MEMWAMIND LLC PRIVACY POLICY

MEMWAMIND LLC ("MemwaMind," "we," "us," or "our") operates the MemwaMind platform, an AI-powered financial intelligence service for professional accounting firms. Our registered address is in Wyoming, United States.

If you have questions about this policy, contact us at founder@memwamind.com.

This policy covers two groups: accounting firms and their staff who use the MemwaMind platform ("Firm Users"), and the end clients whose financial data is processed through the platform ("Client Data Subjects"). If you are a Client Data Subject whose information appears in documents uploaded by your accounting firm, your firm is the data controller and MemwaMind is the data processor acting on their behalf.

Data you provide directly:

• Firm name, contact information, and billing details when creating an account
• Financial documents uploaded to the platform including tax returns, general ledgers, income statements, and QuickBooks exports
• Natural language queries submitted through the Ask interface
• Notes and observations entered into the institutional knowledge base

Data generated automatically:

• Authentication events including login timestamps and device information, processed by Firebase Authentication
• Query history showing questions asked and answers returned, stored per client file
• Alert acknowledgment records showing which alerts were reviewed and when
• Ingestion job records showing which documents were uploaded and processed
• Usage patterns such as which features are accessed and how frequently, collected in anonymized form

Data we do not collect:

• We do not collect Social Security numbers, taxpayer identification numbers, or other government identifiers except as they appear incidentally in uploaded documents
• We do not collect or store payment card numbers — billing is handled by Stripe, our payment processor, and we only see the last four digits for your own billing reference
• We do not use your financial data to train AI models or to improve any vendor's public foundation models

We use the data we collect for the following purposes:

• To provide the MemwaMind service — analyzing financial documents, generating alerts, answering queries, and producing briefings
• To improve the platform — anonymized usage patterns help us understand which features are most valuable
• To communicate with you — service updates, alert notifications, and support responses
• To comply with legal obligations — we retain certain records as required by applicable law

We do not sell your data to third parties. We do not use your data for advertising. We do not share your data with other MemwaMind customers.

Each accounting firm's data is completely isolated from every other firm's data. Your clients' financial information is never visible to, accessible by, or shared with any other firm using MemwaMind. This isolation is enforced at every layer of our technical infrastructure.

We implement the following security measures:

• All data encrypted at rest using AES-256
• All data encrypted in transit using TLS 1.3
• Access controls enforced by verified authentication tokens on every request
• Regular security audits of our API and data access patterns
• Staff access to production data is logged and restricted

MemwaMind operates in accordance with the FTC Safeguards Rule under the Gramm-Leach-Bliley Act as a service provider to financial institutions.

We use the following third-party services to deliver MemwaMind:

We require all sub-processors to maintain appropriate security standards and to process data only as directed by us. The authoritative list — including service descriptions, data categories, and regions — lives at /subprocessors and is the canonical source if the two ever disagree.

Under IRC § 7216, taxpayer information ingested through MemwaMind requires written consent before disclosure to non-tax-prep third parties. By using MemwaMind, you authorize the limited disclosure of taxpayer-derived content to the subprocessors listed at /subprocessors, solely for the purpose of providing the services you've requested.

MemwaMind does not use taxpayer information for any purpose outside what you have explicitly requested via the product. Specifically: (a) we do not aggregate taxpayer information across firms for cross-firm benchmarking unless explicitly anonymized and separately consented to; (b) we do not share taxpayer information with third parties beyond the subprocessors listed; (c) we do not retain taxpayer information beyond the data retention schedule in Section 8 below.

MemwaMind operates as an auxiliary service provider to licensed accounting and tax practices under 26 C.F.R. § 301.7216-2(d). The LLM and reranking subprocessors (OpenAI, Anthropic, and Cohere) receive Tax Return Information (TRI) as part of their role as auxiliary service providers to MemwaMind, which processes TRI solely to facilitate the Customer firm's own tax-return preparation and associated client-record management. TRI is processed for no other purpose under this exception.

§7216 consent capture

The § 7216 acceptable-use authorization is captured at first login through an explicit consent acknowledgment during onboarding. Consent is timestamped and tied to your account identity. Firm owners and administrators can review the consent record under Settings → Audit log with the action filter set to consent events.

Firm responsibility for client disclosure

MemwaMind is an auxiliary service provider to the accounting firm. The firm — as the tax return preparer — is responsible for the consent relationship with its own clients. MemwaMind provides recommended client-disclosure language as part of its standard onboarding materials to assist Customer firms in meeting applicable disclosure requirements. That language is advisory, not a substitute for the firm's own legal counsel.

Cross-firm and research uses

If MemwaMind wishes to use TRI for any purpose beyond the auxiliary-services exception — including cross-firm analytics or collective intelligence features — it will seek a separate affirmative written consent satisfying the requirements of 26 C.F.R. § 301.7216-3. No such use will occur without such consent.

Data retention for TRI

Retention of Tax Return Information is customer-controlled. MemwaMind's default retention is 7 years for filed-return-relevant content (consistent with IRS guidance and AICPA workpaper-retention standards) and 90 days for ephemeral query logs. You can delete your firm's data at any time per the right-to-deletion process in Section 9 (Your Rights) below.

We retain your data for the following periods:

• Account and firm data: for the duration of your subscription plus 30 days after termination
• Financial documents and extracted data: for the duration of your subscription plus 30 days after termination
• Query history: for the duration of your subscription
• Authentication logs: 90 days
• Anonymized usage analytics: indefinitely in aggregate form

Upon termination of your subscription, we will permanently delete all firm-specific data within 30 days and provide written confirmation upon request.

Note: If applicable law requires retention of financial records for a longer period — such as the 7-year retention requirement under IRS guidelines — we will retain only what is legally required and notify you accordingly.

You have the right to:

• Access the personal data we hold about your firm
• Request correction of inaccurate data
• Request deletion of your data (subject to legal retention requirements)
• Export your data in a machine-readable format
• Opt out of non-essential communications

To exercise any of these rights, contact us at founder@memwamind.com. We will respond within 30 days.

In the event of a data breach that affects your firm's data, we will notify you within 72 hours of becoming aware of the breach. Notification will be sent to the email address on file for your firm's owner account and will include the nature of the breach, the data affected, and the steps we are taking to address it.

We may update this policy from time to time. We will notify you of material changes by email at least 30 days before they take effect. Continued use of MemwaMind after that date constitutes acceptance of the updated policy.

MEMWAMIND LLC

founder@memwamind.com