Private mode (PIN encryption)
import { Aside } from ‘@astrojs/starlight/components’;
Private mode encrypts sensitive fields client-side before they leave your device. The server stores only ciphertext — it cannot read your transaction descriptions, merchant names, or notes even if compromised.
What gets encrypted
Section titled “What gets encrypted”| Field | Encrypted |
|---|---|
| Transaction description | ✅ |
| Transaction reference number | ✅ |
| Transaction notes | ✅ |
| Merchant clean name | ✅ |
| Merchant raw ID | ✅ |
| Merchant notes | ✅ |
| Amounts, dates, categories | ❌ (never encrypted) |
How it works
Section titled “How it works”- You set a 6-digit PIN in Settings → Security
- A key is derived using PBKDF2:
key = PBKDF2(userId + PIN, salt=userId, 100k iterations, SHA-256) - Each field is encrypted with AES-256-GCM (random 12-byte IV per field)
- The ciphertext is stored as base64 in the database
The PIN never leaves your device. The server only sees the derived ciphertext.
BIP39 recovery key
Section titled “BIP39 recovery key”When you enable private mode, Paisa generates a 24-word recovery phrase. Store it somewhere safe — it’s the only way to recover your data if you forget your PIN.
Using with Claude (MCP)
Section titled “Using with Claude (MCP)”Add your PIN and user ID to the MCP environment:
"env": { "PAISA_API_URL": "...", "PAISA_API_TOKEN": "...", "PAISA_PIN": "123456", "PAISA_USER_ID": "dZ11If6v6WTlifcFUZ9DvDL1r3AuEDbV"}Find your user ID in Settings → Profile → User ID (tap the copy button).
The MCP server derives the same key locally and decrypts fields before returning them to Claude.
Inactivity lock
Section titled “Inactivity lock”The web app automatically locks after 15 minutes of inactivity. You’ll need to re-enter your PIN to view encrypted fields. The MCP server does not lock — it re-derives the key from the PAISA_PIN env var on each request.