Your financial data never leaves your device.
Your portfolio, transactions, and theses are stored encrypted and separated per user in your own database. There is no central data pool anyone could scrape — only narrow, clearly documented price lookups leave the server, never your holdings.
Local & encrypted
Portfolio data is stored encrypted (SQLCipher in local mode, per-user schema in Postgres in server mode) — your access key is derived from your password (PBKDF2-SHA256), never stored in plaintext.
No data business
No advertising, no data sales, no affiliate broker links. Portfo-Leo earns from the software, not from your data.
No aggregator lock-in
No mandatory Plaid/Yodlee connection to your bank. Account sync (Bybit, KuCoin, on-chain) is opt-in and runs directly against the respective source — not through a third-party intermediary.
What others do — and we don't
| Typical cloud tracker | Portfo-Leo | |
|---|---|---|
| Data storage | central cloud database | local / encrypted per user |
| Business model | ads / affiliate / AUM | paid software |
| Account connection | third-party aggregator (Plaid/Yodlee) | local / opt-in, direct to source |
| Affected by a breach? | central honeypot — all users at once | no central data pool |
| Server location | often USA or unclear | Germany (GDPR) |
| Access to your assets | sometimes trading/wallet features | read-only — can't move anything |
Example, stated factually and without gloating: in 2024, crypto tracker CoinStats had a central user database compromised — a risk that arises structurally whenever many user portfolios live in one place. Portfo-Leo avoids exactly this central data pool.
Location, law & access
- Servers in Germany — full GDPR. Data access, export, and account deletion are built right into the app, not just promised.
- Read-only by design: Portfo-Leo holds no assets (no custody) and executes no trades. Account sync only needs read permissions — the app cannot move anything.
- Data minimization: we only store what tracking requires — data that doesn't exist can't be scraped or requested by anyone.
- No data sharing with third parties. Authorities receive data exclusively under a legal obligation — and then only what the law requires.
What goes out, and where
Every network connection Portfo-Leo makes in normal operation — complete, with no hidden calls. Only ticker/symbols (e.g. "BTC") are ever transmitted, never your holdings, amounts, or username.
| Provider | Destination | What is transmitted | Why |
|---|---|---|---|
| Binance | api.binance.com | Ticker symbol (e.g. BTCUSDT) | Primary, key-less price source for crypto — fast, no rate limit in normal operation. |
| KuCoin | api.kucoin.com | none (one call returns all spot tickers) | Fallback for coins not listed on Binance. |
| Gate.io | api.gateio.ws | none (one call returns all spot tickers) | Another key-less fallback for smaller/newer coins (e.g. HYPE). |
| CoinGecko | api.coingecko.com | CoinGecko ID(s) of the coins | Fallback price source with broad coin coverage; optional own API key possible. |
| CryptoCompare | min-api.cryptocompare.com | Ticker symbols (batch) | Another fallback for mid-/long-tail coins if the previous sources return nothing. |
| DexScreener | api.dexscreener.com | Contract address (public, on-chain anyway) | Price lookup for tokens without a CoinGecko/exchange listing (DEX/meme coins). |
| yfinance / Yahoo Finance | query1/query2.finance.yahoo.com | Exchange symbol (e.g. AAPL, OERL.SW) | Price source for stocks, ETFs, and commodities. |
| Anthropic (Claude) | api.anthropic.com | only when actively used: your question + selected position data | Optional AI analysis — off by default, sends nothing unless activated. |
Stooq — fallback price source for stocks (only when Yahoo has no data).
Technical details (for pros)
Encryption & passwords
- Passwords are never stored in plaintext — hashed via PBKDF2-SHA256 (200,000 iterations) with an individual salt.
- In local mode your database sits SQLCipher-encrypted on disk; in server mode each user gets their own Postgres schema. The access key is likewise derived from your password + salt via PBKDF2 — it only exists while you're logged in.
2FA & session
- 2FA (TOTP, RFC 6238) can be enabled optionally — a 6-digit code from any standard authenticator app, with backup codes (also PBKDF2-hashed) for emergencies.
- Login runs via a session cookie; after logout or expiry, the session is invalid.
Backup
Backups (local file or Postgres dump) stay on your own infrastructure — there is no automatic upload to a third party.
Self-host
Portfo-Leo can also be fully self-hosted — then nothing but the price lookups listed above ever leaves your own machine.
