Cookie Policy | Clarity

At a Glance

Quick summary. Read the full policy below for the complete terms.

Document owner: FinSync LLC (operating as Raintree Technology) privacy and compliance team.
Contact + response: Questions? Email legal@raintree.technology. We respond to consent inquiries within 5 business days.
What's on by default?: Only essential cookies (login, security, short-lived referral/OAuth handoff). Analytics cookies and session replay stay off until you allow analytics; before then we measure only aggregate, cookieless page traffic.
Do I have to opt in?: Analytics cookies and identifiers are only set after you allow analytics. Before you choose, GA4 and PostHog run in a cookieless mode that measures aggregate page traffic without storing anything on your device.
Can I change my mind?: Anytime. Use the controls on this page or clear site data in your browser.
Is my financial data in cookies?: Never. No balances, bank names, or account numbers touch cookies.
Last revised: May 19, 2026

1. Scope and purpose

This Cookie Policy explains how Clarity (FinSync LLC, operating as Raintree Technology) uses cookies and similar technologies on our marketing site and authenticated application.

This policy covers the browser-side storage and tracking controls that are implemented in the product today.

For broader data handling disclosures, review our Privacy Policy.

2. Cookie categories and control model

We currently use four storage categories:

Strictly Necessary: Required for authentication, security, fraud controls, and core product operation.
Short-lived attribution and auth handoff: Preserves referral codes, UTM parameters, and OAuth state across sign-in redirects.
Analytics (opt-in): Google Analytics 4 and PostHog measure page views and product usage after you allow analytics.
Advertising (opt-in): The Meta Pixel and Google AdSense set advertising cookies used for ad delivery and conversion measurement.

Control standard:

Analytics cookies are off until you explicitly allow analytics; before then GA4 runs cookieless and our product-analytics tool records only anonymous page views.
Global Privacy Control (GPC) is treated as a decline for non-essential analytics.
Google AdSense advertising is live on the marketing site. AdSense's advertising cookies are managed through Google's certified consent-management platform, which collects consent in the EEA/UK; the Meta Pixel sets its cookies only after you allow advertising using the controls below.

3. Cookie inventory

Below is the browser storage we currently create directly or rely on in the application codebase. Names managed by third-party auth providers can vary by environment.

Always-on operational storage

These entries support authentication, OAuth handoff, referral attribution, and basic app operation.

Storage key	Type	Provider	What it does	Lasts
Authentication session cookie(s)	Cookie	Clarity / infrastructure provider	Keeps authenticated sessions active	Session / provider-managed
clarity_ref	Cookie	Clarity	Carries referral code through the Google OAuth round-trip	30 minutes
clarity_utm	Cookie / local storage	Clarity	Carries UTM attribution through sign-up and OAuth flows	30 minutes in cookie; browser-controlled in local storage
clarity_oauth_event	Cookie	Clarity	Short-lived sign-in/sign-up event marker used after Google OAuth completes	60 seconds

Analytics and advertising storage (opt-in)

Analytics entries are created only after you allow analytics. Advertising entries are set after you allow advertising; AdSense advertising cookies in the EEA/UK are additionally governed by Google's consent-management platform.

Storage key	Type	Provider	What it does	Lasts
_ga	Cookie	Google Analytics	Measures page views and usage trends after consent	24 months
ph_, __ph_	Cookie + Local storage	PostHog	Product analytics for the authenticated app. Identifies sessions by your Clarity user ID and email. On the marketing site, before you grant analytics consent PostHog captures only anonymous, cookieless page views — no cookies or identifiers are written; granting consent enables full product analytics and session replay (inside the app, your Terms acceptance covers it). Does not receive account balances, transaction lists, or holdings.	~12 months
_fbp / _fbc	Cookie	Meta Pixel	Meta marketing pixel and Conversions API attribution. Only loads after you grant advertising consent on the cookie banner. Disabled by default; honored across page loads via the banner.	90 days (Meta default)
__gads / __eoi	Cookie	Google AdSense	Ad delivery, frequency capping, and ad measurement on the marketing site. Managed via Google's certified consent-management platform.	~13 months
clarity_cookie_preferences	Local storage	Clarity	Stores your analytics and advertising consent choices	Until you clear it

Outside the tools listed above, we do not load additional marketing trackers (Segment, Mixpanel, Intercom, TikTok Pixel, LinkedIn Insight, etc.) in the product today. None of the storage above receives balances, account numbers, or institution names.

4. Consent and user choice

4.1 Banner and on-page controls

When analytics are enabled for the environment, we show a banner with Decline, Analytics only, and Allow all. Decline keeps non-essential analytics and advertising off. Analytics only enables Google Analytics 4 and product analytics. Allow all additionally enables advertising cookies (the Meta Pixel). Before you choose, only cookieless aggregate measurement runs. The on-page controls below let you change analytics and advertising independently at any time.

Analytics: Not set · Advertising: Not set

4.2 Consent timing

Before you record a choice, GA4 runs in a cookieless, consent-denied mode and our product-analytics tool captures only anonymous page views — no analytics cookies are set. Recording consent enables full measurement. If your browser sends a Global Privacy Control (GPC) signal, we treat that as a decline for non-essential analytics.

4.3 Browser-level controls

Most browsers allow cookie deletion or blocking. Clearing site data removes the stored analytics choice and referral/auth handoff state.

5. Audit evidence and governance

We keep this policy aligned to the codebase through change review and inventory updates, but our current consent model is browser-local rather than a centralized CMP.

Current consent state: Your analytics and advertising choices are stored locally in the browser as clarity_cookie_preferences.
Policy version history: Last revised date, change notes, and publication updates when cookie usage changes.
Change management evidence: Pull request review and release checks for new scripts, SDKs, or tags.
Inventory maintenance: We update this page when browser storage or third-party tags change.

If we add a centralized consent manager or server-side consent logging later, this section will be updated to reflect that operational control.

6. Fintech confidentiality requirements

Because Clarity handles sensitive financial context, cookie controls are designed to prevent data leakage and enforce strict minimization.

No plaintext PII in cookie values.
No account balances, institution names, or account numbers in cookie payloads.
Use opaque identifiers and short retention where possible.
Vendor assessments include security and privacy diligence for cookie-capable partners.

Third-party providers may be requested to provide security assurance artifacts (such as SOC 2 reports) as part of vendor risk management.

7. Policy updates and contact

We may update this policy to reflect changes in technologies, vendors, legal requirements, or control design.

Last revised date is updated on each policy change.
Material updates are reflected in product notices or account communications as needed.

For questions or requests related to cookies or privacy rights, contact legal@raintree.technology.