This isn't a privacy policy that explains how we handle your data responsibly. It's simpler than that — we never receive it in the first place.
There is no sign-up, no login, no user account. Coffer doesn't know who you are and has no mechanism to identify you.
No Google Analytics, no Mixpanel, no Segment, no tracking pixels. We don't measure page views, sessions, clicks, or anything else.
Coffer sets no cookies. Your preferences and data are stored in IndexedDB and localStorage, visible only to the Coffer origin.
There is no backend that receives, processes, or stores your financial data. The app is static files served from a CDN.
No advertising SDKs, no social widgets, no embedded trackers. The only external resources are Google Fonts for typography.
Errors stay in your browser console. We don't use Sentry, Bugsnag, or any crash-reporting service that would phone home with context about your session.
All financial data you enter into Coffer is stored in your browser's IndexedDB. It never leaves your device unless you explicitly export it.
Your transactions, accounts, budgets, goals, and all other financial data live in IndexedDB — a browser-native database sandboxed to the Coffer origin. No other website can access it.
A small amount of non-financial state — theme preference, backup reminder timestamps, install prompts — is stored in localStorage. No financial data is kept here.
The PWA caches application assets (HTML, CSS, JavaScript) for offline use. This cache contains no user data — only the app shell needed to load without a network connection.
AI features are the only scenario where data leaves your device. Here's exactly what happens.
Zero network requests. Coffer functions entirely offline after the initial page load. This is the default.
You provide your own API key from Anthropic, OpenAI, or Google. When AI features run, relevant financial data is sent directly from your browser to your chosen vendor over HTTPS. Coffer never sees, proxies, or stores this traffic.
Each vendor has its own data handling policies. By providing an API key and enabling AI features, you are choosing to share data with that vendor under their terms. Coffer has no relationship with these vendors beyond using their public APIs.
There are no terms of service governing your data because we never have it. But for clarity:
Your complete dataset can be exported as compressed JSON from Settings at any time, with no restrictions or rate limits.
Clear your browser data and it's gone. There are no backups on our side, no "soft delete" period, no data retention policy. Deletion is instant and permanent.
Coffer is open source. You can fork the code, export your data, and run your own instance. Your financial data is never held hostage.
This marketing site is a static Astro site hosted on GitHub Pages. It sets no cookies, runs no analytics, and collects no visitor data. The only external resource loaded is Google Fonts.
Last updated: April 2026