Privacy Policy for Mahalo

Last Updated: February 14, 2026

Contact: support@withmahalo.com

Introduction

Mahalo ("we," "our," or "us") is a voice journaling application that helps you reflect and grow through AI-powered conversations. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and web service.

By using Mahalo, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

Information We Collect

Information You Provide Directly

Account Information:

  • Email address (via Google Authentication)
  • Display name and profile picture (from your Google account)
  • User preferences and settings

Voice and Journal Data:

  • Voice recordings of your journal entries
  • Transcriptions of your voice recordings
  • Text-based journal entries
  • Conversation history with our AI assistant
  • Reflections, intentions, and personal insights you share

Automatically Collected Information

Usage Data:

  • App usage patterns and feature interactions
  • Session frequency and duration
  • Device information (model, operating system, unique device identifiers)
  • Log data and crash reports (via Firebase Crashlytics)
  • Analytics data (via Firebase Analytics)

Technical Data:

  • IP address
  • Browser type and version
  • Time zone and locale settings
  • Mobile network information

How We Use Your Information

We use your information for the following purposes:

Core Service Delivery:

  • Process and transcribe your voice recordings
  • Generate AI-powered responses and insights using Google's Gemini AI
  • Maintain memory and context across your journaling sessions
  • Identify patterns and themes in your reflections
  • Provide personalized conversation starters and prompts

Service Improvement:

  • Analyze usage patterns to improve user experience
  • Debug technical issues and crashes
  • Develop new features and functionality
  • Conduct research and analysis on app performance

Communication:

  • Send service-related notifications
  • Respond to your inquiries and support requests
  • Notify you of updates or changes to our Service

Legal Compliance:

  • Comply with legal obligations
  • Protect our rights and prevent fraud or abuse
  • Enforce our Terms of Service

AI Processing and Data Sharing

Gemini AI Processing

Your journal entries and voice transcriptions are processed by Google's Gemini AI to:

  • Generate conversational responses
  • Extract insights and patterns from your reflections
  • Create personalized memory summaries
  • Provide thoughtful follow-up questions

Important: Your personal journal content is sent to Google Cloud Platform for AI processing. Google processes this data according to their Cloud Privacy Notice and our Data Processing Agreement.

Third-Party Service Providers

We share your information with the following service providers:

Google Cloud Platform / Firebase:

  • Authentication (Firebase Auth)
  • Database storage (Cloud Firestore)
  • Voice storage (Cloud Storage)
  • AI processing (Gemini AI)
  • Analytics (Firebase Analytics)
  • Crash reporting (Firebase Crashlytics)
  • Cloud Functions for backend processing

Data Processing Location: Your data is processed and stored in the us-central region of Google Cloud Platform.

We do not sell your personal information to third parties. We do not share your journal content with third parties except as necessary to provide the Service (e.g., AI processing) or as required by law.

Voice Recording Retention

Voice recordings are retained for 90 days from the date of recording, then automatically deleted. Transcriptions and extracted insights remain in your account unless you delete them or close your account.

This retention period allows you to:

  • Review and replay your original voice recordings
  • Ensure accurate transcription processing
  • Maintain audio backup during the retention window

After 90 days, only the text transcription and AI-generated insights remain.

Data Retention and Deletion

Active Accounts:

  • Journal entries and conversations: Retained until you delete them or close your account
  • Voice recordings: Automatically deleted after 90 days
  • Usage analytics: Retained for 14 months (Firebase Analytics standard retention)

Account Deletion:

When you delete your Mahalo account:

  • All personal data (journal entries, conversations, memories, profile) is immediately and permanently deleted
  • Voice recordings in storage are immediately deleted
  • Your email and authentication tokens are removed from our systems
  • Anonymized analytics data may be retained for service improvement

To delete your account, email support@withmahalo.com or use the account deletion feature in the app settings.

Data Security

We implement industry-standard security measures to protect your information:

  • End-to-end encryption for data transmission (TLS/SSL)
  • Encrypted data storage in Google Cloud Platform
  • Secure authentication via Firebase Auth
  • Regular security audits and monitoring
  • Access controls and authentication requirements

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Your Privacy Rights

Depending on your location, you may have the following rights:

Access: Request a copy of the personal data we hold about you

Correction: Request correction of inaccurate or incomplete data

Deletion: Request deletion of your personal data (right to be forgotten)

Portability: Request a copy of your data in a machine-readable format

Objection: Object to our processing of your personal data

Restriction: Request restriction of processing your personal data

Withdrawal of Consent: Withdraw consent where we rely on consent to process your data

To exercise these rights, contact us at support@withmahalo.com. We will respond within 30 days.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of sale of personal information (we do not sell personal information)
  • Right to deletion
  • Right to non-discrimination for exercising your rights

European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under GDPR including:

  • Legal basis for processing: Consent and legitimate interests
  • Right to lodge a complaint with your supervisory authority
  • Right to withdraw consent at any time
  • Data Protection Officer contact (if applicable): support@withmahalo.com

Children's Privacy

Mahalo is intended for users aged 13 and older. Users under 18 require parental or guardian consent to use the Service.

We do not knowingly collect personal information from children under 13 without parental consent. If you believe we have collected information from a child under 13 without proper consent, please contact us immediately at support@withmahalo.com and we will delete such information.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction.

By using Mahalo, you consent to the transfer of your information to the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies in our web application:

Essential Cookies: Required for authentication and core functionality

Analytics Cookies: Firebase Analytics to understand how you use our Service

Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings, but disabling certain cookies may limit functionality.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the new Privacy Policy in the app
  • Sending an email notification
  • Displaying a prominent notice in the app

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: support@withmahalo.com

Response Time: We aim to respond to all inquiries within 48 hours.

Legal Basis for Processing (GDPR)

Where GDPR applies, we process your personal data under the following legal bases:

  • Consent: You have given clear consent for processing for specific purposes
  • Contract: Processing is necessary to fulfill our contract with you
  • Legal Obligation: Processing is necessary to comply with the law
  • Legitimate Interests: Processing is necessary for our legitimate interests (service improvement, fraud prevention) and does not override your rights

Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected users within 72 hours of becoming aware
  • Describe the nature of the breach and data affected
  • Provide steps you can take to protect yourself
  • Report to relevant supervisory authorities as required by law

Your Consent

By using Mahalo, you consent to our Privacy Policy and agree to its terms.

Effective Date: This Privacy Policy is effective as of the date listed at the top of this document.