Last updated: 8 July 2026 · Data controller: Pixby Media AB (org.nr 556825-4469), Stockholm, Sweden · hello@pixby.se
Saldo is built so that your transaction and account data never touch our servers. That is an architectural property, not a policy promise: financial data flows directly between your device and the open-banking provider, and no server endpoint in our system can receive it. See how it works.
On your device only. Account names, balances, and transactions are fetched directly from the open-banking provider (Enable Banking) and stored in an encrypted local cache on your machine, available only to the AI assistants you connect. Deleting the app's data directory deletes the cache.
On our servers (managed tier). The token broker stores a random device identifier, encrypted consent tokens for the banks you connect, and your subscription status. If you subscribe, we also store the email you paid with and link it to your device — that's how your subscription is restored on a new install. We also record which setup steps a device has completed (first launch, checkout, subscription, bank linked, assistant connected, first sync) so we can see where onboarding fails. Never balances, transactions, or account names — and never what you or your assistant ask.
Payments. Subscriptions are sold by Polar as merchant of record: your name, email, and payment details are processed by Polar under their privacy policy. We never see your card details.
Beta signups. If you request beta access, we store your email and use it only to invite you. Deleted on request.
This website sets no tracking cookies and runs no analytics. Self-hosters use no service of ours, and we process no data about them at all.
Managed-tier and payment data: performance of our contract with you (Art. 6(1)(b)). Beta emails: your consent (Art. 6(1)(a)), withdrawable at any time. Bank access itself is granted by your explicit consent at your bank, read-only — account-information consents only, never payment initiation.
Enable Banking (Helsinki, Finland) — the licensed open-banking provider your device talks to directly. Your bank — serves your data under your consent. Polar — merchant of record for subscriptions. Our hosting providers never see financial data — there is none server-side to see. We do not sell or share personal data, and we use no advertising or tracking.
Consents expire on your bank's schedule and renew only with your authorization. You can revoke at any time at your bank or by disconnecting in the app, which deletes the associated consent tokens from the broker.
Under the GDPR you can access, rectify, erase, restrict, and port the personal data we hold, and complain to a supervisory authority (in Sweden: IMY). Since your financial data lives only on your device, most of it is already fully in your hands.
Data-protection questions and requests: hello@pixby.se.