Last updated: June 6, 2025
Bali ("we", "us", "our") is a personal finance application. This policy explains how we collect, use, and protect your information when you use the Bali app or related services.
We do not sell your personal data. We do not use your financial data for advertising or share it with third parties except as required to operate the service (e.g., transactional email delivery).
Your data is stored in encrypted PostgreSQL databases. Bearer tokens and magic-link tokens are stored as SHA-256 hashes — raw tokens are never persisted. Sessions expire after 30 days of inactivity.
You may delete your account at any time from within the Bali app. Deletion permanently removes all financial data, sessions, and linked identities. Your profile record is anonymised (email and name removed) and retained only as an internal reference.
Depending on your jurisdiction you may have rights to access, correct, or delete your personal data. To exercise these rights, contact us at privacy@usebali.com.
Bali is not directed at children under 13. We do not knowingly collect personal data from children.
We may update this policy from time to time. The updated version will be posted at this URL with a revised "Last updated" date.
Questions? Email us at privacy@usebali.com.