Credential boundary
Your banking credentials are entered into Plaid’s interface, not directly into Catalyst Cash.
Security overview | updated April 16, 2026
Security and trust, in plain English.
Catalyst Cash is designed so your core financial record lives on your device first. This page explains what that means operationally, what leaves the device, and what controls you have.
Primary posture
Local-first records
Balances, debts, renewals, settings, and saved audits are stored on device by default.
When network is used
Only for networked features
AI calls and Plaid sync happen only when you choose those features.
User control
Lock, clear, export, restore
Passcode, biometrics, privacy mode, encrypted backup, Recovery Vault, and deletion controls live in the app.
Data Boundaries
What stays on the phone, what leaves it, and why.
Stored on device
Your balances, debts, renewals, settings, audit history, and most working finance context are kept locally as the primary record.
Sent only when needed
AI requests and Plaid-linked refreshes are networked operations. If you do not use them, those requests do not happen.
Excluded from manual exports
Passcodes, device identifiers, API-style secrets, and subscription-state details are excluded from manual backup files.
AI Requests
How AI traffic is handled.
The app does not expose raw provider keys in the client. AI traffic is routed through the Catalyst backend proxy.
01
Native math runs first
The app computes key finance logic locally before the AI layer is used for explanation and structured decision support.
02
Context is minimized
Requests keep the card, merchant, and money context needed for useful answers while leaving out private account identifiers and access details.
03
No raw-payload retention promise
The product position is that raw financial payloads are not retained on Catalyst servers after request routing.
04
Provider training boundary
Current production AI runs through OpenAI's API. OpenAI states API data is not used to train models by default unless a customer opts in; Catalyst does not opt in to training on your API data.
Plaid
Where Plaid fits into the security model.
Plaid is optional. If you use it, it improves freshness. If you avoid it, the app still works with manual entry.
Token handling
Plaid access-token handling stays off-device on the backend. The app primarily keeps local connection metadata and synced results.
No selling by Catalyst
If you connect Plaid, Catalyst uses linked-account data to power app features you choose. We do not sell that data or use it for advertising profiles.
Optional by design
You can stay fully manual if you prefer tighter control over what data ever leaves the device. Plaid's own handling is governed by Plaid's End User Privacy Policy.
User Controls
The security controls the user can actually touch.
Passcode and biometrics
Lock the app with a passcode and supported biometric flows like Face ID so casual device access is not enough.
Privacy mode and history clearing
Chat persistence can be reduced or avoided, and saved history can be cleared when you want a shorter local footprint.
Backup and restore
Encrypted exports, Recovery Vault, linked restore flows, and secure-device continuity exist for portability without turning the product into a cloud-first finance database.
Important limit
This page explains product design decisions. It is not a third-party certification, formal security audit, or legal substitute for the Privacy Policy and Terms of Service.
Next Step
Read the legal policy after the plain-English version.
The trust page explains the operating model. The privacy page covers the legal handling language.