Legal
Privacy Policy
Operated by Clear Health LLC · Effective Date: May 13, 2026 · Last Updated: May 13, 2026
This Privacy Policy explains how Clear Health LLC, a Puerto Rico limited liability company with its principal place of business in San Juan, Puerto Rico (“Finbird,” “we,” “us,” or “our”), collects, uses, discloses, and protects information when you use the Finbird mobile application, the website at www.finbird.app, and any related services we provide (collectively, the “Service”).
Finbird is a personal finance tracking tool. We help you see spending patterns, budget signals, and goal projections — either by entering your accounts and transactions manually (free plan) or by connecting your financial accounts through Plaid Inc. (“Plaid”) under our Pro plan.
By creating an account or otherwise using the Service, you agree to the practices described in this Policy. The Service is available only to users located in the United States (including Puerto Rico) and Canada and only to individuals who are at least 18 years old.
1. Information We Collect
1.1 Information You Provide Directly
When you create an account, use the Service, or contact us, we collect information you choose to give us, including:
- Account information: name, email address, profile photo (optional), and authentication credentials managed by Clerk.
- Financial information you enter manually: account names, balances, transactions, categories, merchant names, dates, amounts, budget targets, and savings goals.
- Communications: messages, support requests, and feedback you send to hello@finbird.app or otherwise.
- Payment information for Pro subscribers: in-app subscriptions are processed by the Apple App Store or Google Play (managed through RevenueCat). We never receive or store your payment card numbers.
1.2 Information Collected Through Plaid (Pro Plan Only)
If you elect to connect a financial institution through our Pro plan, we use Plaid to access information from your financial accounts on your behalf. Plaid will collect your financial institution login credentials directly. Finbird does not see, store, or have access to your bank username, password, or multi-factor authentication codes.
Through Plaid, we receive read-only access to:
- Account identifiers and metadata: account name, type, masked account number, institution name, and currency.
- Balances: current and available balances.
- Transactions: date, amount, merchant name, category, location (where provided), and pending status.
- Account ownership information: name, address, phone, and email associated with the account, where made available by your financial institution.
Your use of Plaid is also governed by Plaid’s End User Privacy Policy which is incorporated into this Policy by reference.
1.3 Information Collected Automatically
When you use the Service, we automatically collect:
- Device information: device type, operating system and version, browser type, language settings, and device identifiers.
- Log and usage data: IP address, access times, app screens viewed, features used, crash data, and diagnostic information.
- Cookies and similar technologies on our website (see Section 8).
1.4 Information from Third Parties
- Authentication providers (e.g., Google via Clerk): limited to your name, email, profile picture, and a unique account identifier.
- Plaid, as described in Section 1.2.
- Payment processors: limited to transaction confirmations and the last four digits and brand of your payment method.
2. How We Use Information
We use the information we collect to:
- Provide and operate the Service, including generating your daily brief, pattern detection, budget tracking, goal projections, and the annotated activity feed.
- Create and maintain your account, authenticate you, and secure access to your data.
- Process Pro subscription payments and manage billing.
- Send transactional communications such as service alerts, security notices, and password resets.
- Send the optional daily brief and pattern alerts via push notification and email, if enabled. You can disable these at any time in the app.
- Improve, debug, and develop new features of the Service, including aggregate analysis of usage trends.
- Detect, investigate, and prevent fraud, security incidents, and abuse of the Service.
- Comply with legal obligations and enforce our Terms of Service.
3. How We Share Information
3.1 Service Providers (Sub-Processors)
We share information with vendors who process data on our behalf. Each is bound by contractual obligations to protect your information.
- Supabase, Inc. — database, authentication backend, and application hosting (US / AWS infrastructure).
- Clerk, Inc. — user authentication, session management, and sign-in via email or Google.
- Plaid Inc. — Pro-plan bank account connectivity and transaction data retrieval.
- RevenueCat, Inc. — subscription management for Pro, with payments processed by the Apple App Store and Google Play.
- Resend, Inc. — email and push-notification delivery for your daily brief and account messages.
3.2 Legal and Safety Disclosures
We may disclose information if we believe in good faith that disclosure is necessary to comply with applicable law, enforce our Terms of Service, detect or prevent fraud, or protect the rights, property, or safety of Finbird, our users, or others.
3.3 Business Transfers
If Clear Health LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
3.4 What We Do Not Do
We do not sell your personal information. We do not rent it. We do not share it with advertisers or data brokers. We do not allow third-party advertising networks to track you within the Service.
