privacy architecture local-first

Building a Privacy-First Finance App

PocketVault Team 2 min read

Why privacy matters for finance apps

Your financial data is some of the most sensitive information you have. It reveals where you shop, what you earn, your health spending, your political donations, and your daily habits. Yet most finance apps require you to hand over your bank credentials to a third-party aggregator like Plaid, which then has access to your entire transaction history.

We built PocketVault because we believe there’s a better way.

The local-first approach

PocketVault stores all your data in an encrypted SQLite database on your device. The encryption key lives in your device’s secure enclave (Android Keystore, Apple Keychain, Windows DPAPI, or Linux libsecret). No server ever sees your transactions.

This isn’t just a privacy feature. It’s an architectural decision that makes the app:

  • Faster: No network latency for every operation
  • Reliable: Works without internet, anywhere
  • Durable: Your data survives our company’s shutdown
  • Trustworthy: We can’t access your data even if we wanted to

The AI challenge

The hardest technical problem was AI. Every competitor sends transactions to cloud APIs for categorization and insights. We needed to run everything locally.

Our solution uses llama.cpp for on-device LLM inference and ONNX embeddings (all-MiniLM-L6-v2) for semantic vector search. The result is an AI assistant that understands your finances without ever seeing your data leave your phone.

What’s next

We’re continuously improving PocketVault’s on-device capabilities. The local-first architecture means every improvement stays private by default. Your finances are yours alone.