Credential boundary
Your banking credentials are entered into Plaid’s interface, not directly into Catalyst Cash.
Security overview | updated March 16, 2026
Security and trust, in plain English.
Catalyst Cash is designed so your core financial record lives on your device first. This page explains what that means operationally, what leaves the device, and what controls you have.
Primary posture
Local-first records
Balances, debts, renewals, settings, and saved audits are stored on device by default.
When network is used
Only for networked features
AI calls and Plaid sync happen only when you choose those features.
User control
Lock, clear, export, delete
Passcode, biometrics, privacy mode, backup, restore, and deletion controls live in the app.
Data Boundaries
What stays on the phone, what leaves it, and why.
Stored on device
Your balances, debts, renewals, settings, audit history, and most working finance context are kept locally as the primary record.
Sent only when needed
AI requests and Plaid-linked refreshes are networked operations. If you do not use them, those requests do not happen.
Excluded from manual exports
Passcodes, device identifiers, API-style secrets, and subscription-state details are excluded from manual backup files.
AI Requests
How AI traffic is handled.
The app does not expose raw provider keys in the client. AI traffic is routed through the Catalyst backend proxy.
01
Native math runs first
The app computes key finance logic locally before the AI layer is used for explanation and structured decision support.
02
Prompts are scrubbed
Requests are scrubbed before being routed so the model sees less directly identifying financial context.
03
No raw-payload retention promise
The product position is that raw financial payloads are not retained on Catalyst servers after request routing.
Plaid
Where Plaid fits into the security model.
Plaid is optional. If you use it, it improves freshness. If you avoid it, the app still works with manual entry.
Token handling
Plaid access-token handling stays off-device on the backend. The app primarily keeps local connection metadata and synced results.
Optional by design
You can stay fully manual if you prefer tighter control over what data ever leaves the device.
User Controls
The security controls the user can actually touch.
Passcode and biometrics
Lock the app with a passcode and supported biometric flows like Face ID so casual device access is not enough.
Privacy mode and history clearing
Chat persistence can be reduced or avoided, and saved history can be cleared when you want a shorter local footprint.
Backup and restore
Encrypted exports and restore flows exist for portability without turning the product into a cloud-first finance database.
Important limit
This page explains product design decisions. It is not a third-party certification, formal security audit, or legal substitute for the Privacy Policy and Terms of Service.
Next Step
Read the legal policy after the plain-English version.
The trust page explains the operating model. The privacy page covers the legal handling language.