Self-Hosted Personal Finance Without Running a Server: A Practical Guide

What “self-hosted personal finance” actually means

If you found this page, you already know the cloud-finance pitch. Plaid token in one app, OAuth handshake in another, transactions mirrored to whichever vendor bought the last Series B. The data is theirs. The categorisation is theirs. The retention policy is theirs.

Self-hosted personal finance flips that. Your transactions, account balances, categories, and ledger live on hardware you control. Not on a SaaS server pretending to be private. Not in an encrypted bucket whose key the vendor also holds. Your hardware.

In the self-hosted community, that usually means one of two shapes:

1. A server you run. Docker Compose, a Synology, a Pi 4 in a closet, a VPS you trust. The classic shape. Actual Budget, Firefly III, Maybe Finance fit here.
2. A local desktop app with no server tier at all. The database is a file on your machine. There is nothing to expose, nothing to reverse-proxy, nothing to back up except the data file itself. GnuCash fits here. SelfCapsule fits here.

Both are valid forms of self-hosting because both satisfy the only definition that matters: your financial data lives on hardware you control, and no third party has a copy.

This guide walks through both shapes, names the trade-offs honestly, and explains where a local desktop tool like SelfCapsule fits in the r/selfhosted toolbox.

Why the server-tier shape is the default (and where it strains)

Most self-hosted finance tooling assumes you want a server. The benefits are obvious:

• Multi-device access by default. Open the web UI from your laptop, phone, partner’s laptop.
• Multi-user accounts. Shared household budgets without sending screenshots over Signal.
• API surface. Hook in bank importers, your own scripts, your own dashboards.
• Cron jobs. Recurring transactions, automated imports, scheduled reports.

The strain is also obvious to anyone who has done it:

• You are now a database administrator for your household budget. Postgres, SQLite, MariaDB depending on the tool. Backups, upgrades, schema migrations.
• You need a reverse proxy if you want HTTPS. Caddy or Nginx. Cert renewal. DNS for a local domain.
• You need a tunnel if you want phone access from outside the LAN. Tailscale, WireGuard, Cloudflare Tunnel, your call.
• You need to keep the host patched. Auto-updates if you trust them; manual review if you do not.
• You need to keep the container patched. docker compose pull on a cadence, or Watchtower if you trust unattended upgrades.

None of this is hard for an r/selfhosted regular. It is, however, real ongoing work, and that work has a failure mode: a stale container, an expired cert, a forgotten backup, and suddenly the most sensitive data set in your life is propped up by half a weekend of attention from six months ago.

The server shape is the right shape when multi-device sync, multi-user access, or API integration is a hard requirement. When it is not, the cost is overhead for overhead’s sake.

The local-only shape: self-hosting without a server

There is a smaller branch of the self-hosted tree that gets less coverage on r/selfhosted because it has nothing to spin up. The data lives in a file on the machine you are already using. No daemon, no port, no cert.

GnuCash has done this for two decades. SelfCapsule does the same thing in modern packaging.

The argument for this shape:

• Smallest possible attack surface. Nothing listens. No port is open. No reverse proxy. No authentication layer that can be misconfigured.
• No ongoing ops cost. No patches to apply on a server you forgot you had. The application updates like any desktop app.
• Backups are one file. Copy the data file to your encrypted external drive, your Syncthing folder, your Borg repo, whatever you already use. No pg_dump, no volume mount conventions to remember.
• Truly offline-capable. Plane mode works. No internet day works. The application has no opinion about your network state because it never reaches out.

The trade-off is also honest:

• No multi-device sync unless you bring your own. Syncthing the data file between machines, or run the app on one canonical machine.
• No bank-feed import unless you run an aggregator separately (more on this below).
• No web UI on your phone. The app is on macOS and Windows; that is the surface.
• No native multi-user mode. One person, one file, one machine is the assumed shape.

For a meaningful slice of r/selfhosted, those trade-offs are acceptable, sometimes preferred. A budget tool you check once or twice a week on a laptop does not need a 24/7 server. A ledger does not need a web stack.

Comparison: where each tool actually sits

Below is the honest map of the space. Read it as “different shapes for different threat models and operational appetites”, not as a ranking.

