Security & privacy

Your data, your control

ClearMint Essentials is built privacy-first. Run it entirely in your browser, or turn on cloud sync with database-enforced isolation.

Private by default

With no account, your finances never leave your browser — they're stored locally on your device until you choose to enable cloud sync.

Row-level security

When sync is on, every record is isolated by database row-level security policies. You can only ever read or write your own data.

Encrypted in transit

All traffic is served over HTTPS/TLS. Authentication is handled by Supabase Auth with industry-standard session tokens.

No lock-in

Export everything to CSV or JSON whenever you want, and delete your account data permanently with one click.

No selling your data

We don't sell or rent your personal or financial information. Read the details in our Privacy Policy.

You hold the records

Statements you import are parsed in your browser. We store only the structured data you keep, scoped to your account.

Reporting a vulnerability

We take security seriously and welcome responsible disclosure. If you believe you've found a vulnerability, please email our team with details and steps to reproduce. We'll acknowledge your report and keep you updated on the fix.

Your responsibilities

Use a strong, unique password and keep it private.
Sign out on shared devices, and keep your browser up to date.
Only upload statements you're authorized to access.

For data-deletion requests, see Data Deletion.