See where your money goes.
No upload required.
Drop in bank statements (CSV or PDF). The parser runs in this browser tab and writes results into a folder on your disk. Your statements never leave your machine — verifiable below.
Your data never leaves your machine.
Three reasons that's not just a marketing claim:
Browser-enforced
A strict connect-src 'self' CSP header tells your browser to refuse any outbound request, period. We don't have to be trustworthy — the browser blocks it for us.
Folder-scoped
You pick one folder. The app can see that folder and nothing else — not your Documents, not your Desktop, not anywhere. Close the tab and even that permission is gone.
Auditable in real time
Open DevTools, watch the Network panel during a real import. If anything were going out, you'd see it. The browser's the witness; we're not asking for your trust.
How to verify it yourself
1. Watch the network panel. Open DevTools → Network, process a CSV, and confirm the panel stays empty. Any outbound request would have shown up.
2. Check the CSP header. Run curl -I https://personal-finance-app-cj4.pages.dev and you'll see content-security-policy: ... connect-src 'self'; ... — that's what's enforcing it.
3. Pull the plug. Disconnect from the internet after the page loads, then process a file. It still works. That's only possible because nothing's being sent.
One honest caveat: this page itself is served from Cloudflare Pages, so Cloudflare sees that your browser asked for the page (same as any website). Your statement bytes never touch their servers — those go from your disk to your tab and back. If even that bothers you, the desktop app is fully offline after install.