What does zero-knowledge mean?
Zero-knowledge means that nobody — not even the developers of beanies.family — can access your data. All encryption and decryption happens entirely in your browser.
Design principles
- No server-side storage — We don't run a database. Your data lives on your device and optionally in your own Google Drive.
- No password transmission — Your password never leaves your browser. It's used locally to derive encryption keys.
- No analytics on data — We can't compute on, index, or profile your financial information.
- Open encryption — We use standard Web Crypto API algorithms (AES-256-GCM, PBKDF2, AES-KW) with no custom crypto.
📡 OAuth proxy
The only server-side component is a stateless OAuth proxy for Google Drive token exchange. It processes OAuth tokens — never your pod data.
What Google sees
If you use Google Drive sync, Google stores your .beanpod file — but it's fully encrypted. Google sees the file name and size, but the contents are indistinguishable from random data without your password.