Privacy Policy

Last Updated: March 11, 2026

Introduction

Private Portfolio ("we," "our," or "the app") is a personal finance tracking application for macOS. We are committed to protecting your privacy.

The short version: Your data stays on your device. We don't collect, store, or have access to any of your personal or financial information.

Information We Do NOT Collect

Private Portfolio is designed with privacy as a core principle. We do NOT collect, store, transmit, or have access to:

  • Your name, email, or any personal identifiers
  • Account balances or portfolio values
  • Bank account details or financial information
  • Transaction history
  • Investment holdings quantities
  • Property values or addresses
  • Any data you enter into the app

Your financial data never leaves your device.

Data Storage

Local Storage Only

All data you enter into Private Portfolio is stored exclusively on your Mac. Your data is:

  • Stored locally in an encrypted database on your device
  • Protected by your master password using AES-256-GCM encryption
  • Never synced to iCloud or any cloud service
  • Never transmitted to our servers (we don't have servers)
  • Completely under your control

Encryption

Your data is protected with:

  • AES-256-GCM authenticated encryption
  • PBKDF2-HMAC-SHA512 key derivation with 600,000 iterations
  • Cryptographically secure random salts
  • Keychain storage with device-only access (no iCloud sync)

Network Communications

Private Portfolio connects to the internet solely to fetch current market prices for your assets.

What IS Transmitted

  • Asset symbols only (e.g., "AAPL", "BTC", "XAU")
  • Your API keys to their respective services (keys you provide)

What is NEVER Transmitted

  • Account balances or values
  • Quantity of assets you hold
  • Your portfolio composition
  • Personal information of any kind

Third-Party Price APIs

The app may connect to these services to fetch prices:

  • Alpha Vantage — Stock prices (sends stock symbols + your API key)
  • Finnhub — Stock prices (sends stock symbols + your API key)
  • CoinGecko — Cryptocurrency prices (sends crypto symbols + optional API key)
  • Metals.dev — Precious metal prices (sends metal type + your API key)

All connections use HTTPS only (TLS 1.2+) with ephemeral sessions.

Apple Services

If you make a purchase through the App Store, transactions are handled entirely by Apple. We receive only a purchase verification. See Apple's privacy policy.

If you enable Touch ID, biometric data is handled by Apple's Secure Enclave. We never access or store biometric data.

Your Control

  • View: All your data is visible within the app
  • Export: Export your data at any time from Settings
  • Delete: Use "Factory Reset" in Security Settings to permanently delete all data
  • Encryption: Set up or change your master password at any time

Summary

Do you collect my data?No
Is my data sent to your servers?No (we have no servers)
Is my data sold to third parties?No
Can you see my portfolio?No
Where is my data stored?Only on your device
Is my data encrypted?Yes, AES-256-GCM
What network data is sent?Only asset symbols to price APIs

Your privacy is protected by design, not just by policy.