Bank-grade security. Clear, by design.

How your data is protected

• Encrypted end-to-end — TLS in transit, AES-256 at rest.
• Read-only connections — we can’t move money, only read balances and transactions.
• No credentials stored — bank login details never live on our servers.

Security architecture at a glance

1. 1
   Isolate

   Financial data segregated from application services.

2. 2
   Minimize

   Only the data required for features is retained.

3. 3
   Control

   Strict role-based access with audit trails.

Your controls

• Link, pause, or remove any account anytime.
• Export or delete your data on request.
• Granular permissions for notifications and automation rules.

Compliance & best practices

• Privacy first: designed for PIPEDA and GDPR principles.
• Standards: following industry best practices; SOC-2 readiness on our roadmap.
• No selling data: your personal data is never sold.

FAQ

• Is it safe to link my bank?

  Read-only and encrypted; we can’t move funds.

• Can ClearFin see my passwords?

  No—credentials aren’t stored on our servers.

• Can I delete everything?

  Yes—request data deletion and we’ll remove linked data accordingly.