Security
Svodly is built on the local-first principle: your finances live on your device, not on someone else's servers. The cloud is connected at your discretion and is used only for syncing devices and shared access. This page describes what is protected, and how.
Where your data is stored
On desktop and mobile, your book lives in a local database inside the app's internal storage. In the web version it lives in isolated browser storage: other sites and other users of the computer cannot access it.
Until the cloud is connected, your data never leaves the device. You control your backups yourself: export a book to a file (“Import & export”) and local backups on desktop and mobile.
Connection security
Every connection the app makes to the Svodly Cloud is encrypted (TLS) — the same class of protection your online bank uses. Data is never sent over the network in the clear.
What is stored in the cloud
If you have connected the Svodly Cloud, our servers hold:
- your account email and an irreversible password hash — the password cannot be recovered from it;
- the book data needed to sync between devices;
- the members of shared books and their roles;
- technical access logs — they record requests to the server, but not the contents of your book.
Content encryption is not end-to-end: a book has no personal key without which it cannot be read. This is a deliberate decision — it lets us restore access if you lose your password (more in “FAQ”). Access to the servers is strictly limited; we do not view or analyse the contents of your books.
If you need the strictest possible model, work without the cloud. A local book does not pass through our infrastructure at all.
Account access
- The password must be at least 8 characters; only its irreversible hash is stored on the server.
- Sign-up and password recovery are confirmed with a one-time code sent to your email.
- Connected devices are visible on the Sync → Devices screen; any session other than the current one can be closed remotely.
- Changing your password automatically ends sessions on all other devices.
What we don't do
- We don't sell or share your data with third parties.
- We don't show ads.
- We don't embed hidden trackers or behavioural analytics.
- We don't use the contents of your transactions to train models.
These commitments are set out in the Svodly manifesto and don't change between versions.
Anonymous telemetry
Telemetry is off by default — the app sends nothing. You can turn it on in Settings → About → Anonymous telemetry (desktop and web). Then once a day an anonymous report is sent: the app version, operating system and interface language. Book data, identifiers and IP addresses are not included in the report. The mobile app does not send telemetry.
If a device is lost
- From any other device, open Sync → Devices and close the session of the lost device.
- Change your account password — the other devices will be disconnected automatically.
- The local copy of the book stays on the device and is protected by the device's own means: screen lock and system encryption. Keep them turned on.
You can always take your data with you
The whole book exports to JSON, and transactions to CSV and Excel. The files can be read without our app — that's part of the manifesto: your data belongs to you.
Where to go next
- Svodly Cloud account — sessions, changing your password, deleting your account.
- Sync — how to connect and disconnect the cloud.
- Import & export — back up to a file.