • Attachments: Photos/files/docs uploaded by you (per‑file limit 50 MB).
  • Why: Core functionality (organize and sync your content).
  • Storage: Firebase Firestore (data) & Firebase Storage (files) in EU region (eur3).
  • Retention: Until you delete items or delete your account.

Focus Timer History

  • What: Session durations, streaks, timer preferences.
  • Why: Provide focus features and statistics.
  • Retention: Until deletion or account closure.

Voice Input (dictation)

We use Apple’s Speech framework to transcribe your voice when you add tasks by voice. Where supported on your device/locale, we require on-device recognition so audio does not leave your device. If on-device recognition isn’t supported, iOS may request your permission to use network-based recognition provided by Apple, in which case Apple may process your audio as an independent controller under its own privacy terms (see Siri & Dictation settings). We do not store raw audio; it is used ephemerally for transcription.

  • AI parsing: After transcription, we may send the task text only (never audio, journals, or attachments) to our AI provider to extract fields (see §5).
  • Controls: You can disable speech recognition at Settings → Privacy & Security → Speech Recognition; “Improve Siri & Dictation” may allow Apple to retain samples if you opt in.

Google Calendar Integration (Optional)

If you choose to connect your Google Calendar:

  • What: Calendar event data (titles, times, descriptions, locations, attendees), calendar list info, sync tokens.
  • Why: Display your calendar events alongside tasks to help you see your full schedule.
  • Access scope: Read-only (calendar.readonly) — we cannot modify your calendar.
  • Storage: Events cached locally on your device in SQLite for offline viewing. Sync preferences stored in app settings.
  • Sync window: 30 days past, 90 days future.
  • Provider: Google Calendar API.
  • Controls: You can disconnect at any time in Settings → Google Calendar. Disconnecting removes all cached calendar data from your device.
  • Deletion: All calendar data (cached events and sync state) is automatically removed when you disconnect or delete your account.
  • Optional: This feature is entirely optional and not required to use the app.

Device Permissions

  • Microphone: Only while you actively use voice input; no background recording.
  • Photos/Camera/Files: Access through system pickers to add attachments; we do not scan your library.
  • Location/Contacts: Not used.
  • Push notifications: Reminders only; no marketing pushes.

Purchases

  • What: Subscription status and product identifiers.
  • Why: Process your in‑app subscription.
  • Provider: Apple In‑App Purchase.
  • Retention: As needed for purchase history, fraud prevention, and tax compliance.

Analytics & Diagnostics

  • What: App usage events (signup/login method, task creation/completion, focus sessions, subscription events), crash reports with stack traces, device/OS information.
  • Why: Understand user activation, improve features, fix crashes, and ensure app stability.
  • Provider: Firebase Analytics & Crashlytics (Google).
  • Privacy measures:
    • IP anonymization: Enabled by default.
    • No PII: Only internal Firebase UID tracked (not personally identifiable).
    • User properties: Feature usage flags (e.g., has_created_task, has_used_focus_timer) for product improvement.
  • Retention: Firebase default (14 months for aggregated analytics, 2 months for raw event data, 90 days for crash reports).
  • Opt‑out: Infrastructure ready for future user opt-out feature.
  • Implementation date: October 15, 2025.

Activation & Retention Tracking

To improve the onboarding experience and understand how users discover value, we track anonymous behavioral milestones:

  • What: Timestamps of first-time actions (e.g., first task created, first project created, first task completed, first voice input used), task creation count, days active per week.
  • Why: Measure product activation, identify successful onboarding patterns, and improve the new user experience.
  • Storage: Firebase Firestore in EU region (eur3) under your user account.
  • Tracking window: Active monitoring during your first 7 days after signup for activation milestones; ongoing for retention metrics (day 2 return, weekly active).
  • Data collected:
    • Activation milestones: 4 timestamps + task count (only during first 7 days)
    • Retention metrics: App open dates, daily active flags
  • No PII: Only internal user ID and anonymous behavioral data.
  • Retention: Activation data is automatically deleted 90 days after your activation window closes. Retention metrics aggregate to Firebase Analytics (14-month retention).
  • Deletion: Automatically removed when you delete your account.
  • Legal basis: Legitimate interests (product improvement) with technical safeguards (anonymization, minimal data collection, automatic deletion).

Sensitive & Children’s data

  • Wellness/health‑like data (mood/sleep/energy check‑ins): Disabled.
  • We do not target minors; the app is intended for 13+.
  • The app is not a medical device and does not provide medical advice.

