- The app is a simple desktop application that works on macOS, Windows, and Ubuntu.
- I developed this app for my own needs. Getting tired of SaaS app subscriptions and privacy concerns.
- For now, the activities are logged manually or imported from a CSV file. No integration with Plaid or other platforms.
- No monetization is planned for now (only a "buy me a coffee" if you use and appreciate the app).
> Import your statements from your broker or bank.
Exactly what brokers/banks that are supported should be listed somewhere and linked here, as that's a "make or break" feature for a lot of people I bet. Not much point in replacing my homegrown "Banks CSV export -> Data processing > Import into spreadsheet" workflow unless I just replace that last step but the previous ones remain the same.
I have in the past switched physical banks purely because their integration was either terrible or not working and I refused to go the "download CSV" route.
Unfortunately some banks are starting to drop support for applications directly connecting to them, and moving to an unacceptable model where intermediaries like Intuit's servers have to do the communication and store your credentials. This has been getting noticeably shittier in the last couple of years.
My #2 requirement (a close second) is that the application must be running on my local PC. I will never accept a cloud-based web-app or something I have to host on a VPS and access through some dinky HTML/JS UI.
At some point I suspect every person on the planet will have experienced a data exposure event and the question will switch from: have you ever had your info leaked?, when was the last time your info was leaked? It's not a small risk.
Sure, if you just trust some random Chrome extension from a random individual developer, you're absolutely setting yourself up for trouble when they hack your shit. But to wholesale dismiss all apps when there are actual legal protections in place that permit these businesses?
Also, what a glaring false dichotomy.
So to make "false dichotomy" stick, you going to need to assert that if Quicken were breached and this lead to my Schwab account being accessed by a bad actor, I actually am shit out of luck. Will you do that?
> My #2 requirement (a close second) is that the application must be running on my local PC. I will never accept a cloud-based web-app
You're lucky you don't live in the EU since well then you are straight out of luck since the bank APIs are only available to commercial entities thus the software generally is in the cloud and costs money.
https://www.digiteal.eu/open-banking-apis-all-you-need-to-kn...
Thats why using apps like Outbank, that automatically aggregate all your bank accounts data work like a charm in my experience.
Under the "open banking" scheme, not even massive companies can get API access to their own accounts. It only requires banks to give service providers access that allows their customers to essentially OAuth login into those services with their bank accounts. There is no "I just want my own account" API, only the general one.
And becoming a licensed provider is insanely hard because it's assumed you'll be actively managing millions of euros for tens of thousands of customers, when in reality, all you want is read-only access to one or a few affiliated accounts.
And doing so violates the terms of service with many banks:
> You agree that you will not authorize a third party to use the Service or share your credentials with a third party to use the Service on your behalf except in legally authorized situations such as legal guardianship or pursuant to a power of attorney.
* https://www.bankofamerica.com/online-banking/service-agreeme...
The banks are just as to blame. I'd love some basic non-SMS 2FA as a starting point, but sadly my bank is only the #6 largest in the US so they don't have the budget for it.
BofA Login https://www.bankofamerica.com/
1. Log in to your account.
2. Go to "Activity" or "Statements".
3. Select the account and time range.
4. Click "Download" and choose "CSV". Yes
--
# Chase Chase Login
1. Log in to your Chase account.
2. Navigate to "Statements & Documents".
3. Choose the account and statement period.
4. Click "Download" and select "CSV". Yes
--
# Wells Fargo Wells Fargo Login
1. Log in to your account.
2. Go to "Account Activity".
3. Select "Download Account Activity".
4. Choose "CSV" and specify the time period. Yes
# Citibank Citibank Login
1. Log in to your account.
2. Go to "Statements".
3. Choose the time period and format.
4. Select "Download" in "CSV". Yes
# Capital One Capital One Login
1. Log in to your account.
2. Navigate to the "Account Activity".
3. Select the time period and click "Download".
4. Choose "CSV". Yes
You can literally just ask bot for api docs to access info - then gimme a python for such:
https://i.imgur.com/P9UgZ98.png
>>"..evaluate the docs for each API and give me the most straight-forward python to connect which prompts me for which fin inst - with a menu for inputs. define an .env with the reqs fin inst fields i'd need to add.. but use the vars in the script... define in mermaid and swim."..
https://i.imgur.com/SpsyfI5.png
https://i.imgur.com/QzmPZIg.png
--
Basically, the semantic web is near.
