Hi HN — I’m Victor. I built Whisper Money, a personal finance tracker where your
financial data is end-to-end encrypted client-side before it ever reaches the
server (zero-knowledge style: the server stores ciphertext and shouldn’t see
plaintext transactions/accounts/budgets).
It’s aimed at people who want to track spending/budgets without giving a SaaS
provider access to raw financial data. There are no bank connections and no AI
processing — you can import transactions via CSV/XLS and everything is encrypted
locally before upload/sync.
Hi HN — I’m Victor. I built Whisper Money, a personal finance tracker where your financial data is end-to-end encrypted client-side before it ever reaches the server (zero-knowledge style: the server stores ciphertext and shouldn’t see plaintext transactions/accounts/budgets).
It’s aimed at people who want to track spending/budgets without giving a SaaS provider access to raw financial data. There are no bank connections and no AI processing — you can import transactions via CSV/XLS and everything is encrypted locally before upload/sync.
You can self-host it via Docker/docker-compose: https://github.com/whisper-money/whisper-money
There’s also a hosted version at https://whisper.money (paid).
Source is available under CC BY-NC 4.0 (non-commercial).
What I’d love feedback on from the HN crowd:
- Threat model review: what am I missing in the E2EE/“zero-knowledge” claims?
- Backup/restore expectations when encryption keys live only on clients
- What features you’d require before trusting it for real finances (e.g., OIDC/SSO, 2FA, audit logs, export formats)
Happy to answer technical questions about the architecture and encryption flow.