Think about what your expense tracker knows. Every place you eat, every tool you buy, every trip you take, every client you visit. Strung together, that is a detailed map of your business and a fair amount of your personal life. Now ask a simple question: where does that map live? For most apps, the answer is "on our servers." Enceipt's answer is "on your phone, and only your phone." This article explains why that difference matters and what you trade for it.
The problem with cloud-based expense apps
The standard model for an expense app looks like this: you create an account, you grant some permissions, and from then on your receipts and spending are synced to the company's servers so you can see them on the web, on a second device, and so the company can run its features. It is convenient. It is also a concentration of risk.
- Data breaches. A server holding the financial records of thousands of users is a target. When it is breached — and breaches are routine — your spending history is part of the spill.
- Account requirements. You cannot use most of these apps at all without handing over an email address and agreeing to terms that let the company process your data.
- Quiet scope creep. Today it is analytics. Tomorrow it is "personalised insights," then partnerships, then an acquisition that changes the privacy policy. You rarely get a say.
None of this is necessary to scan a receipt and add up some numbers. It is a side effect of an architecture that assumes everything must flow through a central server.
What "on-device" actually means
Enceipt is built on the opposite assumption. Your expenses are stored in a local SQLite database on your phone, encrypted at rest. The OCR that reads your receipts runs on the device. The AI that suggests categories runs on the device. There is no account, no login, and no server-side copy of your data, because there is no server in the loop at all.
In practice that means the app works fully offline. On a plane, in a tunnel, in a building with no signal — scanning, categorising, searching, and reporting all keep working, because none of them were ever reaching out to the internet in the first place.
What Enceipt does not collect
It is worth being concrete about the things that simply do not exist in this model:
- No account. There is nothing to sign up for and no password to forget.
- No email. Enceipt does not ask for or store your email address.
- No server-side receipts. Your images, amounts, and merchant names are never uploaded to Enceipt.
The app does use a small amount of anonymous, aggregate analytics to understand which features get used — but those events never include merchant names, amounts, receipt contents, or anything that could identify you or your spending.
Backup stays in your hands
"No cloud" raises an obvious question: what happens if I lose my phone? Enceipt's answer is user-controlled backup. You can back up to your own Google Drive or Dropbox, or to local storage. The crucial detail is that the backup file is encrypted on your device, with a key derived from your PIN, before it is uploaded. Enceipt cannot decrypt it. Your cloud provider cannot read it. You own the backup and the only key to it.
This keeps the privacy promise intact while still giving you a way to restore if a device is lost or replaced.
The GDPR angle
For freelancers in the EU and EEA, the on-device model has a pleasant consequence: it sidesteps most of the machinery of data-subject requests. There is no account to delete and no server-side data to request, because the data never left your device. If you want to erase everything, you open Settings and choose Delete All Data — it is gone, locally and completely, with no support ticket and no waiting period. Privacy by architecture tends to make compliance simpler than privacy by policy.
The honest trade-offs
A privacy-first design is not free. It is fair to name what you give up:
- No automatic cross-device sync. If you want your expenses on a second device, you restore from a backup rather than seeing them appear instantly.
- No web dashboard. There is no "log in from a browser" because there is nothing to log into.
- Backup is your responsibility. The flip side of holding the only key is that you must keep a backup if you care about recovery.
For a lot of people, those are easy trades. The point of an expense tracker is to capture expenses and produce reports, and Enceipt does both without ever needing to know who you are.
Try it
If the idea of a financial app that genuinely cannot see your data appeals to you, Enceipt is free on Android. No account, no email, no cloud — just your receipts, on your device.