Hopefully soon there will be a dictionary and a thesaurus of quippets {AI-Bot-like snippets that you call like legos to walk through a Warren (rabbits hole)
==-->
"Give me a panel that [does complex output] using [random inputs] and [other relationships] and give put that as "oligarchs" and give me relevant tables for relationships between the [elements]
(I like to add in "from this .git repo" and I also like to have them do autistically-obsessive logging.)
The problem is that I have so many logging iterations I get lost...
What I NEED is an AI co-AIHDHD-Pilot -- that watches all mY iterations and birdwalking through a problem, curiosity, muse, failure, success - -and give me a Charlie Day Version of my thought process
I ended up coding a small exporter[2] since I already had some stack in place that queries SimpleFI[3], which essentially allows querying balance and transaction information for most US-based banks (read only); most similar to plaid but a lot more developer-friendly afaik.
SimpleFIN on the other hand seems to be pretty good for dev work; plus very responsive in terms of questions and requests. Can only speak good of them.
SimpleFIN looks pretty.. simple, at least from a glance. When I get time, I'll actually give it a shot.
(Example of richness: splitting am Amazon CC charge into the multiple expense accounts for the items that went into the order, and also accounting for the CC rewards and the Gift Card balance that contributed.)
I tried taking a break from GnuCash for maybe year, and going to a spreadsheet, and found: (1) it was still substantial work to maintain an accurate view of balances, and (2) I was missing a lot of information I found I needed in practice.
Same purchase from amazon? Difficult, because you have two layers of indirection: checking account > credit card > amazon > it equipment.
Currently testing a new spreadsheet approach to deal with such scenarios, but not easy.
Then again I'd never trust rules to do everything right anyway, so I'm reviewing at least once to reconcile.
An open source project that had import flows for all the major banks & brokers into a well-defined unified format? Tremendous impact.
A graphing tool that only imports a standardized CSV? I can do that in my spreadsheet in minutes.
Although I choose convenience over privacy / no-cloud, Google Sheets FTW.
Woob does a great job of providing a good API for automating the web, and sure, not everything works, but it's a good start. Unfortunately, it seems it's not very well known still.
I have also seen some apps use https://www.simplefin.org/
Not to mention the second paragraph is "no more worries about SaaS services playing around with your data"
Unfortunately, depending on an open-source tool to do this is a double edged sword if it had these features, because we would be opening the risk of supply-chain attacks -- malicious actors getting commits into the repository code which cause the program to send your data elsewhere -- or worse, deplete accounts' funds.
I never used it, but didn't that ask you for the username/password in order to do its job? If so, I wouldn't touch it with a ten-foot pole.
> cause the program to send your data elsewhere -- or worse, deplete accounts' funds.
Again, seemingly because their shitty architecture would that even be possible.
There are modern (possibly only European?) standards nowadays that forces the banks to expose proper APIs for doing things like that. Would require a business entity to deploy to production (I think that's one of the requirements?) but otherwise wouldn't be a huge task compared to manually scraping stuff.
I was in the market for a new bank, so I ended up coming up with my short list of banks I’d look at moving to, then went to Every Dollar to try adding accounts to see what kind of prompt I was met with. Anything that required the 3rd party to store my creds was out of the running. I ended up ending a 20+ year relationship with a bank of this. There were other things too, but this was the straw that got me to actually cut ties.
I assume Mint was similar. I used it a long time ago, probably when I was more trusting in my youth.
This is FUD. You’re describing open-commit, which I don’t think anyone does. Open source is not more susceptible to supply chain attacks than closed source software.
