BUSINESSILY
Security & architecture

Security you can actually verify.

Where your data lives, how it's built — and, because honesty is the point, what we don't protect yet. No "bank-level security" slogans.

Open the free web app Read the privacy policy
0
full SSNs/EINs in the cloud
0
bank logins, ever
0
storage modes: device or cloud
$0
cost · no ads, no data sale
Defense in depth

How a record is protected.

Every save on the web passes through three layers.

1 · Encrypted in transit

HTTPS/TLS on every connection — protected on the wire.

2 · Row-level isolated

PostgreSQL RLS locks every row to your account — even from us.

3 · Tax IDs stripped

The schema has no column for full SSN/EIN — only a masked last-4.

Our promises

Each one is true because of how it's built.

Properties of the system — not policies we could quietly change.

Full SSNs & EINs never reach the cloud.

The database has no column for the full value — only a masked last-4. Architecture, not policy.

No bank logins. Ever.

No Plaid-style aggregator. You import a CSV/OFX/QFX file, parsed locally. Credentials have nowhere to go.

On Apple devices, nothing leaves.

iPhone, iPad and Mac store everything on-device with SwiftData and work offline. Sync is opt-in.

Row-level isolation on the web.

PostgreSQL Row-Level Security locks every row to its owner — the database refuses other accounts' rows, including to us.

No ads. No data sale. No trackers.

Independent and bootstrapped, not advertiser-funded. Your records aren't a product — there's nothing to sell.

Export or delete anytime.

Export to CSV/PDF whenever you like; deleting your account removes your cloud rows. No retention games.

Where your data lives

Two paths, both private by default.

Apple apps and the web app store data differently. Here's exactly what's true for each.

On iPhone, iPad & Mac

  • All data stored on-device with SwiftData
  • Works fully offline
  • Optional sync via your own iCloud (CloudKit)
  • Or an optional cross-platform private cloud — your choice
  • Nothing sent to our servers unless you turn on sync

On the web app

  • Private cloud (Supabase PostgreSQL), isolated by Row-Level Security
  • Statement files parsed in your browser before anything saves
  • Encrypted in transit (TLS) and at rest
  • Never your full SSN or EIN — only a masked last-4
  • No bank credentials, no ads, no analytics resale, no brokers

Web auth starts anonymous; add an email magic-link or password later if you want. More in the FAQ →

How it's built

The stack, layer by layer.

The apps

SwiftUI on Apple (SwiftData, local) · React + Vite web on Cloudflare Pages. They parse your statements, so less leaves your device.

The private cloud

Supabase PostgreSQL with Row-Level Security · Edge Functions for sensitive work · Auth for anonymous, magic-link & password sign-in.

In transit & at rest

HTTPS/TLS on the wire, provider encryption at rest — and full tax IDs aren't there to encrypt in the first place.

Tax IDs, by schema

  • Masked last-4 stored, so you recognize the record
  • No column exists for the full SSN or EIN
  • A breach can't leak what was never collected

Payments, by design

  • Optional card payments run through your own Stripe
  • Money goes directly to you — we never hold funds
  • We never store your Stripe secret keys
Full transparency

What we store — and what we never do.

If your data syncs to the cloud, here's exactly what's in there. No surprises.

Stored in the cloud

  • Business records: clients, invoices, income, expenses
  • Appointments, mileage logs and bookkeeping entries
  • A masked last-4 of any tax ID — never the full number
  • Your account identifier, so RLS can lock rows to you

Never stored

  • Your full SSN or EIN — there's no column for it
  • Bank credentials — there's no aggregator to capture them
  • Plaintext passwords — Auth handles them; we never see them
  • Stripe secret keys, ad profiles, or anything sold to brokers
Honest limitations

What we can't promise yet.

A security page that only lists strengths is an ad. Here's the candid version.

We're early and independent.

No SOC 2 or ISO 27001 audit yet — real, expensive milestones we haven't reached. If a formal attestation is a hard requirement today, you should know up front.

The web tier is isolated, not zero-knowledge.

The web app is not end-to-end encrypted. The cloud can process your non-secret records to sync them — but can't read your full tax IDs (not stored), and RLS blocks any other account. For the strongest privacy, use the Apple apps on-device.

How to judge it

Strongest privacy: Apple apps (coming soon), on-device or your own iCloud. Web app: records live in an isolated private cloud, full tax IDs never do, nothing is ever sold. Pick the trade-off that fits — questions to honorius@neogy.dev.

See how this compares to other tools →

Privacy you can read, line by line.

You know exactly where your data lives. The web app is free, and your numbers stay yours.

Open the free web app → Explore the features