Privacy Policy
Last updated: 9 May 2026
Steward is a self-hosted personal finance tool. Each instance runs on
infrastructure controlled by the user (the operator). The Steward mobile app
(iOS & Android) connects to one operator-controlled server at a time. This
policy describes what the app collects and how it’s used.
Data we store on your device
- Server URL, email, and JWT session token — kept in iOS Keychain /
Android EncryptedSharedPreferences via Expo SecureStore. Used to authenticate
each request to your server.
- Cached financial data — your dashboard, accounts, transactions,
investments, and analytics are mirrored in a local SQLite database so the
app works offline. Cleared when you sign out or uninstall.
- UI preferences — theme choice, hide-values toggle, and notification
preferences.
Data we send off-device
- To your Steward server — every API request goes only to the URL you
configured. We do not route your data through any third party.
- To Apple / Google push services — when you enable notifications, an
opaque push token is registered with Apple Push Notification Service or
Firebase Cloud Messaging so notifications can reach your device. The
notification text itself is generated by your server.
- Crash and diagnostic data — none collected by us. Apple and Google
may collect crash data per their own policies if you opt in via OS
settings.
Permissions the app requests
- Camera — used solely to scan the connect QR shown on your
server’s
/connect page. The image stream is processed locally; nothing
leaves the device. Required because there is no other secure way to
transfer your server URL to the app on first launch.
- Notifications — only requested when you enable a push category in
Settings. Required to deliver overdue-payment, overspend, big-mover, and
daily-summary alerts your server triggers.
- Biometric (Face ID / Touch ID / fingerprint) — optional, used only
as a local app-unlock gate. Biometric data never leaves the device; we
only receive a yes/no signal from the OS.
Third parties
The mobile app itself does not include analytics, advertising, or third-party
SDKs that phone home. The only network destinations are:
- Your Steward server URL (you configure it).
- Apple Push Notification Service / Firebase Cloud Messaging (only when
notifications are enabled).
The server you connect to may itself talk to bank aggregators (Plaid, Teller,
Lunchflow, Pluggy, Enable Banking, Salt Edge), Yahoo Finance for prices, and
optional services like Resend for email and Anthropic for inbox parsing — all
gated by credentials the operator configures. See the operator’s SECURITY.md
for the complete list.
Data retention
Cached data on your device persists until you sign out or uninstall. Push
subscriptions on your server persist until you remove the device from
Settings → Push notifications → Registered devices.
Children
Steward is not directed at children under 13 and we do not knowingly collect
information from them.
Changes to this policy
We will update this page when material changes occur. The “Last updated”
date at the top reflects the most recent revision.
Contact
Questions? Use the contact form on our support page.