Core idea:
- Transactions/accounts/budgets are encrypted on the client before sync (zero-knowledge storage).
- No bank integrations/credential sharing; you import CSV/XLS from your bank instead.
- Open source: https://github.com/whisper-money/whisper-money
- Demo (no signup): https://whisper.money (see “Demo”)
Tradeoffs/limitations:
- Because data is encrypted client-side, server-side “AI insights” and some global features are intentionally not possible.
- Key management and UX around recovery are hard; I’m still iterating on the right balance.
I’d love feedback on:
1. threat model assumptions and key handling,
2. how you’d design search/categorization on encrypted data,
3. what you’d want to see before trusting this with real financial history.
falcon_•1h ago
- Stack: Laravel 12 + React 19 + Inertia v2 + TypeScript + MySQL/Redis.
- Encryption code lives under src/lib/crypto (happy to point to specific files).
- Import is CSV/XLS; encryption happens before upload.
- Hosting/deploy: Docker + docker-compose, includes a production compose and a Coolify template.
If anyone has experience with audits / threat modeling for E2E apps, I’d appreciate pointers on what to formalize first.