Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Safe Money – privacy-first finance tracker (safeapps.io)
27 points by dkzlv on June 25, 2021 | hide | past | favorite | 18 comments



These seem contradictory to me:

> End-to-end encryption > No user data leaves the client in plaintext.

> Smart import > Upload any OFX/CSV file from any bank in the world. Leave the rest to us.

Edit: To clarify, "No way for us to sell your data or even peek into it" is more the contradiction I had in mind than just end-to-end encryption.


Can you elaborate a little bit on what you find contradictory in these statements?


Sure... If the OFX/CSV we upload is encrypted before we upload it, how can you process it ("Leave the rest to us"). Conversely, if you are processing the OFX/CSV, how can you not peek into it?


Oh, I see.

OFX/CSV files are processed on the client-side, and we never get the raw file, only the processed and encrypted transactions. Does that make sense?


Ooooh, I get it! “Upload” is a bad word for that. Will change it to something else, thanks!


Yup, I think that's where the mental conflict comes from. How about "import"?


I don't think any word will do it justice. I would spell out that it's done client-side and what information is/isn't uploaded.


Founder here. I've been eager to make such a product for a very long time, so I very much hope you'll like it.

We're like Mint.com but open-sourced, with end-to-end encryption and anonymous signup. No way for us to sell your data or even peek into it.


What are the consequences of non-payment? Can the user still view their account in a frozen state and export their data?


Yes. We have a hard-limit of entities you can create. You only lose the ability to create new stuff, but you still can view and export everything.

We don't believe in taking data as a hostage.


Two questions that the page didn’t answer:

- can this import and sync my bank/credit card transactions?

- what is an entity (“150 free entities”)


I think "Smart import" answers your first question. But entities is a great question.

My own unanswered question:

Can this work offline?

I spend a lot of time in areas with no signal. So I am uncomfortable with apps that require a connection to a remote server to work with my own data. Besides connectivity issues, there is also the possibility of a poorly-timed service outage, or an eventual permanent shutdown. Bottom line, I have a strong preference for what I call the "KeePass" model: local-first encrypted data, that can be optionally synced for convenience.


Yes, it actually can! We do not have native apps, but you can install a PWA on any platform, including mobile and desktop. It will work in offline thanks to Service Workers.

The app itself is 100% rendered on the client side, so we are in that sense local-first. We use backend solely for data sync and authorization.


I can't decide if that answers my question or not. Maybe you can clarify.

If I start up the PWA with no connectivity (assuming I've previously run it where it can sync data) it will have the data already? The full data set, or just whatever subset was previously rendered? And will it be usable without a connection for authorization, or will it be locked?


It will have the full dataset and all features. Whatever you expect from a real offline mode :)


1. you can import bank statements. We aim to support all the banks our users have. 2. since we encrypt every bit of data on the client side, we cannot differentiate transactions from categories. So entity is anything you create within the product. Most often, it's a transaction.


Really unfortunate naming with the safe money polygon hack hitting the news today


At first I was afraid to open news, but hey, it's not that similar! There's a competitor of mine called everydollar. They have the same similarity, lol.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: