Your financial data never leaves your device.

Your portfolio, transactions, and theses are stored encrypted and separated per user in your own database. There is no central data pool anyone could scrape — only narrow, clearly documented price lookups leave the server, never your holdings.

Frequently asked questions & help in the manual

Local & encrypted

Portfolio data is stored encrypted (SQLCipher in local mode, per-user schema in Postgres in server mode) — your access key is derived from your password (PBKDF2-SHA256), never stored in plaintext.

No data business

No advertising, no data sales, no affiliate broker links. Portfo-Leo earns from the software, not from your data.

No aggregator lock-in

No mandatory Plaid/Yodlee connection to your bank. Account sync (Bybit, KuCoin, on-chain) is opt-in and runs directly against the respective source — not through a third-party intermediary.

What others do — and we don't
Typical cloud trackerPortfo-Leo
Data storagecentral cloud databaselocal / encrypted per user
Business modelads / affiliate / AUMpaid software
Account connectionthird-party aggregator (Plaid/Yodlee)local / opt-in, direct to source
Affected by a breach?central honeypot — all users at onceno central data pool
Server locationoften USA or unclearGermany (GDPR)
Access to your assetssometimes trading/wallet featuresread-only — can't move anything

Example, stated factually and without gloating: in 2024, crypto tracker CoinStats had a central user database compromised — a risk that arises structurally whenever many user portfolios live in one place. Portfo-Leo avoids exactly this central data pool.

Location, law & access
  • Servers in Germany — full GDPR. Data access, export, and account deletion are built right into the app, not just promised.
  • Read-only by design: Portfo-Leo holds no assets (no custody) and executes no trades. Account sync only needs read permissions — the app cannot move anything.
  • Data minimization: we only store what tracking requires — data that doesn't exist can't be scraped or requested by anyone.
  • No data sharing with third parties. Authorities receive data exclusively under a legal obligation — and then only what the law requires.
What goes out, and where

Every network connection Portfo-Leo makes in normal operation — complete, with no hidden calls. Only ticker/symbols (e.g. "BTC") are ever transmitted, never your holdings, amounts, or username.

ProviderDestinationWhat is transmittedWhy
Binance api.binance.com Ticker symbol (e.g. BTCUSDT) Primary, key-less price source for crypto — fast, no rate limit in normal operation.
KuCoin api.kucoin.com none (one call returns all spot tickers) Fallback for coins not listed on Binance.
Gate.io api.gateio.ws none (one call returns all spot tickers) Another key-less fallback for smaller/newer coins (e.g. HYPE).
CoinGecko api.coingecko.com CoinGecko ID(s) of the coins Fallback price source with broad coin coverage; optional own API key possible.
CryptoCompare min-api.cryptocompare.com Ticker symbols (batch) Another fallback for mid-/long-tail coins if the previous sources return nothing.
DexScreener api.dexscreener.com Contract address (public, on-chain anyway) Price lookup for tokens without a CoinGecko/exchange listing (DEX/meme coins).
yfinance / Yahoo Finance query1/query2.finance.yahoo.com Exchange symbol (e.g. AAPL, OERL.SW) Price source for stocks, ETFs, and commodities.
Anthropic (Claude) api.anthropic.com only when actively used: your question + selected position data Optional AI analysis — off by default, sends nothing unless activated.

Stooq — fallback price source for stocks (only when Yahoo has no data).

Technical details (for pros)
Encryption & passwords
  • Passwords are never stored in plaintext — hashed via PBKDF2-SHA256 (200,000 iterations) with an individual salt.
  • In local mode your database sits SQLCipher-encrypted on disk; in server mode each user gets their own Postgres schema. The access key is likewise derived from your password + salt via PBKDF2 — it only exists while you're logged in.
2FA & session
  • 2FA (TOTP, RFC 6238) can be enabled optionally — a 6-digit code from any standard authenticator app, with backup codes (also PBKDF2-hashed) for emergencies.
  • Login runs via a session cookie; after logout or expiry, the session is invalid.
Backup

Backups (local file or Postgres dump) stay on your own infrastructure — there is no automatic upload to a third party.

Self-host

Portfo-Leo can also be fully self-hosted — then nothing but the price lookups listed above ever leaves your own machine.

Not investment advice. This page describes how Portfo-Leo handles your data — it is not financial, tax, or legal advice. Details in the disclaimer and the privacy policy.
--:--:--
LIVE