3. Purposes & legal bases (GDPR)

We rely on these legal bases:

  • Contract (Art. 6(1)(b) GDPR): Provide and improve core app functions; account creation; sync; reminders; purchases.
  • Consent (Art. 6(1)(a)): Optional AI parsing, Google Calendar integration (read-only calendar access), and push reminders where required by your platform settings. You may withdraw consent at any time in settings.
  • Legitimate interests (Art. 6(1)(f)): Security, fraud prevention, debugging, crash analytics, and product improvement analytics. We use Firebase Analytics with IP anonymization and no PII collection to understand feature adoption and improve user experience. We balance these interests against your rights and provide technical measures (anonymization, minimal data collection) to protect your privacy.

We do not process special categories of data (Art. 9 GDPR).

4. Where your data is stored

  • Primary hosting: Google Firebase in EU region (eur3) with encryption in transit and at rest.
  • Access control: Production access is restricted to the controller (Alexander Zakharov) with multi‑factor authentication.
  • Backups & logs: Service backups are managed by the hosting provider. Operational logs are retained for ~30 days.

5. AI features

  • Processing: When you enable AI parsing for tasks, we send the task text only (no attachments or journals) to our AI provider OpenAI to extract structured fields.
  • Minimization: We avoid sending names, emails, or other PII where possible.
  • Retention & training: We request no provider training/retention for this data.
  • International transfer: Requests may be processed in the United States; see §6.

This AI parsing occurs after any Apple transcription and never includes audio.

We currently do not send journal entries or attachments to AI providers.

6. International transfers

When data is processed outside the EEA (e.g., by OpenAI for AI parsing, by Apple/Google during sign‑in/IAP, or by Google Calendar API when you enable calendar integration), we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) and vendor contractual commitments. We also implement technical and organizational measures (encryption, access control, data minimization, local caching).

When network-based Apple transcription is used, processing is performed by Apple pursuant to its terms and may involve international transfers managed by Apple.

7. How long we keep data (retention)

  • User content (tasks, projects, journals, attachments): Kept until you delete items or delete your account.
  • Google Calendar cache (if enabled): Stored locally on your device until you disconnect or delete your account.
  • AI request logs: Up to 7 days.
  • Operational logs: ~30 days.
  • Purchases: As needed for transaction history, chargebacks, and tax law.
  • Backups: Deleted/overwritten on provider schedules; we aim to ensure purge within 30 days after your deletion request from live systems.

If legal obligations require longer retention (e.g., tax), we keep only what’s necessary.

8. Your controls & rights

In‑app controls

  • Data export: Settings → Profile → Export your profile, life areas, projects, tasks, journal entries, and timer settings. Attachments metadata is included; large files can be requested via support.
  • Google Calendar: Settings → Google Calendar → Disconnect. Removes all cached calendar events and sync data from your device immediately.
  • Deletion: Settings → Profile → Delete account. This removes your account and personal data from live systems immediately; provider backups and caches are purged within ~30 days.

GDPR/UK rights

You can request access, rectification, erasure, restriction, portability, or objection via privacy@malife.app. We verify identity and respond within one month. You may lodge a complaint with your local supervisory authority; in Germany, this is your state authority (e.g., Hamburg).

California/US rights

We do not sell or share personal information for cross‑context behavioral advertising. You can request access or deletion at privacy@malife.app.

9. Security

We protect your data with encryption, access controls, multi‑factor authentication, and secure coding practices. If we become aware of a data breach impacting your data, we will notify you and (where required) authorities within 72 hours.

10. Subprocessors (current)

  • Google Firebase (hosting, analytics, crash reporting) — EU (eur3) & global CDN.
  • Google Calendar API (optional calendar integration, read-only access) — Independent controller; processes calendar data when you enable this feature. Events cached locally on your device.
  • OpenAI (AI parsing of task text) — US.
  • Apple (Sign‑In, IAP) — independent controller for purchase/auth flows.
  • Apple (Speech recognition, OS-level) — independent controller when network-based transcription is used; see Apple’s Siri & Dictation privacy disclosures.
  • Google (Sign‑In) — jurisdiction varies by Google.
  • ElevenLabs (voice onboarding, currently inactive) — US.

We maintain an up‑to‑date public list (see Appendix C). We will provide Data Processing Addendums including SCCs where required.

11. No ads & no tracking

  • No third‑party ads.
  • No cross‑app tracking.
  • No data sales.

12. Changes to this policy

We will post updates in‑app and change the “Effective date”. Material changes will be communicated prominently.

Contact: privacy@malife.app