Zero-knowledge encrypted

Your data, encrypted
before it leaves your device.

inpensa is built on a zero-knowledge architecture. We genuinely cannot read your financial data — by design, not by policy.

🔐

Encrypted on your device

All financial data is encrypted using AES-256-GCM before it ever leaves your phone or browser.

🙈

Server sees only ciphertext

Our servers store encrypted blobs. There is no mechanism — not even for our engineers — to decrypt your data.

🔑

Your keys, your control

Encryption keys are derived from your password on your device. We never have access to your keys.

How zero-knowledge encryption works

1

You enter your password

When you create your account, your password is never sent to our servers. Instead, it's used locally to derive an encryption key using PBKDF2 — a standard key derivation function. This process happens entirely on your device.

2

Your data is encrypted

Before any financial record leaves your device, it's encrypted with AES-256-GCM using that derived key. What gets sent to our servers is unreadable ciphertext — meaningless without your key.

3

We store encrypted blobs

Our database holds encrypted records. There is no decryption path on the server. No admin panel. No support ticket escalation. No court order can produce readable data from our servers — because it isn't there.

4

You decrypt locally

When you open inpensa, your key is re-derived from your password, and data is decrypted on your device before being displayed. The raw data never touches our infrastructure.

What the server never sees

  • Transaction amounts or descriptions
  • Merchant names or categories
  • Account balances or names
  • Debt amounts or who you owe
  • Subscription names, amounts, and notes
  • Budget limits or targets
  • Any Vault contents
  • Your encryption key or password

For recurring payments, sensitive content — the subscription's name, amount, notes, and any payment-method or account details — is encrypted on your device. Only minimal, non-sensitive metadata (renewal dates and a search token) is stored server-side, so reminders fire on time and search works across devices. All spending totals are computed locally from your decrypted data.

Private Vault — deniable encrypted space

For your most sensitive financial records, inpensa offers a Private Vault — a space that doesn't appear anywhere in the app's visible interface. It has no label, no icon, no notification preview, and leaves no browser history.

The Vault uses its own separate encryption key, completely isolated from your main data. Even if someone had access to your unlocked main app, Vault contents remain protected by a separate access mechanism.

This is deniable by design: there is no UI pathway that reveals the existence of the Vault to a casual observer.

Compliance

GDPR

Full compliance — right to delete, data portability, no third-party data sharing.

CCPA

We don't sell your data. We can't — it's encrypted and unreadable to us.

No ads

No advertising. No data brokers. No third-party analytics with PII.