This page describes security design goals and implemented controls. It is not a guarantee that vulnerabilities, failures, data loss, or unauthorized access can never occur.
Desktop and local data
- Financial records are stored in a local SQLCipher database.
- Local encryption keys are protected using Windows security mechanisms.
- Local backup archives use authenticated encryption.
- The website does not receive the user’s normal ledger, budget, debt, family, or business records.
Website and licensing service
- HTTPS is required in production through Cloudflare and Railway.
- License keys are stored as cryptographic hashes; secure purchase fulfillment uses an encrypted temporary delivery copy.
- Device fingerprints are hashed before storage.
- Stripe-hosted checkout handles payment-card entry.
- Strict content security, frame, referrer, permissions, and content-type headers reduce browser attack surface.
Administrator dashboard
- Access requires a strong administrator secret stored only in Railway variables.
- Successful login creates a short-lived, signed, HTTP-only, SameSite=Strict session cookie.
- State-changing requests require a matching CSRF token.
- The dashboard can add, edit, suspend, rotate, and remove licenses and deactivate device activations.
- Existing plaintext license keys are not displayed. A replacement key can be generated and shown once.
Application firewall and network protection
- Requests are rate-limited by IP and route category.
- Repeated administrator login attempts receive a stricter limit.
- Oversized request bodies, disallowed methods, blocked IPs, untrusted hosts, and common scanner paths are rejected.
- An optional administrator IP allowlist can restrict dashboard access to approved addresses.
- Cloudflare WAF, bot protection, TLS, DNS controls, and Railway private networking should remain enabled as the outer network layer.
User security responsibilities
Users must keep Windows updated, use device encryption and strong account passwords, restrict physical access, protect license and recovery keys, maintain tested backups, and avoid placing the database or backups in untrusted shared folders. Security problems should be reported through the official support contact without including financial records unless specifically requested through a secure process.