4. Plaid Connections — Additional Disclosures
This section applies only if you connect a financial account through Plaid on the Pro plan.
- Read-only access: Finbird and Plaid receive read-only access to your account data. We cannot move money, initiate transactions, or change your account settings.
- Credentials: Your financial institution credentials are entered into Plaid Link and are never seen or stored by Finbird.
- Revocation: You can disconnect any linked institution from within the Finbird app at any time, or directly through my.plaid.com.
- Post-disconnection: When you disconnect an institution, we stop fetching new transactions within a commercially reasonable time. Previously synced transactions remain in your Finbird account until you delete them or delete your account.
5. Data Retention
- Account data: retained while your account is active.
- Transactions and financial data: retained while your account is active.
- Deleted accounts: personal information is deleted or de-identified from active systems within 30 days of account deletion, and from encrypted backups within an additional 60 days (90 days total).
- Legal holds: we may retain information longer where required by law, to resolve disputes, or to defend legal claims.
- Aggregated data: data that has been aggregated or de-identified so it no longer identifies you may be retained indefinitely.
6. Data Security
We use administrative, technical, and organizational measures to protect your information, including:
- Encryption in transit (TLS 1.2 or higher) and encryption at rest for stored data.
- Access controls limiting access to personal data on a need-to-know basis.
- Use of reputable, security-audited sub-processors (Supabase, Clerk, Plaid, RevenueCat).
- Authentication delegated to Clerk, including support for secure sign-in flows.
No method of transmission or storage is 100% secure. If we become aware of a security incident affecting your personal information, we will notify you and applicable authorities as required by law.
7. Your Rights and Choices
7.1 Access, Correction, Deletion, and Portability
You may at any time:
- Access and update most of your account and financial data directly within the Service.
- Export your transaction data via CSV (available on the Pro plan).
- Delete individual transactions, accounts, or goals from within the Service.
- Delete your entire account by contacting us at hello@finbird.app.
7.2 California Residents (CCPA / CPRA)
If you are a California resident, you have the right to:
- Know what personal information we have collected about you, the sources, the purposes, and the categories of third parties with whom we share it.
- Request deletion of personal information we collected from you.
- Request correction of inaccurate personal information.
- Opt out of the sale or sharing of personal information. Finbird does not sell or share personal information for cross-context behavioral advertising.
- Be free from unlawful discrimination for exercising any of these rights.
To exercise these rights, email hello@finbird.app.
7.3 Other U.S. State Rights
Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws may have similar rights to access, correct, delete, and obtain a portable copy of their personal data. Contact hello@finbird.app to exercise these rights.
7.4 Communication Preferences
- Disable push notifications in your device settings or in the Finbird app’s “You” tab.
- Unsubscribe from non-essential emails using the link in any such email.
- Transactional emails (security alerts, billing notices, important account updates) cannot be turned off without closing your account.
8. Cookies and Similar Technologies
On our website (www.finbird.app), we use cookies and similar technologies for:
- Essential functions: maintaining your sign-in session, security, and load balancing.
- Analytics: understanding how visitors use our website so we can improve it. We do not use cookies for cross-site behavioral advertising.
You can control cookies through your browser settings. Blocking essential cookies may impair your ability to sign in or use parts of the website.
9. Children's Privacy
The Service is intended for adults aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, contact us at hello@finbird.app.
10. International Users and Data Transfers
The Service is offered only to users located in the United States (including Puerto Rico) and Canada. Personal information is processed and stored on servers located in the United States.
Canadian users: We comply with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. Contact hello@finbird.app to exercise your access and correction rights under those laws.
11. Notice Under the Gramm-Leach-Bliley Act
Because we collect “nonpublic personal information” about consumers in connection with a financial product or service, Finbird is treated as a “financial institution” under the federal Gramm-Leach-Bliley Act (GLBA) and Regulation P. This Policy serves as our GLBA privacy notice.
We disclose nonpublic personal information only to service providers that perform services on our behalf, as legally required, with your direction or consent, or in connection with a business transfer. We do not disclose nonpublic personal information to nonaffiliated third parties for their own marketing purposes.
12. Changes to This Policy
We may update this Policy from time to time. When we make material changes, we will notify you by email, by in-app notice, or by posting an updated version with a new “Last Updated” date at the top. Your continued use of the Service after the effective date of the updated Policy means you accept the changes.
13. Contact Us
If you have questions, concerns, or requests regarding this Policy or our handling of your information: