When you open a typical finance app and enter your expenses, where does that data actually live? Usually on a server somewhere, protected by a password and maybe some encryption. But here's the uncomfortable truth: the company running that server can almost always access your data if they want to — or if a hacker compromises their systems.
We didn't think that was good enough. Not for the place where you store your most private numbers: how much you earn, what you owe, where you spend, and what you're saving for.
What Zero-Knowledge Actually Means
Zero-Knowledge means exactly what it says: we, as the service provider, have zero knowledge of your data. Your information is encrypted on your device before it ever touches our servers. The encryption keys are derived from a master password that only you know. We don't store it. We can't reset it. We can't hand it over to anyone.
We built this using a two-layer encryption architecture: a Key Encryption Key (KEK) derived from your master password via PBKDF2 with 600,000 iterations, and a Data Encryption Key (DEK) that actually encrypts your records with AES-256-GCM. Even if someone gained access to our database, all they would see is meaningless ciphertext.
This changes everything.
With v4.0.0, we ripped out the old data model and replaced it with a Zero-Knowledge Vault. Every. Single. Module. Encrypted. Nobody — not us, not Google, not a government subpoena — can read your data.
The 12-Word Recovery Mnemonic
But what if you forget your master password? We can't reset it for you — that would defeat the purpose. Instead, we generate a 12-word mnemonic recovery phrase using cryptographically secure random values when you first set up your vault. Write it down, store it somewhere safe, and you can always recover your data even if you lose your device or forget your password.
This is the same approach used by cryptocurrency wallets, and for the same reason: when you hold the keys, you hold the power. We simply provide the infrastructure.
Why This Matters for an Expense Tracker
You might think, 'It's just expenses. Who cares?' But your spending patterns reveal everything about you: where you live, where you work, your health concerns, your relationships, your habits. That data is valuable — to advertisers, to data brokers, to bad actors. By making it technically impossible for us to access your data, we remove that risk entirely.
This isn't just a feature. It's a statement of values. We believe that privacy isn't a premium add-on. It's the foundation.
What We Built
The Zero-Knowledge Vault launched in version 4.0.0 and now protects every module in the app: expenses, budgets, debts, lendings, goals, subscriptions, investments, contacts, notes, and even your file storage. It includes single-session enforcement (logging in from a new device invalidates the old one), RAM-only key management, and secure IndexedDB caching with device fingerprinting.
We also completed a comprehensive security audit of the cryptographic core and fixed four critical vulnerabilities before launch. Because when it comes to your money, 'good enough' isn't good enough.
