Catalyst Cash Privacy Policy
Effective date: 2026-03-01 ยท Last updated: 2026-03-01
๐ Privacy-First Architecture
Catalyst Cash is built from the ground up with privacy at its core. Your financial data is processed
locally on your device. We do not operate servers that store, access, or process your personal
financial information. We cannot see your data. We cannot access your data. Period.
1. Information We Do NOT Collect
Unlike most financial apps, Catalyst Cash does not:
- Collect or store your bank login credentials
- Maintain servers that process or retain your financial data
- Sell, rent, or share personal data with third parties for marketing
- Use your data to train AI models
- Track your behavior across apps or websites
- Access your AI chat conversations โ they are stored locally and auto-expire within 24 hours
- Collect analytics or telemetry about your financial activity
2. Information Processed Locally on Your Device
The following data is processed and stored exclusively on your device:
- Financial data you enter manually (balances, debts, renewals, investment holdings, savings
goals)
- Audit results generated by AI providers based on your input
- App settings (preferences, model selections, optional personal rules)
- AI chat history (auto-expires after 24 hours; PII is automatically scrubbed before local
storage; never persisted in privacy mode)
- Credit card portfolio data (card details, utilization, renewal dates)
3. Third-Party AI Providers
๐ฅ Direct-to-Provider Architecture
When you use AI features, your data is sent directly from your device to your chosen AI
provider
(e.g., OpenAI, Google Gemini, Anthropic Claude). There are no Catalyst Cash servers in between. We never
intercept, log, store, or have access to these transmissions. Furthermore, API usage through major AI providers
is governed by their API terms which explicitly prohibit using your data to train models.
You are responsible for reviewing the privacy policy and terms of service of your chosen AI provider:
4. AI Chat Data Retention
Chat conversations with Catalyst AI are handled with the following safeguards:
- Auto-expiry: All chat messages are automatically deleted after 24 hours
- PII scrubbing: Before local storage, sensitive patterns (credit card numbers, SSNs, account
numbers) are automatically masked
- Privacy mode: When privacy mode is enabled, chat messages are never written to disk โ they
exist only in memory during the active session
- No server storage: Chat messages are never transmitted to or stored on any server we control
- User control: You can clear all chat history at any time with a single tap
5. Plaid Bank Connections (Optional)
If you choose to link bank accounts via Plaid:
- Your bank credentials are entered directly into Plaid's secure interface โ we never see or store them
- Plaid provides read-only access tokens to retrieve account balances and transaction data
- You can disconnect any linked account at any time
- Plaid's data practices are governed by Plaid's End User Privacy Policy
6. iCloud Backup & Encrypted Sync
Optional cloud sync and backups are secured using AES-256-GCM encryption. If you set an app
passcode, it serves as the encryption key. We cannot decrypt your data; only you hold the key. Apple may
sync app data to iCloud according to your device settings.
7. Data Sharing
- We do not sell personal data
- We do not share data with third parties for advertising or marketing
- We do not monetize your financial information in any way
- The only data transmission occurs when you initiate an AI audit or chat, which goes directly
to your chosen AI provider
8. Children's Privacy (COPPA)
Catalyst Cash is not directed to children under the age of 13. We do not knowingly collect personal information
from children. If you believe a child has provided us with personal information, please contact us immediately
and we will take steps to delete such information.
9. California Privacy Rights (CCPA)
California residents have the right to:
- Know what personal information is collected (see Section 2 above โ it's all local)
- Delete their data at any time via Settings โ Factory Reset
- Opt-out of the sale of personal information (we never sell personal data)
- Non-discrimination for exercising privacy rights
Because all data is stored locally on your device and we have no access to it, you have full and
immediate control over your information at all times.
10. Data Security
- All sensitive data (API keys, tokens, passcodes) are stored securely using native device Keychain/Preferences
- Optional backups use AES-256-GCM encryption
- No plaintext financial data is ever transmitted to our servers (we don't have data servers)
- AI chat PII is automatically scrubbed before any local persistence
11. Your Choices & Controls
- Use free mode (manual copy/paste) with zero API connectivity
- Clear audit history, chat history, or all data at any time
- Enable/disable privacy mode (prevents any local chat persistence)
- Disconnect bank accounts via Plaid at any time
- Delete your account and all associated data instantly
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes to how your data is
processed or stored, we will notify you within the Application or by updating the Effective Date.
Your continued use of the Application constitutes acceptance of any revisions.
13. Contact
For privacy questions or data deletion requests, contact: support@catalystcash.app