Privacy Policy
Last updated: March 25, 2026
Your privacy is not a feature β it is the foundation ClearPath is built on. This policy explains in plain language what information we collect, why we collect it, how we protect it, and what rights you have over it.
The short version
π Your financial data is private β only you can see it
π¦ We never store your banking password
π¦ You can export or permanently delete all your data anytime from Settings
π« We never sell your data or share it with advertisers
π¨π¦ Your rights are protected under Canada's PIPEDA privacy law
βοΈ Questions? Email privacy@clearpath.app
Scroll down to read the full Privacy Policy
1. Who we are
ClearPath Financial Inc. (βClearPathβ, βweβ, βourβ, or βusβ) operates the ClearPath web application available at clearpath.app. We are a Canadian company and this service is designed specifically for residents of Canada.
If you have any questions about this policy or how we handle your data, you can reach us at privacy@clearpath.app.
2. What information we collect
Account information
When you create an account, we collect your full name, email address, and a hashed password. We never store your password in plain text.
Financial data you enter
This includes account balances, transaction details, budget amounts, savings goals, debt balances, and registered account contribution room that you manually enter or import via CSV. This data belongs to you β ClearPath only stores it to display it back to you.
Bank connection data (optional)
If you choose to connect your bank using our Flinks integration, your banking username and password are entered directly on your bank's secure login page β not on ClearPath servers. We only receive a read-only token and your transaction history. We never see or store your banking credentials.
Usage and device information
We may collect basic information about how you use the app (pages visited, features used, errors encountered) and your device type and browser. We do not track which specific financial amounts you view.
Billing information
Subscription payments are processed by Stripe. ClearPath does not store your credit card number β Stripe handles all payment data in compliance with PCI-DSS standards. We only retain your subscription status and Stripe customer ID.
Communication preferences
If you opt into email notifications (such as bill reminders or weekly summaries), we store your preference and your email address for sending those messages. You can turn these off at any time in Settings.
3. How we use your information
We use your information only to:
- Provide and operate the ClearPath budgeting and financial planning service
- Display your financial data back to you in the dashboard
- Send you notifications and reminders you have opted into (bill due dates, budget alerts)
- Process your subscription payment through Stripe
- Respond to your support requests
- Detect and prevent fraud, abuse, and security threats
- Comply with applicable Canadian laws and regulations
We do not sell your personal information to any third party. We do not use your financial data for advertising. We do not share your data with data brokers or marketing companies. Your information is used solely to run this service for you.
4. How your data is protected
We take data security seriously and have built security protections into the foundation of ClearPath, not as an afterthought. Here is what we do:
Data isolation
Every user's data is locked to their account using Supabase Row Level Security. No user can ever access another user's financial data β not even by accident.
Encrypted in transit
All communication between your browser and our servers is encrypted using HTTPS/TLS. Your data is never transmitted in plain text.
Passwords hashed
Your password is never stored as plain text. We use industry-standard bcrypt hashing so even in the unlikely event of a breach, your password remains protected.
No banking passwords stored
When you connect your bank, your login credentials go directly to your bank β never to ClearPath. We only receive a secure, read-only access token.
Rate limiting
All API endpoints have rate limiting to prevent automated attacks, brute-force attempts, and abuse.
Input validation
Every piece of data submitted to ClearPath is validated and sanitized before processing, protecting against common web vulnerabilities.
5. Third-party services we use
ClearPath uses a small number of trusted third-party services to operate. Each is used only for its stated purpose:
Supabase
Secure database and authentication. Your financial data is stored in Supabase infrastructure hosted in Canada or the United States.
Stripe
Payment processing for your subscription. Stripe is PCI-DSS compliant. We never see your full card number.
Flinks
Optional bank connection service. Flinks is a Canadian-regulated open banking provider. Your bank credentials go to your bank directly.
Resend
Transactional emails (bill reminders, password reset). Only your email address and notification content are shared.
Sentry
Error monitoring to help us find and fix bugs. Error reports may include page names and error messages but not your financial data.
We do not use Google Analytics, Facebook Pixel, or any advertising tracking tools. Your financial data is never shared with analytics platforms.
6. Your rights under PIPEDA
As a Canadian, you are protected by the Personal Information Protection and Electronic Documents Act (PIPEDA). Under this law, you have the right to:
- Access your data β Request a complete export of all personal information we hold about you. You can do this from the Settings page at any time.
- Correct your data β If any information we hold is inaccurate, you can update it directly in your account settings.
- Delete your data β You can permanently delete your account and all associated data from the Settings page. Deletion is immediate and irreversible.
- Withdraw consent β You can withdraw consent for optional data uses (such as email notifications) at any time in Settings.
- Lodge a complaint β If you believe we have mishandled your personal information, you can file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.
To exercise any of these rights, visit Settings β Account in the app, or contact us at privacy@clearpath.app. We will respond within 30 days.
7. Data retention
We keep your data for as long as your account is active. When you delete your account, your personal information and financial data are permanently deleted from our systems within 30 days, except where we are required by law to retain certain records (such as billing records for tax purposes, which are kept for 7 years as required by the Canada Revenue Agency).
Backups are purged on a rolling schedule within 90 days of account deletion.
8. Cookies and tracking
ClearPath uses only essential, functional cookies β specifically a session cookie to keep you signed in. We do not use advertising cookies, tracking pixels, or third-party analytics cookies that follow you around the web.
You can clear cookies at any time through your browser settings. Clearing your session cookie will sign you out of ClearPath.
9. Children's privacy
ClearPath is not designed for or directed at children under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe a child has created an account, please contact us at privacy@clearpath.app and we will delete the account.
10. Changes to this policy
If we make significant changes to this Privacy Policy, we will notify you by email (if you have provided one) and by showing a notice in the app at least 30 days before the changes take effect. The βLast updatedβ date at the top of this page always reflects when this policy was last changed.
Your continued use of ClearPath after a policy change takes effect constitutes your acceptance of the updated policy. If you do not agree, you can delete your account at any time.
11. Contact us
For any privacy-related questions, data requests, or concerns, please contact:
ClearPath Financial Inc.
Privacy Officer
Email: privacy@clearpath.app
Canada