Mint but downloadable software that runs locally.
It supported most UK scenarios but I felt like it never got personal taxes quite right. It seemed to be out by about 2-4%
But maybe I didn't fully understand it, partly because of the way it calculates it as a repayment in the following year (our income taxes are deducted at source and paid monthly)
If anyone has set up Paisa (successfully or unsuccessfully) and has anything to share, I'd love to hear it.
https://paisa.fyi/ https://demo.paisa.fyi/ https://ledger-cli.org/
When comparing the two programs here, I can't immediately see any big differences. Sorry if this reads like a shallow plug
Most of the aforementioned difficulties are behind me, and Paisa looks like an awesome way to help ease me back into Beancount. Thank you! I'm going to try it out soon!
But I think the "real" answer, especially as more countries get increasingly cashless, is to just import a CSV or OFX every few weeks so you're not actually manually entering anything.
I do otherwise employ the workflow you mention: automatic downloads and supervised but nearly automatic imports.
For importing: https://github.com/jbms/beancount-import For downloading: https://github.com/jbms/finance-dl
Like the idea of using text files as storage as it lets me use git to track changes - nice! Will check it out too.
Plaid Cons:
- The end user must type their bank account credentials into a third party platform that uses their banks logo. It is terrible for general population cyber security because this is the exact type of you thing you should never do in general. However I do not know of any data leaks or info sec issues from Plaid specifically. As far as I know Plaid is totally safe with this information. Im sure they will be hacked eventually though - everyone is.
- Plaid shows the permission you are granting but the user can not make it more restrictive. For example the company with the plaid integration can choose from 1 to all off these functionalities (they all increase api cost though): KYC Verification, PII from the account, one time current balance, ongoing current balance check, all transactions for previous 2-24 months. The vendor chooses what they want to get and the end user can take it or leave it, they cant pick and choose.
Plaid Pros:
- instantly verify bank account instead of waiting 1-2 days for Micro Deposits to hit account then come back to the app to verify. This is just better flow for the user, who often wants the loan asap. It is better for company too, because there is more conversion.
- balance checks, transaction history - these are useful for us to not overdraw accounts when pulling a payment, and verify income. Budgeting apps use these to auto import values of course.
- many banks have been forced to move to OAuth because of plaid. Having worked at a Top 10 US bank, I do not believe that any other than maybe Capital One would have OAuth today if it were not for Plaid pushing them
- There is really no other feasible option to get this data (other than competitors with same exact strategy so no difference). This is the customer's data that is valuable to them! They should be able to share it with trusted partners if it gives them value.
Here's to a continued migration to OAuth by banks, but I'm not holding my breath for it.
Huh? I have seen plaid redirect to my banks login and then authentication and subsequent authorization (read access to accounts) in other flow. Then plaid uses provided token to retrieve data.
I don’t recall having to pass login credentials to plaid. Maybe that’s a limitation of _your_ bank?
So the state of the art to connect to banks... is Selenium with stealth modifications.
I own a business which does the same work as Plaid, Intuit, et al.
It’s unsolved at the moment, and may not be for some time. So it’s a matter of time before the current scraping approaches break. We basically have to recompile the browsers from scratch to stop leaking information that distinguishes automation.
Adding accounts manually is painful. We used to do it with Open Banking, but since this is open-source, I appreciate that it cannot be done with Open Banking. However, an option to upload a statement (CSV) will simplify the process.
The same goes for adding securities. I believe you can get an eToro statement that shows you everything, and then you can parse it to populate the information.
Good luck!
It'd be nice if there was an actual standard for this sort of thing (incl. an API for automatically retrieving new transactions), and if banks and brokerages and such could be depended upon to actually use it.
Not to mention, Fidelity's site seems broken over half the typical days, especially with products like Basket Trades. Baskets broken. No cost basis. No quotes...not even during market hours. Insane.
My biggest pain points were cleaning the account data, to make it suitable for import, and getting the appropriate prices so I can see the value of the accounts at any point.
