Hi HN — I’m Victor. I built Whisper Money, a personal finance tracker where your
financial data is end-to-end encrypted client-side before it ever reaches the
server (zero-knowledge style: the server stores ciphertext and shouldn’t see
plaintext transactions/accounts/budgets).
It’s aimed at people who want to track spending/budgets without giving a SaaS
provider access to raw financial data. There are no bank connections and no AI
processing — you can import transactions via CSV/XLS and everything is encrypted
locally before upload/sync.
Hi HN — I’m Victor. I built Whisper Money, a personal finance tracker where your financial data is end-to-end encrypted client-side before it ever reaches the server (zero-knowledge style: the server stores ciphertext and shouldn’t see plaintext transactions/accounts/budgets).
It’s aimed at people who want to track spending/budgets without giving a SaaS provider access to raw financial data. There are no bank connections and no AI processing — you can import transactions via CSV/XLS and everything is encrypted locally before upload/sync.
You can self-host it via Docker/docker-compose: https://github.com/whisper-money/whisper-money
There’s also a hosted version at https://whisper.money (paid).
Source is available under CC BY-NC 4.0 (non-commercial).
What I’d love feedback on from the HN crowd:
- Threat model review: what am I missing in the E2EE/“zero-knowledge” claims?
- Backup/restore expectations when encryption keys live only on clients
- What features you’d require before trusting it for real finances (e.g., OIDC/SSO, 2FA, audit logs, export formats)
Happy to answer technical questions about the architecture and encryption flow.
Looks promising, but what does it actually do? Could you share some screenshots of the actual product?
there are some screenshots on the landing page https://whisper.money/
You have to manually upload all your balances? Or how does it work? Wouldn't keeping it up to date a hastle?