Cookie Policy

This summary highlights key points for quick review. It is not a substitute for the full legal policy below.

This Cookie Policy explains how Clarity (FinSync LLC, operating as Raintree Technology) uses cookies and similar technologies on our marketing site and authenticated application.

This policy is part of our privacy control environment and supports SOC 2 Privacy Trust Services Criteria, including notice, choice, and ongoing operational enforcement.

For broader data handling disclosures, review our Privacy Policy.

We classify cookies into four categories:

• Strictly Necessary: Required for authentication, security, fraud controls, and core product operation.
• Functional: Remembers user preferences like theme and locale.
• Performance/Analytics: Helps us measure reliability, product quality, and feature usage trends.
• Marketing/Targeting: Supports campaign attribution and retargeting where enabled.

Control standard:

• Zero-cookie default for non-essential categories.
• Active opt-in required before non-essential cookies are set.
• Granular category toggles are available and revocable at any time.

Below is a list of the cookies and trackers we use, grouped by category. This inventory is reviewed whenever integrations or scripts change.

Essential cookies (always on)

These keep the app running and secure. You can't turn them off.

Functional cookies (opt-in)

These remember your preferences so the app feels more personal.

Analytics cookies (opt-in)

These help us understand how people use Clarity so we can improve it. No financial data is ever included.

Marketing cookies (opt-in)

These help us measure whether our ads are working. Off by default.

Cookie names may vary slightly by environment. None of these cookies store financial data like balances, account numbers, or institution names.

4.1 Preference center

Users can set category-level choices in Settings > Privacy > Cookie Preferences.

• Accept all categories
• Reject all non-essential categories
• Set granular category choices individually

4.2 Consent timing

Non-essential scripts and tags are blocked until consent is recorded. Withdrawn consent is honored by disabling future collection in that category.

4.3 Browser-level controls

Most browsers allow cookie deletion or blocking. Browser controls may affect site behavior and do not replace in-app consent records.

To support SOC 2 Type 2 evaluation windows, we retain operational evidence showing this policy is implemented in practice.

• Consent logs: Timestamped records of category choices and policy version at time of action.
• Policy version history: Last revised date, change notes, and publication proof when cookie usage changes.
• Change management evidence: Pull request review and release checks for new scripts, SDKs, or tags.
• Cookie scanner reports: Periodic scans (for example, CMP/scanner outputs) to detect unauthorized or undocumented trackers.

If a new tracker is introduced, corresponding policy updates and consent-category mapping are required before or at release.

Because Clarity handles sensitive financial context, cookie controls are designed to prevent data leakage and enforce strict minimization.

• No plaintext PII in cookie values.
• No account balances, institution names, or account numbers in cookie payloads.
• Use opaque identifiers and short retention where possible.
• Vendor assessments include security and privacy diligence for cookie-capable partners.

Third-party providers may be requested to provide security assurance artifacts (such as SOC 2 reports) as part of vendor risk management.

We may update this policy to reflect changes in technologies, vendors, legal requirements, or control design.

• Last revised date is updated on each policy change.
• Material updates are reflected in product notices or account communications as needed.

For questions or requests related to cookies or privacy rights, contact legal@raintree.technology.