Transparency & Security
On this page, we explain with full transparency how Local Finance works under the hood: what stays on your device, what is sent to external servers, and in which situations that happens.
Summary
| Feature | Data sent | Destination |
|---|---|---|
| General use | None | — |
| Login | Email, name | Our server |
| Backup | Encrypted data (AES-256) | Sync |
| AI (photo/file) | File + categories | Nothing is stored |
| AI (voice) | Audio + categories | Nothing is stored |
| PRO subscription | Payment data | Plan, status, history |
Your financial data
All your transactions, categories, wallets, credit cards, budgets, and settings are stored exclusively on your device using IndexedDB (a local browser database). No financial data is saved on our servers.
This means the app works normally even without an internet connection. Your data is yours and stays on your device.
Local encryption
You can protect your financial data with local encryption by setting up a 4-digit PIN or your device's biometrics (fingerprint or face recognition). When enabled, sensitive fields of your transactions (amounts, descriptions, observations) are encrypted with AES-256-GCM directly on your device, before being stored in the local database.
Data remains encrypted while the app is locked. When you unlock with your PIN or biometrics, a session key is derived and held in memory, allowing data to be decrypted in real time while you use the app. When you close the app or after a period of inactivity, the key is discarded and your data is protected again.
This protection is optional and entirely local — the encryption key never leaves your device.
Login and authentication
Login is optional and only required for Google Drive connection and PRO features. The data stored on the server includes: email, name (if provided via Google), session identifier, and basic device information (for connected device management).
No financial data is linked to your account on the server.
Google Drive backup
When you enable Google Drive backup, your financial data is encrypted with AES-GCM-256 (a military-grade encryption algorithm) before leaving your device. The encrypted file is sent directly to your personal Google Drive.
The encryption key is generated by our server and stored securely in our database, linked to your account. This is necessary to allow you to restore your backups and sync data across multiple devices. Your data is protected against external access.
Cross-device sync
Sync uses the same AES-GCM-256 encryption as backup. Data is encrypted on the source device, sent to Google Drive, and decrypted on the destination device. The key used is the same as for backup, stored on the server.
AI features (PRO)
Smart import features use the Google Gemini API to process your data. Here's what is sent in each mode:
Photo or file import
Images are compressed locally (max 1920px, 70% quality) and sent in base64 format to our server, which forwards them to the Google Gemini API for transaction extraction. CSV and TXT files are sent as plain text. Along with the file, your category names (for automatic classification), default currency, date format, and language are also sent.
Voice import
The recorded audio is sent in base64 to our server, which forwards it to the Google Gemini API. Gemini first transcribes the audio and then processes the transcription to extract transactions. No audio or transcription is stored — neither on the server nor on the device. Only the extracted transactions are returned to the app.
In all modes, data is processed in server memory and discarded after the response is returned. No file, image, audio, or transcription is permanently stored.
The server logs metadata for each AI call (tokens consumed, model used, and cost) for credit tracking. No content from your files or audio is included in this log.
Payments and PRO subscription
Payment processing is handled entirely by Stripe. No credit card data passes through our server. We only store: Stripe transaction ID, subscribed plan, amount, currency, subscription status, and AI credit balance.
This data is used exclusively for managing your subscription and credits. It is not personal financial data — it is administrative data about your plan.
Features without data sending
All other app features — including transactions, categories, wallets, cards, budgets, reports, transfers, adjustments, and local export — work 100% offline and do not send any data to any server.
These features are free, unlimited, and do not require login.