My financial institution has two sets of downloadable CSV files - one for cash movements, one for stock transactions. They don't include stock symbols, just a "description" which occasionally changes. I'd suggest a plugin system where uploaded statements can be transformed first (depending on where they are from) into the common format your app imports. This would provide a useful point where people could contribute to the app.
Pricing is something I found hard too - I also use yahoo for current prices, along with a couple of other sources. Historical price ranges can be very hard to come by, at least for free and in easily accessible forms.
even better than stock symbols would be if the whole world could agree to use ISINs (or even WKNs)
Speaking as a Boglehead, checking on your investments frequently is usually a bad thing.
First mentioned and most prominent feature is "Accounts Aggregation" on the landing page. If you don't have multiple accounts, it makes sense you don't see any need for this. But you should also realize that it's fairly common to have multiple accounts, for various of reasons.
Now, those external accounts are second-class citizens and don't get portfolio analysis and stuff like that, so there is room for improvement, but the ease of use and cost (free) is hard to beat.
wealthfolio.app yahoo.com
I'm assuming latter is to fetch ticker symbols, but ideally would like to use this app completely local.
If you can define some sort of investment strategy, then the tool can make you follow it perhaps.
When you look at a log chart of your net worth over several decades, things like the dot-com bubble and the Great Recession look like blips. It makes it easier to look at a bear market and think, "this too shall pass".
Of course it also helps you see your progress towards a goal and give you information on how long it will likely take to get there.
Does this work for the international market, like Brazil for example? Does it track fixed-income types of investments like government bonds, etc?
It would be great to turn this into a hosted service that I can deploy onto a homelab and access everywhere?
I personally pay for Rocket Money (they let you decide how much you want to pay per month with a min of around $4 / month) and as someone who came from Mint, it does an amazing job overall - I rarely have to do manual edits (other than assigning appropriate categories for certain transactions) and the one thing it lacks is Apple Card API import (have to do CSV, but once a month isn't bad).
I have a very generous free tier and I want to add two paid tiers. I have to figure out a license check that doesn't leak user information.
I would love to collaborate with you and also hear about your future plans for monetization.
I don't know how Plaid handles that, but you don't have the nice, permission scoped, revokable tokens like you do with OAuth.
My primary bank has a checkbox for "third party access" and they pay out how you need to check it when you give a service your username and password so they can access your account. Same username and password, not a new one. It drives me insane how they don't offer OAuth.
Not sure what accounts this is meant to work for.
``` Modify this csv to match this format: Follow these steps to import your account activities from a CSV file:
Ensure your CSV file is in the correct format. Columns should include Date, Symbol, Quantity, Activity Type, Unit Price, Currency, and Fee. Click the 'Import' button and select your CSV file. Review the imported activities before confirming. Supported Activity Types:
BUY SELL DIVIDEND INTEREST DEPOSIT WITHDRAWAL TRANSFER_IN TRANSFER_OUT CONVERSION_IN CONVERSION_OUT FEE TAX Example CSV format:
date,symbol,quantity,activityType,unitPrice,currency,fee 2024-01-01T15:02:36.329Z,MSFT,1,DIVIDEND,57.5,USD,0 2023-12-15T15:02:36.329Z,MSFT,30,BUY,368.6046511627907,USD,0 2023-08-11T14:55:30.863Z,$CASH-USD,600.03,DEPOSIT,1,USD,0 ```
Except it couldn't find the symbol `BRK/B`, `BRK.B` or `BRKB`.
I would love to contribute to open-source projects like yours.
Could you share the roadmap?
How do you think of making it running in mobile browsers and mobile native apps? I would love to be part of it.
One more thing is to integrate with API from brokers/exchanges.
How does it do with pension accounts, mutual funds and various other things that may be difficult to add using a major exchange ticker?
Every app I've tried this is painful or unsupported.
I must be missing something in your requirements.
