Coffer can't be breached because there's no server to breach. Your financial data lives in your browser's IndexedDB, sandboxed to the Coffer origin, and never transmitted anywhere.
Most finance apps store your data on their servers. Coffer stores nothing — there is no server, no database, no authentication service, and no API that touches your financial information.
The entire application — UI, logic, calculations — runs in your browser. After the initial page load, Coffer works fully offline.
IndexedDB is isolated per origin by the browser. No other website, tab, or application can access Coffer's stored data.
No analytics, no tracking pixels, no error reporting. Coffer makes zero network requests after the initial load — unless you opt into AI features.
Coffer stores the financial data you enter — nothing more. Here's exactly what lives in IndexedDB, and what doesn't.
No system is perfectly secure. Here's an honest assessment of what protects your data, what could compromise it, and what the actual risk looks like.
IndexedDB is isolated per origin. Other websites and apps cannot read Coffer's data. This is enforced by the browser engine, not by Coffer.
With no server, there's no API to exploit, no database to breach, no credentials to leak, and no supply chain of backend services to compromise.
Anyone with physical access to your unlocked device can open the app. Use a screen lock, and be mindful of shared devices. This is the same as any app on your phone.
Browser extensions with broad permissions can read any page's data, including IndexedDB. Only install extensions you trust from known publishers.
A cross-site scripting vulnerability could access stored data. Coffer mitigates this with no user-generated HTML rendering and strict Content Security Policy headers.
Coffer stores spending patterns, balances, and financial goals — not bank credentials or government IDs. A breach reveals your financial picture, not the keys to your accounts.
AI features are opt-in and require you to bring your own API key. Enabling them is the only time Coffer makes network requests.
Coffer never comes with API keys. You paste your own key from Anthropic, OpenAI, or Google, and it's stored in your browser's IndexedDB — same as all other data.
When AI features run, relevant transaction and account data is sent directly from your browser to the vendor you selected (Anthropic, OpenAI, or Google) over HTTPS. Coffer never sees or proxies this traffic.
AI features are fully optional. Every feature in Coffer — all thirteen sections, budgets, goals, investments, taxes, estate planning — works without any API key or network connection.
Since there's no server-side copy, losing your browser data means losing your financial data. Coffer makes it easy to back up, but the responsibility is yours.
One-tap compressed JSON export from Settings. Contains your entire vault — all accounts, transactions, budgets, goals, and configuration.
Use your device's native share sheet to send the backup to any app — cloud storage, messaging, email, or AirDrop to another device.
Restore from a backup file on any device. Open Coffer, go to Settings, and import. Your vault is rebuilt exactly as it was.
Coffer is open source under an MIT + Commons Clause license. Every line of code that touches your data is public, auditable, and forkable. If you don't trust the hosted version, clone it and run your own.
View on GitHub