At a Glance
This summary highlights key points for quick review. It is not a substitute for the full legal policy below.
| What's on by default? | Only cookies needed to keep the app working (login, security). Everything else is off. |
| Do I have to opt in? | Yes. Analytics, marketing, and preference cookies won't load until you turn them on. |
| Can I change my mind? | Anytime. Go to Settings > Privacy > Cookie Preferences to adjust or revoke choices. |
| Is my financial data in cookies? | No. Cookies never contain account balances, bank names, or account numbers. |
| Last revised | March 1, 2026 |
1. Scope and purpose
This Cookie Policy explains how Clarity (FinSync LLC, operating as Raintree Technology) uses cookies and similar technologies on our marketing site and authenticated application.
This policy is part of our privacy control environment and supports SOC 2 Privacy Trust Services Criteria, including notice, choice, and ongoing operational enforcement.
For broader data handling disclosures, review our Privacy Policy.
4. Consent and user choice
4.1 Preference center
Users can set category-level choices in Settings > Privacy > Cookie Preferences.
- Accept all categories
- Reject all non-essential categories
- Set granular category choices individually
4.2 Consent timing
Non-essential scripts and tags are blocked until consent is recorded. Withdrawn consent is honored by disabling future collection in that category.
4.3 Browser-level controls
Most browsers allow cookie deletion or blocking. Browser controls may affect site behavior and do not replace in-app consent records.
5. Audit evidence and governance
To support SOC 2 Type 2 evaluation windows, we retain operational evidence showing this policy is implemented in practice.
- Consent logs: Timestamped records of category choices and policy version at time of action.
- Policy version history: Last revised date, change notes, and publication proof when cookie usage changes.
- Change management evidence: Pull request review and release checks for new scripts, SDKs, or tags.
- Cookie scanner reports: Periodic scans (for example, CMP/scanner outputs) to detect unauthorized or undocumented trackers.
If a new tracker is introduced, corresponding policy updates and consent-category mapping are required before or at release.
6. Fintech confidentiality requirements
Because Clarity handles sensitive financial context, cookie controls are designed to prevent data leakage and enforce strict minimization.
- No plaintext PII in cookie values.
- No account balances, institution names, or account numbers in cookie payloads.
- Use opaque identifiers and short retention where possible.
- Vendor assessments include security and privacy diligence for cookie-capable partners.
Third-party providers may be requested to provide security assurance artifacts (such as SOC 2 reports) as part of vendor risk management.
7. Policy updates and contact
We may update this policy to reflect changes in technologies, vendors, legal requirements, or control design.
- Last revised date is updated on each policy change.
- Material updates are reflected in product notices or account communications as needed.
For questions or requests related to cookies or privacy rights, contact legal@raintree.technology.