Effective Date: August 25th, 2025

At Malukifinlit (“Malukifinlit”, “Maluk”, “we”, “our”, or “us”), we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use and protect it, and the rights you have under the General Data Protection Regulation (GDPR), and other applicable laws.

By using Malukifinlit, you agree to the practices described in this policy.

1. Who We Are — Data Controller Information

Data Controller:

Malukifinlit, Inc.

108 West 13th Street, Wilmington, Delaware 19801, USA

privacy@malukifinlit.com

We are the entity responsible for determining the purposes and means of processing your personal data.

2. Information We Collect

We collect the following types of data to provide and improve our services:

a) Personal Information

  • First and last name
  • Email address
  • Phone number
  • Authentication details (e.g. Google or Apple Sign-In): When you sign in using third-party providers such as Google or Apple, we collect basic authentication details (e.g., your name, email address, and unique user ID) provided by these services. This information is used exclusively to authenticate your identity, personalize your experience, and ensure secure access to your account.

b) Financial Data

  • Transactions (amounts, categories, notes, dates)
  • Budgets and spending goals
  • Income and expenses you enter manually

As part of providing our financial wellness and planning services, Maluk may collect the following user-submitted financial information:

For Financial Diagnosis:

  • Income History: Prior-year income and a high-level breakdown of how it was used (e.g., amounts saved, invested, or donated).
  • Net Worth Details: Total assets and total liabilities as of a date specified by the user.

For the Spending Plan:

  • Planned Finances: Expected income and expected expenses for a 12-month period.
  • Actual Finances: User-tracked actual income and spending over time.

This information is voluntarily provided by users to enable accurate financial insights, planning tools, and personalized guidance through the app.

c) Location Data

  • We may collect and use anonymous location data to enhance the functionality and performance of our services. This data is collected without identifying you personally and is used solely for purposes such as improving user experience, optimizing service delivery, and generating aggregated insights. We do not track your precise location or associate location data with your identity.

You can control location data collection through your device settings at any time.

d) Technical & Device Data

  • IP address (logged automatically by AWS servers for security and troubleshooting)
  • Device type, operating system, app version

e) Cookies & Tracking Technologies

  • Necessary Cookies – for authentication, security, and core functionality.
  • Microsoft Clarity – for anonymized usage insights (heatmaps, session replays, aggregated stats). Sensitive financial or personal data is never recorded.

Opt-Out: You can opt out of Microsoft Clarity by enabling “Do Not Track” in your browser or visiting Microsoft’s opt-out page.

3. How We Collect Data

  • Directly from you: when you sign up or use the app.
  • Automatically: through cookies, technical logs, and anonymized usage analytics.

We do not use third-party advertising trackers or hidden profiling.

4. Where We Store and Process Data

  • Database: AWS RDS (EU-West-1 – Ireland)
  • Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.2 or higher).
  • Access: Restricted to authorized personnel under strict security policies.

Although Malukifinlit Inc. is a US-based company, we ensure that all user data remains physically and logically within the EU.

If access from the United States occurs, such transfers will be performed under Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring a level of protection equivalent to that required under GDPR Chapter V.

All administrative access from outside the EU, including the United States, is limited to authorized Malukifinlit personnel under strict role-based access control and logged for audit purposes.

5. Territorial Scope

Malukifinlit’s services are available globally, with a focus on users in the Middle East, including Jordan. We comply with applicable data protection laws, including the GDPR for EU users and the Jordan PDPL for Jordanian users.

6. How We Use Your Data

We process your data to:

  • Deliver core and personal financial tools (tracking, budgeting, analytics) - We process your data to provide core personal finance tools, including financial diagnosis, budgeting, tracking, and general analytics and insight.
  • Manage your Maluk account and authentication methods.
  • Improve app features and performance.
  • Comply with legal obligations and financial regulations.
  • Detect and prevent unauthorized access or fraud.

7. Legal Basis for Processing

Under GDPR we rely on the following lawful bases:

Data Type Legal Basis
Personal Info (Name, Phone number, Email) Performance of a contract (account creation)
Financial Data Consent (user voluntarily provides the data)
Location Data Consent
Technical Data Legitimate interest (security, improvement)
Microsoft Clarity Legitimate interest (aggregated analytics)
Compliance-related processing Legal obligations

8. Data Retention

  • Active Accounts: We retain your data until you delete it.
  • Backups: Retained for up to 6 months, then securely purged.
  • Inactive Accounts: If you stop using the app without deleting your data, we will retain it for 24 months, after which it may be anonymized or deleted, unless required by law to retain it longer.
  • Legal Obligations: Certain records may be retained for regulatory purposes.

9. Your Rights

You have the following rights under GDPR:

  • Right of Access – Receive a copy of your data.
  • Right to Rectification – Correct inaccurate information.
  • Right to Erasure (“Right to be Forgotten”) – Request deletion.
  • Right to Data Portability – Obtain data in machine-readable format.
  • Right to Restrict Processing – In certain situations.
  • Right to Object – Particularly to analytics or legitimate interests.
  • Right to Lodge a Complaint – With your local supervisory authority.

Contact: privacy@malukifinlit.com to exercise any of these rights.

10. Children’s Privacy

Malukifinlit is not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us and we will delete it.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in technology, regulations, or business practices and services. If we make significant changes, we will notify you by email or through the app.

12. Contact us

If you have any questions about this Privacy Policy or your data rights, you can contact us at:

privacy@malukifinlit.com