Privacy Policy

Cl.ai.M
Effective Date: 2/24/2026
Last Updated: 2/22/2026

1. Overview

Cl.ai.M (“we,” “our,” or “the Application”) is a privately operated macOS application designed to help users identify and process medical out-of-pocket expenses from financial transaction data.

This Privacy Policy explains how Cl.ai.M collects, uses, stores, and protects information, including financial data accessed through Plaid Inc. (“Plaid”).

Although Cl.ai.M is not publicly distributed in 2026 and is operated by a single founder, this document will form the basis of a future Privacy Policy included with private Beta and public GA releases of the app.

2. Information We Collect

Cl.ai.M collects only the information necessary to provide its functionality.

2.1 Financial Account Data (via Plaid)

When you connect a financial account using Plaid Link:

  • Transaction history
  • Account identifiers (e.g., masked account numbers)
  • Account balances (if enabled)
  • Financial institution name

Cl.ai.M does not collect:

  • Your bank login credentials
  • Your full account numbers
  • Your MFA codes

Financial authentication is handled directly by Plaid and your financial institution.

For more information about Plaid’s data practices, please visit:
https://plaid.com/legal/#privacy-policy

2.2 Application Usage Data

Cl.ai.M does not collect:

  • Analytics tracking data
  • Advertising identifiers
  • Location data
  • Behavioral tracking data

Basic operational logs may be stored locally on your device for debugging and security purposes.

3. How We Use Information

Cl.ai.M uses financial transaction data solely to:

  • Identify potential medical expenses
  • Generate insurance reimbursement claim documentation
  • Display transaction summaries within the app
  • Support user-initiated export functionality

We do not:

  • Sell personal data
  • Share financial data with third parties (except Plaid for API functionality)
  • Use data for advertising
  • Profile users for marketing

4. Data Storage & Security

Cl.ai.M is designed with a minimal-infrastructure architecture.

4.1 Local Storage

  • Transaction data is stored locally on the user’s Mac.
  • Data is encrypted at rest using Apple CryptoKit
  • Encryption keys and financial account information needed for authentication are stored in the macOS Keychain.
  • Access to decrypted data requires biometric authentication (Touch ID / Face ID).

4.2 Data in Transit

  • All communications with Plaid occur over TLS-encrypted HTTPS connections.
  • No financial credentials are stored by Cl.ai.M.

4.3 No Cloud Database

Cl.ai.M does not maintain:

  • A shared production database
  • A public backend server storing transaction data
  • A multi-user hosted environment

5. Data Retention

  • Transaction data remains stored locally until deleted by the user.
  • Users may disconnect financial accounts at any time.
  • Upon disconnection, Plaid access tokens are revoked.
  • Users may delete all locally stored data through the application.

6. Sharing of Information

Cl.ai.M shares data only as follows:

RecipientPurpose
Plaid Inc.To retrieve financial data via user-authorized API access
Financial InstitutionsDuring OAuth authentication through Plaid Link

No other third parties receive transaction data.

7. Your Rights & Controls

Users may:

  • Disconnect financial accounts
  • Delete stored transaction data
  • Revoke Plaid authorization
  • Request information about stored data

Because Cl.ai.M does not operate a public user database, data control is primarily local to the user’s device.

8. Security Measures

Cl.ai.M implements:

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest (Apple CryptoKit)
  • macOS Keychain secure key storage
  • Biometric gating for sensitive access
  • Full disk encryption (FileVault recommended)
  • No plaintext storage of financial data

9. Children’s Privacy

Cl.ai.M is not intended for use by individuals under 18 years of age.

10. Changes to This Policy

This Privacy Policy may be updated to reflect system changes or regulatory requirements. Updates will include a revised effective date.

11. Contact Information

For privacy-related inquiries, contact:

David Switzer
david.switzer@madisonlabs.io
1431 Myrtle Avenue, Victoria, BC, V8R 2Z5