Clario to aplikacja do budżetu na iPhone i macOS, stworzona przez ukraiński zespół. Łączy się z Monobank w trybie tylko-do-odczytu i ma asystenta AI w językach ukraińskim i angielskim.

Czy Clario jest darmowe?

Tak — plan Basic jest darmowy: jeden bank, podstawowa analityka i 5 zapytań AI miesięcznie.

Czy podłączenie banku jest bezpieczne?

Tak. Clario używa oficjalnego API Monobank z dostępem tylko do odczytu, dane są szyfrowane SSL 256-bit i przechowywane w UE.

Privacy Policy

Your trust is important to us. This policy explains how ClarioFin collects, uses, and protects your personal and financial data.

Effective Date: March 24, 2026. Last Updated: March 24, 2026.

1. Introduction

ClarioFin ("we", "our", "us") is a personal finance management application that helps you aggregate bank accounts, track spending, set savings goals, and receive AI-powered financial insights. This Privacy Policy describes what information we collect, how we use it, who we share it with, and your rights regarding your data.

By using ClarioFin, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the app or website.

2. Data We Collect

We collect the following categories of data to provide and improve the ClarioFin service:

Account Information

When you create an account, we collect:

Email address
First and last name
Password (stored as a one-way bcrypt hash — we never store your plain-text password)
Third-party sign-in identifiers if you use Apple Sign-In or Google Sign-In (Apple ID or Google ID only — we do not receive your Apple or Google password)

Financial Data

When you connect bank accounts or use the app, we collect:

Bank account details: account name, institution name, account type, last 4 digits of your card number, IBAN, and current/available balances
Transaction history: amounts, dates, merchant names, categories, merchant category codes (MCC), and payment channels
Budget information: monthly income, fixed expenses, and variable expenses you set up during onboarding
Savings goals ("Jars"): goal names, target amounts, current progress, and contribution history
Receipt images: photos of receipts you upload for expense tracking, along with extracted merchant name, items, and totals
Bank access tokens: encrypted credentials used to sync your accounts (encrypted with AES-256-CBC — see Security section)

Technical & Security Data

For security and rate-limiting purposes, we may collect:

IP address and user agent string (only during email verification and authentication, for abuse prevention — not for tracking)
Country and language preferences you set in the app

3. How We Use Your Data

Display your aggregated bank balances and transactions across all connected accounts
Generate AI-powered spending insights, savings tips, and financial health analysis
Power the AI Financial Assistant chat feature, which uses your financial context to answer your questions
Process receipt images to automatically extract and categorize expenses
Manage your savings goals (Jars) and track progress toward targets
Verify your identity during signup and password reset via email verification codes
Enforce subscription tiers and feature access (Basic, Pro, Elite)

4. Third-Party Services

We share specific data with the following third-party services to provide core functionality. We do not sell your data to any third party.

OpenAI (GPT-4o / GPT-4o-mini)

When you use the AI Financial Assistant or receive AI-generated insights, we send your financial context to OpenAI's API. This includes your account balances, recent transactions (amounts, categories, merchant names), budget information, and savings goals. For receipt scanning, we send the receipt image to OpenAI's Vision API. OpenAI processes this data to generate responses and does not use it to train their models (per their API data usage policy). We use the minimum data necessary for each request.

Bank APIs (Monobank)

When you connect a bank account, we communicate directly with your bank's API using your encrypted access token. We send account identifiers and time ranges to retrieve your transactions and balances. Your bank credentials are encrypted at rest with AES-256-CBC and are never stored in plain text. We do not share your bank data with any party other than the bank itself.

Apple (Sign-In & In-App Purchases)

If you sign in with Apple, your Apple ID is used for authentication only. For subscriptions, we verify purchase receipts with Apple's servers to confirm your subscription status. We store your Apple transaction ID for subscription management.

Email Service (SMTP)

We send transactional emails (verification codes, password resets, account deletion confirmations) via SMTP. Your email address is the only personal data transmitted. We do not send marketing emails without your consent, and our emails contain no tracking pixels or external resources.

5. Data Security

We take the security of your financial data seriously and implement the following measures:

Bank access tokens are encrypted using AES-256-CBC with HMAC-SHA256 integrity verification. Encryption and HMAC use separate cryptographic keys.
Passwords are hashed with bcrypt (12 rounds) — they cannot be reversed or read by anyone, including us.
Email verification codes are hashed with SHA-256 before storage and expire after 10 minutes.
All API communication uses HTTPS/TLS encryption. The mobile app enforces SSL certificate pinning against Google Trust Services root CAs.
Authentication uses short-lived JWT access tokens with secure, HTTP-only refresh token cookies (SameSite=Strict, 7-day expiry).

6. Cookies

ClarioFin uses a single essential cookie: an HTTP-only refresh token cookie for session management. This cookie is strictly necessary for the app to function and cannot be used for tracking. It is marked as Secure (HTTPS only) and SameSite=Strict (not sent to third-party sites).

We do not use any advertising cookies, analytics cookies, or third-party tracking cookies on our website or in our app.

7. Data Retention

We retain your data only for as long as your account is active or as needed to provide you the service:

Account and financial data: retained while your account is active. Permanently deleted when you delete your account.
Email verification codes: automatically expire after 10 minutes. Rate-limiting records expire after 15 minutes.
Collaborative jar share codes: expire after 5 minutes.

8. Your Rights

Under GDPR and Ukrainian data protection law, you have the following rights:

Right of access: Request a copy of all personal data we hold about you.
Right to rectification: Request correction of inaccurate personal data.
Right to erasure: Delete your account and all associated data at any time from within the app (Settings → Delete Account). All data is permanently removed via cascade deletion.
Right to data portability: Request your data in a machine-readable format (available to Pro and Elite subscribers via the Export feature).
Right to object: Object to processing of your data for specific purposes.

To exercise any of these rights, contact us at support@clarioapp.net. We will respond within 30 days.

9. Children's Privacy

ClarioFin is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at support@clarioapp.net and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the app and on our website, with the updated effective date. Your continued use of ClarioFin after changes are posted constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

ClarioFin

Email: support@clarioapp.net

privacy.moreInfoAboutDataProcessing

privacy.viewDataProcessing →