What leaves your browser
Every network request Coffer is capable of making is listed below. By default, nothing leaves your browser — your transactions, categories, budgets, and account balances stay in your browser's IndexedDB. The requests below only happen when you opt in to the feature that triggers them.
This list is canonical. Adding a new network destination requires a PR that updates both the code (the Content Security Policy allowlist in vercel.json and public/_headers) and this page. You can verify what Coffer is doing at any time by opening your browser's Network tab.
| Destination | Purpose | Triggered by | Opt-in |
|---|---|---|---|
buy.stripe.com | Stripe Checkout redirect (Cloud subscription) | User clicks Subscribe to Coffer Cloud | Yes |
billing.stripe.com | Stripe Customer Portal link | User clicks Manage Subscription | Yes |
huggingface.co | WebLLM model weight download | User enables AI categorization in Settings | Yes |
coffer.to/api/cloud/blob | Coffer Cloud encrypted blob sync via private server-side Blob relay | User enables Cloud sync in Settings → Storage | Yes |
api.frankfurter.dev | FX rate fetch (ECB-sourced, multi-currency display) | User selects Frankfurter in Settings → Preferences → Rate Source | Yes |
open.er-api.com | FX rate fetch (fallback provider, multi-currency display) | User selects open.er-api.com in Settings → Preferences → Rate Source | Yes |
What is not in this table
Coffer Cloud sync uses a same-origin API route. Your browser sends an encrypted envelope to /api/cloud/blob; the server stores that ciphertext in private Vercel Blob storage. The browser does not talk directly to a public Blob URL.
Third-party analytics on the app itself (Google Analytics, Facebook Pixel, Hotjar, etc.) are not on this page because they do not exist in Coffer. The /app/* routes have no analytics scripts of any kind. The Content Security Policy keeps script execution scoped to Coffer itself.
Error tracking services (Sentry, Datadog, Bugsnag) are also absent by design. If Coffer crashes on your device, the stack trace stays on your device. We would rather fix issues based on user reports than collect them from your browser.