Privance
Sign inSign up
§ 01Privance · personal finance, encrypted

Track your wealth.Privately.

A self-hostable personal finance app that runs on your server and keeps your data unreadable to anyone but you. Open source. Zero-knowledge encryption. Yours.

Sign upRead the protocol
AES-256-GCM/Argon2id/BIP39 recovery/AGPL-3.0 licensed/invite-only beta
§ 02Features

Available now. More on the way.

01
live

Accounts

Bank, brokerage, retirement, manual. Add and update them on your device; only ciphertext leaves your browser.

02
live

Holdings

Every security and crypto position with cost basis. Decrypted only on your device, never on the wire.

03
live

Dashboard

Net worth and composition at a glance, computed locally from your encrypted records.

§ 03Protocol

What zero-knowledge actually means.

The server learns nothing about the contents of your finances, because it cannot. Three well-studied primitives keep it that way.

on your device
master password
↓ argon2id
KEK
↓ unwraps
DEK
↓ aes-256-gcm
ciphertext
in-memory only
cleared on lock or tab close
over TLS
→ bytes →
on your server
ciphertext (bytes)
↓ stored as-is
Postgres 17
+
audit log
+
plaintext
no plaintext, ever
no recovery escape hatch
step / 01

Choose a master password

We stretch it with Argon2id and derive your key encryption key locally. You write down a BIP39 recovery phrase, once. That phrase plus your password is the only thing standing between you and your data.

Argon2id · BIP39
step / 02

Encrypt on your device

Every record is sealed with AES-256-GCM in your browser, bound to a per-record AAD that prevents record swapping, downgrade attacks, and cross-kind confusion. The key never leaves memory.

AES-256-GCM · HKDF
step / 03

Sync to a server you trust

Encrypted blobs sync to the Postgres you own. Open Privance on another device, unlock with the same password, and your data decrypts locally. Lose the device, your data is unaffected. Lose the password and recovery phrase, it is gone, by design.

Postgres 17 · idempotent sync
§ 04Tenets

Four non-negotiables.

01
AES-256-GCM · per-record AAD

Zero-knowledge

Every record is sealed with AES-256-GCM in your browser before it touches the network. The server stores ciphertext and an audit log. No plaintext. No master key. No escape hatch.

02
Bun · Hono · Postgres 17

Self-hostable

One compose file. Bring your own VPS, an old laptop, a Raspberry Pi. The hosted instance at privance.app runs the same image you would. No vendor lock-in by construction.

03
AGPL-3.0 · pinned · zero telemetry

Open source

Every line of client, server, and crypto is auditable. Dependencies are exact-pinned, never carets, never tildes. No telemetry, no analytics, no funnels. AGPL-3.0 licensed.

04
manual entry · CSV import (soon)

No bank linking

We do not integrate with Plaid, MX, or any aggregator. Connecting them would mean a third party reads your transactions in plaintext. That breaks the model. Manual entry and CSV keep the guarantee honest.

§ 05Threat model

What we protect against, and what we don’t.

we protect against
  • +Server compromise. Database dumps yield ciphertext, not balances.
  • +Subpoena of the operator. We cannot decrypt what we do not hold the key to.
  • +Insider access. No staff key, no master, no backdoor.
  • +Record tampering. Per-record AAD detects substitution.
  • +Key versioning attacks. Parameter versions bind into the AAD.
we don’t protect against
  • A compromised device. If your machine is keylogged, your password is gone.
  • A weak master password. Use the recovery phrase as the strong backup.
  • Losing both password and phrase. There is no recovery. Yes, really.
  • Traffic-pattern analysis at scale. We minimise but cannot eliminate metadata.
  • Bugs in the cryptographic libraries we audit and pin.
§ 06FAQ

The honest answers.

What if I forget my master password?
Use your recovery phrase to set a new one. If you lose both, your data is unrecoverable. We cannot reset it because we do not have it. That is what zero-knowledge means.
Can the operator see my balances?
No. The server stores ciphertext bound to a per-record AAD. Encryption and decryption happen in your browser, against a key derived from your password. Compromise the database and an attacker walks away with opaque bytes.
Why no bank linking?
Aggregators have to see your data. That is their job. Connecting them would mean a third party reads your transactions in plaintext, breaking the privacy guarantee. Manual entry keeps the model honest.
Self-host or hosted?
Both. The hosted instance at privance.app is a deployment of the same Docker image you would run. Hosted is invite-only during beta; self-host is unrestricted.
Can I install it on my phone?
Yes. Privance is a Progressive Web App. Open it in Safari, Chrome, or Edge and use "Add to Home Screen" to install it like a native app. Same SQLite-on-device store, same encryption everywhere.
What if Privance shuts down?
You can move. Self-host the whole product as a single Docker compose file. Your data lives on devices and a Postgres you own. The hosted instance going down has no bearing on a self-hosted one.