Privacy policy

We wrote this policy the way we wish other fintechs would: short, specific, and honest about the trade-offs. If anything below is unclear, email privacy@joinclin.com and we will fix the wording.

1. What we collect

We collect three buckets of data, and only what we need from each.

• Account information.The owner's name, email, phone, the practice's legal name, EIN, address, and ownership structure required to open a deposit account under federal banking rules.
• Transaction data. Money movement on Clin accounts and cards, plus the integration data your practice chooses to sync — patient payments, insurance EOBs, lab invoices, and the like.
• Device and usage telemetry. IP, device type, browser, and how you navigate the product. Used to detect fraud and to figure out which features are confusing.

2. Why we collect it

We use this data to deliver Clin: clear payments, post claim payouts to the right account, generate AI insights about your cash position, detect fraud on cards, and meet our anti-money laundering obligations. We do not build advertising profiles. We have no ads business and no plans to start one.

3. How AI uses your data

Our AI features run on aggregated, de-identified data by default. When the Virtual CFO surfaces a benchmark like “your supply spend is 8% above peer practices in Ohio,” the comparison comes from anonymized aggregates across our customer base — never another practice's identifiable transactions. We do not train third-party foundation models on your individual practice data. If you want to opt your practice into helping improve Clin's own models with explicit consent, we have a one-click toggle in Settings → Privacy; it is off by default.

4. Who we share with

We share data with the partners that make Clin work — and nobody else. Specifically:

• Our partner banks and Mastercard issuer, to hold deposits and authorize card transactions
• Identity verification, fraud detection, and KYC vendors required by federal banking law
• Infrastructure providers (AWS, Datadog) under contractual data processing agreements
• Your accountant or bookkeeper, but only if you connect them via QuickBooks, Xero, or a Clin API key you generate

We do not sell your data. We have never sold your data. If we are ever acquired, the acquirer must honor this policy and notify you before any change.

5. How long we keep it

We retain transaction records for seven years to meet IRS, FinCEN, and bank-record-keeping requirements. Device telemetry is kept for 90 days at full fidelity, then aggregated. If you close your account, we delete identifiable account data within 30 days of the legal retention window expiring.

6. Your rights

You can access, correct, export, or delete your data at any time. Settings → Privacy has one-click controls for each. Under CCPA, GDPR, and similar regimes, you also have the right to object to certain processing and to lodge a complaint with a supervisory authority — but please email us first; it is faster.

7. Cookies

We use a small set of first-party cookies to keep you signed in, remember your preferences, and measure product usage. We do not use third-party advertising cookies. Full breakdown at /cookies.

8. Contact us

Questions, requests, or complaints about anything above: privacy@joinclin.com. We respond within five business days, usually faster. Our data protection lead is Marisa Wong.

Clin Financial, Inc. is the data controller for the information described in this policy. Mailing address: 548 Market Street, PMB 91408, San Francisco, CA 94104.