Here's an example of what I'm talking about: suppose you and a housemate decide that an equitable split for the electric bill is 65/35 based on usage habits. One person pays the electric bill every month. All of these finance apps will download the transaction, categorize the electric bill for me, and maybe apply a custom tag. But I have to manually calculate the amount owed to me, and manually reconcile that with the fact that the other person pays the water bill.
I'd love to find an accounting app for shared arrangements, but it seems like most are targeted to solo or completely joint finances. Monarch listed elsewhere in these comments is the closest I've seen, but it also doesn't support reconciling split transactions.
I'm pretty sure I could write a custom importer for Beancount but the breakeven point on time would be years.
I think modifying the CSV importer for Beancount to split certain transactions to certain percentages would be fairly easy--switching to Beancount itself (or other Plain Text Accounting software) would of course be monumental. But it is the ultimate in flexibility.
But any tech may be overkill. In a e.g. roommate situation, a paper record per month (plus receipts, if lower trust) works fine.
[1] https://www.canada.ca/en/department-finance/programs/financi...
I think I got it right after doing a "deposit" of the exact value of my account, then try to work out what was the correct "buy" price for each stock without the P/L, it roughly works but the numbers don't exactly match those that I have in my account, perhaps because you're not using the same data source as my account
Even if the software is free and you're just offering $500/hour consulting as an add-on to the software, that helps me trust the project has sticking power.
P.S. I think Tauri is such a cool framework and a delight to use. Rust's approach to platform-specific code is so much saner than anything I've tried previously.
If a solo dev builds a tool that helps even a handful of people manage 5-6-7 figure portfolios, that's worth more than a cup of coffee.
There are a million other projects that are monetized, why do you need to "strongly recommend" against the very idea of one that is not?
If that's what the author wants, then great, they should do it, and I hope they make a nice profit. The post suggests it's not what they want.
This feels like an MVP at best.
Technologies Used
Frontend
React: JavaScript library for building user interfaces.
React Router: Declarative routing for React.
Tailwind CSS: Utility-first CSS framework for styling.
Radix UI/Shadcn: Accessible UI components.
Recharts: Charting library built with React.
Backend / APIs
React Query: Data-fetching library for React.
Zod: TypeScript-first schema declaration and validation library.
Development Tools
Vite: Next-generation frontend tooling.
TypeScript: Typed superset of JavaScript.
ESLint: Pluggable linting utility for JavaScript and JSX.
Prettier: Code formatter.
Tauri: Framework for building tiny, secure, and fast desktop applications.
How do you get current market prices for investments?
It's gonna take a lot to pry me away from my spreadsheets. They are simple and just work. Ages and ages ago I used MS Money but once they shut down I never migrated to the 'sunset edition,' just switched to excel. I keep trying things, but without local, automatic sync to my accounts, nothing is as simple and effective as a simple spreadsheet, for me.
[0] https://github.com/afadil/wealthfolio?tab=readme-ov-file#tec...
Ensure you have the following installed on your machine:
Node.js
pnpm
Rust
TauriSorry but all these languages and tooling just for a simple desktop application is a pass.
Right?
... and use this spreadsheet instead?
This is what we need more often from our software, especially from software that works with sensitive data. I do typically want sync options though since I tend to use several different devices and it sucks not being able to reference information on the go from my phone. Sync options can include locally/self hosted options or use something like iCloud that don't depend on a software vendor's running a service though.
Storing sensitive data in local storage makes you vulnerable to XSS attacks and Man-in-the-Browser attacks. You're exposing your sensitive data to an attacker that injects a script to the website and to malicious browser extensions. All sensitive data stored in local storage must be encrypted using a key stored in the server or somewhere on your hard disk. Otherwise, you're not reducing your risk, but substituting one type of information disclosure vulnerability with another.
The app in question runs locally and only with trusted code. How is the attacker supposed to get in there to place the XSS or even do a MITM attack when there is no exposed website at all? Neither are there browser extensions involved here.
