Privacy-Focused Wealth Tracker
No ads. No behavioural tracking. No data brokers. Document content encrypted with per-record versioned keys, hosted in Switzerland with EU data residency, paid by users instead of by their balance sheets.
3-day free trial · Read-only by design · Swiss-built · Cancel anytime
Uploaded statements, contracts and personal documents are encrypted on a per-record basis with versioned keys. Keys are server-managed and rotatable without re-encrypting your data, and key access is scoped to least-privilege production workflows — never to engineering laptops.
Every document upload is AES-128-CBC + HMAC-SHA256 (Fernet) at the content layer once stored, and TLS 1.2+ (HSTS preloaded) protects the wire. Refresh tokens are httpOnly cookies; access tokens stay in memory (XSS-safe).
Built and operated in Switzerland — a country whose entire financial reputation rests on discretion. Hosted on hardened EU infrastructure. Strict data-residency commitments under enterprise engagements. Far from the reach of opportunistic data-broker law.
Zero behavioural pixels. Zero data-broker partnerships. The product is paid by users.
Access, portability and erasure rights as first-class operations — not feature toggles.
Daily encrypted backups, HSTS preload, strict CSP, recurring penetration testing.
Three things. (1) We're paid by users — no ads, no behavioural tracking, no data brokers. (2) The technical posture is encryption at rest: document content is encrypted with per-record versioned keys, and key access is scoped to least-privilege production workflows. (3) We're Swiss-built with EU data residency and explicit GDPR-aligned data-subject rights. Privacy isn't a marketing line; it's the business model.
Never. No ad tech, no behavioural tracking pixels, no data-broker partnerships, no analytics vendors that get to see your portfolio. The only third parties that see anything are the price feeds (Stooq, CoinGecko, ECB) and they only get the public ticker / symbol — never tied to your identity.
Sensitive uploaded material (statements, contracts, personal documents) is encrypted at the application layer with a per-record key derived from a versioned key dispatcher. Keys are server-managed and can be rotated without re-encrypting your data. wlthy is not end-to-end encrypted — the server reads cleartext to serve your dashboard — but key access is restricted to least-privilege production workflows, never to engineering laptops. Database column-level encryption protects the most sensitive structured fields.
Hardened EU cloud infrastructure with daily encrypted Postgres backups, point-in-time recovery and continuous monitoring. We support strict data-residency commitments under enterprise engagements. The application is Swiss-built and operated by a small senior team — predictability over novelty.
wlthy is read-only by design. There are no payment-initiation scopes on any integration — prices flow in, nothing flows out. Cash positions are entered manually or imported via CSV, on purpose, so wlthy never touches your bank's outbound payment surface.
GDPR-aligned by default: access, portability and erasure are first-class operations, not feature toggles. Deleting your account triggers a real erasure of your data plus the encrypted backups within the contractual window. An append-only audit log with cryptographic integrity proves what was done and when.
We're built for that. Recurring third-party penetration testing, encrypted-at-rest backups, HSTS preload, strict CSP allow-listing only Stripe and our own origin, X-Frame-Options DENY. The full security posture lives at /security and gets updated when the practice changes — not when a sales deck demands it.
Track stocks, crypto, real estate, alts and debts in one Swiss-built ledger. Zero ad tech, zero data sale, zero behavioural tracking. Three days free. Cancel anytime.
3-day free trial · Cancel anytime · Swiss-built · Bank-grade security