Join Waitlist

What leaves your computer

An exact accounting of what PennyBolt sends, and what it doesn't.

Last updated: April 16, 2026

This page is our honest accounting of what PennyBolt sends out over the network, and what it keeps on your computer. We wrote it so you can read it once and know exactly what you are trusting us with. The answer is: very little.

The short version

PennyBolt never sends your financial data anywhere. Not to us, not to a server, not to advertisers, not to anyone. The only network requests PennyBolt makes are for update checks, and crash reports if you opt in. Both are described below.

If that’s all you needed, you can stop here.

What PennyBolt keeps on your computer

Everything, except the two things listed in the next section.

Concretely, on your computer:

  • Your PennyBolt file — every account, every transaction, every payee, every rule, every category. See Where your file lives for the exact path on each operating system.
  • Your backups — when you make a .pbbackup file, it stays wherever you saved it. PennyBolt never uploads it.
  • Your preferences — theme, window size, the last file you opened. Stored in a small settings file next to your PennyBolt file.

None of this is copied anywhere else by PennyBolt. If you want it on a second computer, in a cloud folder, or on a backup drive, you put it there yourself. That is the point.

What PennyBolt sends over the network

Two things, both explicit.

1. Update checks

When you open PennyBolt, it asks our update server one question: “is there a newer version than the one I’m running?” The request includes:

  • The PennyBolt version you have installed.
  • Your operating system and its major version (e.g., macOS 14).

That’s it. It does not include your name, your email, your license key, an account ID, a device fingerprint, or anything about the file you have open. We use these numbers in aggregate to know how many people are on v1.0 versus v1.1, which helps us decide how long to keep fixes backported.

You can turn update checks off in Settings → Updates. If you do, PennyBolt will stop asking, and you’ll update manually by downloading new versions from pennybolt.com.

2. Crash reports (opt-in)

If PennyBolt crashes and you have crash reporting turned on, it sends us:

  • A stack trace (the code path that led to the crash).
  • The PennyBolt version and your operating system version.
  • The type of the last user action before the crash (e.g., “import preview,” “reconcile close”).

It does not send the contents of your file, the name of your file, any account names, any payees, any transactions, any amounts, or any identifiers that tie the report to you.

Crash reporting is off by default. Turn it on in Settings → Diagnostics if you’d like to help us fix things we wouldn’t otherwise see.

What we don’t do

Plainly:

  • We do not connect to your bank. Not directly, not through an aggregator. You import files you download yourself.
  • We do not have your email, unless you emailed us support.
  • We do not have a login, an account, or a cloud profile.
  • We do not sync between your devices. You handle that yourself, with the file.
  • We do not serve ads.
  • We do not sell your data. We don’t have your data.
  • We do not include analytics, trackers, or telemetry beyond the update check described above.

A truthful note on encryption

If you set a password on a .pbbackup file, the backup is encrypted with that password before it’s written to disk. Anyone who gets a copy of the backup needs the password to read it.

Your live PennyBolt file is not encrypted on disk by default. It sits in your user folder protected by your operating system’s user account controls — the same protection that covers the rest of your documents. If someone can read your ~/Documents folder, they can read your PennyBolt file.

If your threat model includes someone with physical access to an unlocked computer, we recommend using full-disk encryption (FileVault on macOS, BitLocker on Windows, LUKS on Linux). That’s not a feature we’re giving you; it’s a feature your operating system already provides, and it protects everything you care about, not just PennyBolt.

We’d rather tell you the truth about this than put a padlock icon on it.

A note on updates

New versions of PennyBolt can include security fixes. We recommend leaving update checks on. If you’ve turned them off for privacy reasons, check pennybolt.com/releases every month or two so you don’t miss one.

Your rights

Because we never collect your financial data, we have nothing to export, correct, or delete on your behalf. If you email support, we have the thread. If you bought a license, we have the record of sale. That’s the full list.

Reporting a security issue

If you find a security problem in PennyBolt, email [email protected]. We’ll respond within two business days. We don’t run a formal bug bounty at v1, but we read every report and we credit researchers who want it.

See also