> All sensitive data stored in local storage must be encrypted using a key stored in the server
Huh? Please don't do this, especially not for "local first" applications, would defeat the entire purpose.
That's a big assumption. Have you read all the code, and the dependencies of the dependencies of your code? If you haven't, how do you know it can be trusted? What if there is a backdoor in an obscure dependency that can inject a script into your website to steal your sensitive data? Don't laugh it off. When there is money on the line, someone is going to try it.
> Neither are there browser extensions involved here.
What about the extensions you installed in your browser? What about the user scripts (if you use them)?
> Huh? Please don't do this, especially not for "local first" applications, would defeat the entire purpose.
Why not? Why do you want a local first app in the first place? What's the purpose of a local first app, if not security?
It's not a website, it doesn't run in your normal browser. It runs as a standalone application.
> Why not? Why do you want a local first app in the first place? What's the purpose of a local first app, if not security?
Because as soon as those keys aren't available (either because the endpoint no longer exists, or you cannot connect to the endpoint for whatever reason (like being offline)), you can no longer access your data.
That isn't "local first" at all, it's something else entirely.
The encryption key doesn't have to be stored in the cloud. It just has to be stored somewhere else -- it could be in the file system.
> It's not a website, it doesn't run in your normal browser. It runs as a standalone application.
Even if it's a standalone application, it doesn't mean the code can be entirely trusted. I wouldn't take that risk.
Right, makes sense. I was saying to not store it in the cloud, specifically. Encrypt local data at rest, makes sense. Storing encryption keys for said content somewhere where you need internet access to get, doesn't make much sense.
> Even if it's a standalone application, it doesn't mean the code can be entirely trusted. I wouldn't take that risk.
"Trusted" here refers to "not user provided inputs" that SaaS/website usually does somewhere. Obviously, there is code somewhere that you haven't read and verified, that's true for literally everyone using a computer today, no one has read and verified all the code they've run, we'd get nothing done if that was common practice.
Just for curiosities sake, what OS you use and how much of your software you use daily have you read through the source code of?
Very few. It depends on the data I need to store in the program. I don't store sensitive data in Figma or VSCode, so I don't really care if they don't encrypt my data in local storage. But if I'm in the market for something that offers to manage my sensitive financial data, then yes, I want to dig into its dependencies and security strategy first.
Don't most sync options depend on a software vendor running a service? (Your VPS hosting company, your SaaS handling cross-device syncing, your cloud provider, et cetera.)
A few ideas:
Anonymize and aggregate the data, then sell it off to financial and marketing firms.
Add ads to the site.
Charge a subscription fee.
Partner with banks as a white label financial planning tool.
> I developed this app for my own needs. Getting tired of SaaS app subscriptions and privacy concerns.
Horrible. Goes against the privacy oriented aspect of this app.
> Add ads to the site.
Oh great, more useless ads I have to block. Nothing like getting a crypto scam ad while viewing your portfolio performance. Horrible UX idea.
> Charge a subscription fee.
Yet another SaaS, centralization of data, and betrays the privacy oriented aspect
> Partner with banks as a white label financial planning tool.
Likely won’t work. Maybe small advisors would buy into it but at that level there are a plethora of tools available to them with real time aggregation available via Plaid or even old school scraping (doubtful in 2024 though).
How about this? Just charge one time fee for major versions of the app. Minor and patch versions are free. Keep the privacy oriented aspect and local to users machine.
Why must you always use the worst ways to monetize? Treat users with respect and you will have life long customers. Not everything needs to be a billion dollar unicorn pumped with VC funds.
They aren't the worst ways to monetize, they are just the ones that work.
> How about this? Just charge one time fee for major versions of the app. Minor and patch versions are free. Keep the privacy oriented aspect and local to users machine.
Unless he is charging a substantial and/or recurring amount, there is no way he will put up with angry customers and enjoy maintaining the software in the long term.
Plus, if this is hosted, hosting is a variable cost that always goes up, so his prices for updates will always be increasing.
The site very clearly states that this is a desktop app