Hi HN — I’m Victor. I built Whisper Money, a personal finance tracker where your financial data is end-to-end encrypted client-side before it ever reaches the server (zero-knowledge style: the server stores ciphertext and shouldn’t see plaintext transactions/accounts/budgets).

It’s aimed at people who want to track spending/budgets without giving a SaaS provider access to raw financial data. There are no bank connections and no AI processing — you can import transactions via CSV/XLS and everything is encrypted locally before upload/sync.

You can self-host it via Docker/docker-compose: https://github.com/whisper-money/whisper-money

There’s also a hosted version at https://whisper.money (paid).

Source is available under CC BY-NC 4.0 (non-commercial).

What I’d love feedback on from the HN crowd:

- Threat model review: what am I missing in the E2EE/“zero-knowledge” claims?

- Backup/restore expectations when encryption keys live only on clients

- What features you’d require before trusting it for real finances (e.g., OIDC/SSO, 2FA, audit logs, export formats)

Happy to answer technical questions about the architecture and encryption flow.