Your data is yours.

Vault does not collect or store any personal financial data on its servers. We don't run an analytics pipeline on your transactions, your net worth, your accounts, or anything else you put into Vault. There is no database we own that contains your financial life.

If you choose to sign in (so your data syncs across your devices), Vault encrypts everything in your browser, before it leaves your computer. The encrypted payload is stored on Walrus, a decentralised storage network, using a key derived from your Google sign-in.

The practical result: even Vault cannot read your data. We hold no decryption key. If you stop using Vault, the encrypted blob is unreadable to anyone, including us.

The only personal information processed during sign-in is a Google account identifier, used once to derive your cryptographic identity. This is not stored on Vault's servers.

If you skip the sign-in step, all your data stays entirely on your own device, in your browser's local storage. It never leaves your computer. Vault has no idea what you've entered — there's no server call, no upload, no sync.

The trade-off is that your data is tied to that one browser on that one device. Clearing your browser data, or switching devices, means starting fresh.

This site uses cookies only for Google sign-in functionality. We don't use tracking cookies, analytics cookies, or advertising cookies. If you don't sign in, no cookies are set for the app's own functionality.

The handful of third parties Vault touches when you use it:

• Google — only if you sign in, and only to issue and verify your identity token.
• Walrus — stores your encrypted blob if you sign in. Walrus cannot read it.
• Anthropic — only if you use the bank-statement import feature, and only for the duration of one parse request. Your file is sent through a Vault-operated proxy that strips identifying information and passes only the parse result back to your browser. No record of the file is retained.
• Live price feeds (CoinGecko, FMP, Yahoo Finance) — these are read-only public endpoints that don't know who's calling.

Because we hold no readable copy of your data, the usual data-access / data-deletion requests don't apply in the typical sense — there is nothing for us to give you or delete on your behalf. You already have everything, and you can delete it yourself from the app's Settings.