Skip to content

Your money is your life.
We protect it like our own.

No technical jargon here. We tell you what we do and what we don’t do to keep your information safe.

Your information is encrypted in transit and at rest.

It’s encrypted on the way between your device and our servers, and it stays encrypted once it’s stored. Even if someone intercepted the connection, all they’d see is noise.

Walpli doesn’t connect to your bank.

On purpose. We’ll never ask for your online banking password. You decide what to log and how. It’s the only honest way to protect what matters.

Your data lives in its own space.

Every account has its own box. The database itself, before any of our code runs, makes sure your information never crosses with anyone else’s, except in the spaces you choose to share.

We don’t sell your data. Period.

We don’t show ads inside the app and we never sell your information or hand it to advertisers. We charge you for Walpli: that’s our commercial relationship with you. To improve the design we do measure how the app is used with analytics tools, as detailed in our privacy policy.

Your box, your key

Your information lives in its own box.

Picture a building full of safes, one per user. Each safe has a unique key. Even if someone got into the building, they couldn’t open the safe next door: the key doesn’t fit.

Walpli works just like that. Your information never mixes with anyone else’s. It doesn’t rely on our code being bug-free: the database itself guarantees it, before anything can leave.

Verified by 44 automated tests on every update
You
Other
Other
Other
Your information, kept apart from everyone else’s, always.

We don’t connect to your bank.

Other apps ask for your bank password to "read your transactions." Walpli doesn’t.

Instead, you choose what to log and how: by hand, by voice, by bot, or by uploading a spreadsheet. It takes 30 extra seconds a day but it’s worth every one.

What’s yours is yours

Do whatever you want with your information.

No paperwork, no waiting for a reply, no asking you to justify anything. Your information is yours, no asterisks.

See everything, anytime

All your information, always available inside the app.

Take it with you, anytime

Export everything to a CSV file in two taps. It’s yours.

Edit anything

Change, adjust or delete any data with no restrictions.

Leave whenever you want

Delete your account and everything is truly erased. No tricks, no "we’ll keep it in case you come back".

App lock

Only you open Walpli.

Turn on the lock and Walpli asks for Face ID, your fingerprint or a PIN every time you go in. If someone grabs your phone, your finances stay under lock and key.

It locks itself when you leave: instantly, after a minute, or after five. And the PIN is always there as a backup, in case the camera won’t cooperate.

Face ID Fingerprint PIN
Enter your PIN
To protect your finances.
123456789 0
Forgot your PIN?
Want the technical details?

For the curious and the developers.

What follows is for those who want to know exactly how. If the section above was enough, all good, that’s how it should be.

How encryption works

All traffic between your device and our servers travels over TLS 1.3. Data at rest is encrypted at the disk level with AES-256 managed by AWS KMS. Passwords are stored with bcrypt, never in plain text.

When a transaction reaches the server, it passes through an authentication layer based on JSON Web Tokens (JWT) signed with key rotation. Without a valid token, the API rejects the request before touching the database.

Per-user isolation (Row Level Security)

Postgres lets you define Row Level Security (RLS) policies that filter rows at the database engine level. In Walpli, each user table has 4 policies select, insert, update, delete and they all verify that auth.uid() matches the row’s user_id column.

This means that even if a bug in our code tried to read another user’s data, the database simply wouldn’t return those rows. It’s a second barrier, independent from the application code. We have 44 integration tests that verify these policies on every deployment.

Infrastructure and providers

Walpli runs on Supabase (managed hosting on AWS): Postgres with RLS, managed authentication and Edge Functions on the Deno runtime. The web app sits behind Cloudflare with HTTPS and managed certificates.

For AI processing (voice transcription, photo interpretation), we use the OpenAI API under a commercial agreement that forbids using your messages to train models. We send only the content to process, not your financial history or identifying data.

Regulatory compliance

Walpli complies with Chile’s Law 19.628 on the Protection of Private Life, the European Union’s GDPR and California’s CCPA. This includes the rights of access, portability, rectification and deletion of personal data with no paperwork.

If you find a vulnerability or have a concern about our security, write to us directly at walpliapp@gmail.com. We take every report seriously.

Relax, it’s taken care of.

Try Walpli with peace of mind. Whenever you want to take your information with you, two taps and it’s yours.