ClearCash is built on infrastructure designed for financial applications, with security applied at every layer — from how you sign in to how your data is stored.
Data storage and encryption
ClearCash stores your data using Supabase, which runs on AWS. All data is encrypted at rest and in transit. No financial data is stored locally on your device beyond what’s needed for the current session.
Connections are always encrypted
All communication between ClearCash and its servers is over HTTPS, enforced by Cloudflare. Cloudflare also provides DDoS protection and a Web Application Firewall (WAF) in front of the API.
Your data is isolated
ClearCash uses Row Level Security (RLS) at the database level — a Postgres feature that enforces data access rules inside the database itself. Every query is scoped to the authenticated user, so it’s not possible to access another user’s data even if a request were constructed to try.
Bank credentials
ClearCash uses Plaid to connect to banks. Plaid handles authentication directly with your bank — your username and password are entered in Plaid’s secure flow and go only to your bank. ClearCash never receives, sees, or stores your bank login credentials.
Authentication
ClearCash uses passwordless sign-in by default. You can sign in with:
- Google — authenticated via Google’s OAuth flow; ClearCash receives only your name and email address
- Email magic link — a one-click sign-in link sent to your email
- Email OTP — a 6-digit code sent to your email if you prefer to enter it manually
Because there’s no password, there are no password hashes stored that could be cracked if a breach were to occur.
Session security
Sessions are managed using short-lived JSON Web Tokens (JWTs) that are automatically refreshed. If a session token is ever invalidated or expired, ClearCash signs you out automatically and asks you to sign back in.
Auto-logout
ClearCash automatically signs you out after 15 minutes if the app is sent to the background. This means if you leave the app open on your phone and someone picks it up, they can’t access your data.
The auto-logout timer starts the moment the app is backgrounded — not after inactivity within the app.
Frequently Asked Questions
Can ClearCash employees see my financial data?
Access to production data is strictly limited and governed by Row Level Security at the database level. ClearCash staff do not have routine access to individual users’ financial records.
What happens to my data if I delete my account?
Deleting your account permanently removes your profile, all financial accounts, transactions, and any other data associated with your account. This action cannot be undone. See Your privacy rights →
Is ClearCash safe to use on public Wi-Fi?
Yes. All data is transmitted over HTTPS, so it’s encrypted in transit regardless of the network you’re on. That said, we always recommend using trusted networks when accessing sensitive financial information.
Does ClearCash store my Google password?
No. When you sign in with Google, authentication happens through Google’s OAuth flow. ClearCash only receives a token confirming your identity — your Google password is never shared with ClearCash.
Was this page helpful?