# Clarity App — Security Model

> The app handles sensitive financial data, so public machine-readable access is limited to safe docs and API descriptions.

## Security Principles

- Read-only financial visibility
- Authenticated access for user-specific data
- Security headers, CSP, and request validation on app traffic
- No public markdown rendering of account-specific routes

## Public Machine-Readable Surface

- `llms.txt` for high-level capability discovery
- `llms/*.md` for app-specific public documentation

## Key Links

- App llms index: https://app.useclarity.app/llms.txt
- Site security page: https://useclarity.app/legal/security