Last updated: April 2026

1. What we collect

BlueLedger stores your financial data locally on your device, encrypted with your password. If you use cloud sync, an encrypted blob is stored on our Supabase server — we cannot read it without your password.

2. Where your data lives

All transaction data is AES-256 encrypted on your device using your password as the key before it is ever sent anywhere. The server stores only unreadable ciphertext.

3. Authentication

Your email is used to create an account via Supabase Auth. We do not sell or share your email. Your password is never sent to any server — only a derived encryption key is used locally.

4. Card numbers

BlueLedger never asks for or stores your full card number. Only the last 4 digits are used for display purposes.

5. Third-party services

BlueLedger uses Supabase for authentication and encrypted vault storage, and loads Font Awesome icons and CryptoJS from cdnjs.cloudflare.com. No financial transaction data is shared with these services in readable form.

6. Cookies & tracking

Zero analytics. Zero tracking pixels. Zero ads.

7. Data deletion

Use Settings -> Sign Out & Delete Data to permanently delete all your local data. To delete your cloud account and data, contact us or use the Supabase auth deletion flow.

8. Contact

Questions? Open an issue on the GitHub repository.