Last updated · 18 May 2026

Security, and its limits.

BitGarth is built for people who do not want their financial life pooled into someone else's database. Here is what we protect — and where the protection ends.

Your wallet data, transaction history, labels, settings, and saved API keys live in your encrypted user database. Transaction exports and backups are encrypted by default, although you can export them unencrypted when you need to.

BitGarth does not need your name, email address, seed phrase, private keys, or exchange login passwords to use the app. It only needs public wallet information, such as Bitcoin addresses, xpubs, and Ethereum addresses. That is enough to sync transaction history without ever being able to move funds.

i.

What BitGarth protects against

BitGarth reduces the risk of exposing your portfolio to hosted crypto trackers, tax SaaS platforms, cloud aggregators, and data brokers.

Because private financial data stays in your app instance, there is no central BitGarth account database containing everyone's wallet balances, transaction histories, labels, or identity details. There is no marketing profile to build, and no email list required to use the app.

The app is designed around a simple rule: if BitGarth does not need a piece of information, it should not collect it.

ii.

What BitGarth does not need for wallet sync

BitGarth does not need:

  • Seed phrases
  • Private keys
  • Signing keys
  • Exchange login passwords
  • Custodial withdrawal access
  • Your legal name or address
  • Your email address to use the app

Public addresses and extended public keys can reveal transaction history, so they still deserve care. BitGarth uses internal IDs in URLs so addresses and xpubs are not exposed through browser history, cached pages, or proxy logs.

Public wallet data cannot spend funds. BitGarth treats it as sensitive financial data without turning it into custody risk.

Future exchange support will use API keys instead of exchange login passwords. Those API keys will be saved in your encrypted user database, like the Etherscan API key BitGarth can store today.

iii.

Encrypted user storage

Your private BitGarth data is stored in a SQLCipher-encrypted SQLite user database.

Your user database is protected by a randomly generated 256-bit data encryption key. Your password is used to derive a key with Argon2id. That derived key wraps the database encryption key, so changing your password can re-wrap the key without rewriting the entire database.

Your password unlocks your user database. BitGarth cannot recover it for you. If you lose the password and do not have an export or backup, you will need to re-add and re-sync your wallets. Encrypted exports and backups are there to make that avoidable.

iv.

App account records

BitGarth also has an app database for login records and app-level metadata. This app database is not encrypted.

The app database can contain your app username, login metadata, and the fact that your app account acknowledged a specific version of the Terms and Privacy Notice. It should not contain wallet addresses, transaction history, balances, labels, saved API keys, invoice details, or other private financial records.

If you run BitGarth yourself, this app database stays with your app instance and is not sent to BitGarth. If you use a BitGarth-hosted app in the future, BitGarth may operate the app database for that hosted service and keep the minimum records needed to run it.

v.

What BitGarth knows about you

BitGarth does not need your name, address, or email address to use the app.

For paid plans, BitGarth needs enough information to recognize payment history. It uses privacy-preserving anonymous payment IDs that is separate from your app user ID. That lets the app retrieve your payment status without building a normal identity account around you.

Cryptocurrency payments have different privacy properties depending on the asset and network used. If you want the strongest payment privacy among supported options, you can pay with Monero.

If BitGarth adds invoice support, invoice details will be entered inside the app. You will choose whether to save them, and saved invoice details will live in your encrypted user database rather than in a central BitGarth account.

vi.

What BitGarth does not protect against

BitGarth is not magic. It cannot protect you from every threat.

It does not protect against:

  • Malware or screen-recording software on your computer
  • A compromised browser, operating system, Docker host, desktop app runtime, or mobile device
  • Malicious browser extensions reading pages you open
  • Someone who knows your BitGarth username/password combination and has access to your computer or files
  • Losing your password without a backup
  • Publishing your exported accounting files somewhere public
  • Blockchain privacy limits inherent to public addresses and xpubs

If your device or host is compromised, assume your financial data can be compromised too. BitGarth's model is local-first, not invincible.

vii.

Exports are yours

BitGarth exports to plain-text accounting formats such as hledger and ledger-cli. That is intentional.

Plain text is easy to inspect, back up, diff, archive, and move between tools. It is also a natural fit for AI analysis.

That openness means exported files are your responsibility. Treat them like financial records. Store them somewhere you control, encrypt backups where appropriate, and avoid syncing them into services you do not trust.

viii.

Network requests

BitGarth connects to blockchain data providers such as Mempool and Etherscan so it can sync public transaction history for the addresses and xpubs you add. Those providers can see the public wallet data being queried.

BitGarth can also fetch market prices from services such as CoinMarketCap or CoinGecko. This is optional and off by default. It is only enabled when you choose to fetch prices or display asset values in another currency.

Where possible, BitGarth is designed so you can choose or self-host the services it talks to, for instance your own hosted Mempool instance.

The goal is not to pretend public-chain privacy is solved. The goal is to give you clear control over where your data goes.

ix.

Responsible disclosure

If you find a security issue in BitGarth, please report it privately before publishing details.

security@bitgarth.app

Useful reports include:

  • A clear description of the issue
  • Steps to reproduce it
  • The affected version
  • Any logs, screenshots, or proof-of-concept details that help confirm the problem

We will acknowledge reports, investigate them, and publish fixes with clear release notes when user safety is affected.

x.

The principle

BitGarth is built on a narrow promise: your self-custody accounting should not require surrendering custody of your data.

Encrypted user storage, public-key-only wallet access, plain-text exports, and honest limits all serve that promise.

Last updated · 18 May 2026