What does zero-knowledge mean?
Zero-knowledge means that nobody — not even the developers of beanies.family — can access your data. All encryption and decryption happens entirely in your browser.
Design principles
- No server-side storage — We don't run a database. Your data lives on your device and optionally in your own Google Drive.
- No password transmission — Your password never leaves your browser. It's used locally to derive encryption keys.
- No analytics on data — We can't compute on, index, or profile your financial information.
- Open encryption — We use standard Web Crypto API algorithms (AES-256-GCM, PBKDF2, AES-KW) with no custom crypto.
The only server-side component is a stateless OAuth proxy for Google Drive token exchange. It processes OAuth tokens — never your pod data.
What Google sees
If you use Google Drive sync, Google stores your .beanpod file — but it's fully encrypted. Google sees the file name and size, but the contents are indistinguishable from random data without your password.
What we collect to keep the app working
To find and fix bugs, beanies.family collects anonymous diagnostic logs on our own servers. These contain no names, balances, transactions, photos, or anything you type — only a random family identifier, which screen you were on, your browser and version, and technical error details. They are kept for 90 days and then deleted automatically.
Diagnostic logs are not your family data. Your financial data stays encrypted and never leaves your control — the diagnostics only describe that something failed and where, never what your data contains. They live in our own infrastructure, not a third-party analytics service.