How we look after your money data.

Whatever you put into the app: your accounts, the transactions you log, your budgets, categories, tags, notes. Plus the basics any sign-in needs — your email address, an encrypted password (or just an email if you use the magic-link flow), and a journal name.

We don't collect anything you didn't type. No bank-account scraping, no contact list, no location, no third-party analytics fingerprint.

Your data is stored in Supabase (Postgres on AWS, managed by Supabase). The hosting region is in Asia-Pacific so the round-trip from Indonesia stays short.

The app itself runs on Vercel. Vercel terminates HTTPS for okaneku.com and forwards requests to our server functions; it does not store your money data.

• In transit: every request to and from okaneku.com uses HTTPS (TLS 1.2 or newer). The same applies between our server and Supabase.
• At rest: the Supabase database is stored on disks encrypted with AES-256. Database backups are encrypted the same way.
• Auth tokens:your session is kept in an HTTP-only, Secure, SameSite cookie — JavaScript on the page can't read it, and it can't be sent from a different site.
• Cross-journal isolation:Postgres Row Level Security policies on every table ensure no journal can read another journal's rows, even if a software bug tried to fetch them.

End-to-end encryption (optional): if you enable E2EE in Settings, sensitive data such as transaction amounts, notes, account names, category names, and tags is encrypted on your device before it reaches the server. The server stores only encrypted data and a locked version of the data key.

Your E2EE Passphrase is separate from your Okaneku login password. We do not store your E2EE Passphrase or recovery phrase on the server, so we cannot see, change, or recover it.

If you forget your E2EE Passphrase and lose the recovery phrase, encrypted data cannot be opened again by anyone, including Okaneku.

Some information still needs to be stored outside E2EE so the app can function, such as your account email, transaction dates, currencies, and relationships between records.

When E2EE is enabled, some actions can feel slightly slower, especially unlocking, export, search, or encrypting existing data. This happens because sensitive data is processed on your device instead of being processed directly on the server.

For E2EE journals, AI features run only after you give explicit consent on screen. When you consent, your browser sends the decrypted context needed for that request to Anthropic Claude. Without consent, AI cannot read encrypted data from the server.

Only you, and anyone you've explicitly invited to your journal. We enforce this at the database level with Postgres Row Level Security (RLS): every query is scoped to your journal, so even a software bug can't accidentally surface another household's transactions.

The maintainer (the founder behind Okaneku) has technical access to the database for debugging and backups, the way any small-team app does. We don't routinely look at your records, and we don't share them with anyone.

When you ask a question in the chat, or use the AI quick-add ("lunch warung soto 45rb BCA"), the text you type is sent to Anthropic (the company behind Claude) so the model can read it and reply. To answer money questions, the assistant may also fetch a small summary of your data — your account balances, recent transactions, or spending in a category — but only for the question you just asked, and only within your own journal.

Receipt photos:when you tap the camera button on the AI tab to scan a struk, the photo is sent once to Anthropic so Claude can read the merchant, total, and date off the paper. We don't save the image — it's held in memory just long enough to forward upstream, then dropped when the response comes back. The extracted fields land in the transaction form for you to confirm. Nothing about the photo is kept after that.

Anthropic's own privacy terms apply to data while they process it; we don't train any model on your transactions or receipts, and Anthropic's policy is the same.

• Open Exchange Rates— daily currency-conversion rates (e.g. GBP → IDR). We fetch rates only; no user data is sent.
• jsDelivr / Google Fonts — public CDNs serving fonts and a couple of small libraries directly to your browser. Standard browser fingerprinting (IP, user agent) is what they get; no Okaneku data crosses to them.

We use cookies for two things:

• Your auth session(so you don't have to sign in on every visit).
• Your theme preference (light / dark / system).

We also use your browser's local storage for one tiny thing: which Add-transaction tab you used last (Quick Add / Drag & Drop / AI), so we can default to it next time. None of these are tracking cookies, and there's no third-party analytics script on the page.

• Export everything — Settings → Data → Export to CSV. Filter by date range, type, or take the whole lot.
• Delete a record — every account, transaction, budget, category, and tag is deletable from its own page.
• Delete your journal — currently requires emailing the operator. Self-serve account deletion is on the roadmap.

We update this page when reality changes — when we add a new third party, switch a region, change how the AI flow works. The "last updated" date at the top tells you when. We don't send a notification email for changes; this page is the source of truth.

If you have questions about your data, found something that contradicts this page, or want a copy of everything we have on you — open the app's in-chat assistant and tell it. The team gets the message with your journal context attached. Or email the operator if you have a direct address.