We built Vault-Budget on a radical conviction: your financial life should never leave your device. Not in plaintext, not as metadata, not in a log, not even once.
Vault-Budget encrypts everything locally before any transmission. Our servers store cryptographic noise, nothing else. We are not a trusted partner promising to behave, we are technically incapable of reading your data.
AES-256-GCM for content, Argon2id for key derivation, HMAC-SHA-256 for integrity. No degraded mode, no marketing toggle, no plan-based compromise.
If you lose your passphrase and your BIP39 Recovery Kit, your data is unrecoverable. This may seem harsh, but it is the only serious zero-knowledge guarantee.
The app works offline by design. Multi-device sync is an end-to-end encrypted bonus, never a prerequisite.
No Google Analytics, no Facebook pixel, no third-party cookies. Our business model is subscription, not your data, not your attention, not your contacts.
Standardized .vault-budget format, VB01 magic bytes, documented schema. Leave whenever you want, take everything with you, attachments included.
Cryptographic contracts (vectors, formats, algorithms) are public. Third-party audits are welcome, under standard contractual clauses to protect security teams' work.
We publish the Vault-Budget cryptographic core as open source â the same code that encrypts your data in the browser, along with the zero-knowledge design documentation and the cross-platform test vectors (Web, iOS, iPadOS, Android, macOS, Windows). Any security team can read, replay, and audit it. To start an audit or report a finding, write to contact@vault-budget.com â the responsible-disclosure procedure is detailed in the SECURITY.md file of the repository.