Tool	Setup complexity (judgment)	Where data lives	Sync mechanism	Cost	Platform
SelfCapsule	Install, open. No config required.	Local data file on your machine	None by default; bring your own (Syncthing, iCloud Drive, Tailscale + file sync)	One-time purchase	macOS, Windows
Actual Budget [1]	Desktop app install; optional self-hosted sync server (PikaPods, Fly.io, Docker, CLI) with reverse proxy for HTTPS	Local-first desktop app; optional self-hosted sync server you run	Background sync via your own sync server; optional end-to-end encryption	Open source (MIT), free; donation-supported	Desktop: macOS (Intel + Apple Silicon), Windows (x64, arm64), Linux (Flathub, AppImage). No official iOS or Android app.
Firefly III [2]	Self-host server: Docker image (or traditional PHP install, Kubernetes, Cloudron, Yunohost); reverse proxy for HTTPS	Self-hosted server you run	Web UI and REST JSON API; mobile via third-party Firefly III clients	Open source (AGPL-3.0), free	Web app only (responsive); runs on any Docker or PHP host
GnuCash [3]	Install, open. Power-user manual is required reading.	Local file (XML or SQLite)	None by default; manual file sync	Open source (GNU GPL), free	Linux (incl. Flatpak), Windows 8/10/11, macOS (Intel + Apple Silicon), BSD, Solaris. No mobile.
YNAB (reference, not self-hosted) [4]	None; cloud signup	YNAB’s servers	Built-in cloud sync	Subscription: $14.99/mo or $109/yr USD; 34-day free trial	Web app, iOS, Android

Sources for column data (all accessed 2026-05-12):

• [1] Actual Budget: https://actualbudget.org and https://actualbudget.org/download/. License confirmed via project GitHub repo metadata.
• [2] Firefly III: https://github.com/firefly-iii/firefly-iii (license, deployment options, web-app scope).
• [3] GnuCash: https://www.gnucash.org (platforms, GPL license, no sync, no mobile).
• [4] YNAB: https://www.ynab.com/pricing (current pricing, trial length).
• Setup complexity is a judgment column. Criteria: number of moving parts to stand up the first install. “Install, open” is one step. “Docker Compose plus reverse proxy” is several.

The pattern is clear. If you want a server, Actual Budget and Firefly III are the mature options and the r/selfhosted community has written extensively about both. If you want self-hosting without the server, GnuCash and SelfCapsule are the options, and they bias toward different audiences: GnuCash toward double-entry accounting purists, SelfCapsule toward people who want a clean modern app that respects the same principle.

What SelfCapsule does, and what it does not

To save you reading the rest of the site:

What it does.

• Runs as a native macOS or Windows app. The data file lives on your disk.
• Manual transaction entry, categorisation, account tracking, budget envelopes.
• AES-256 local encryption of the data file.
• One-time purchase. No subscription, no account, no telemetry, no analytics.
• No outbound network calls from the app for sync, login, or feature gating.

What it does not do, by design.

• No multi-device sync built in. If you want your data on two laptops, you bring the sync layer. Syncthing on the data file works well; iCloud Drive or OneDrive on the file path works if you accept that those services see encrypted bytes; a Tailscale node with a manual rsync also works. None of these are wired into the app.
• No automatic bank import. There is no Plaid integration. There will not be. If you want bank feeds, the self-hosted path is to run an aggregator separately (Akahu, GoCardless Bank Account Data API, or a regional equivalent) and export OFX/CSV into SelfCapsule. The friction is real; the benefit is no third party sits permanently between your bank and your ledger.
• No web UI. The app is the surface.
• No mobile app today. macOS and Windows desktop only.
• No multi-user accounts. One person, one file.

If any of those is a hard requirement for you, Actual Budget or Firefly III is a better fit, and the r/selfhosted threads on both are excellent.

A reasonable threat model for the local-only shape

Self-hosting is a stance about who you trust with the data. The local-only shape says:

• You trust your operating system’s full-disk encryption (FileVault, BitLocker).
• You trust your own backup chain (encrypted external, Borg, restic, Syncthing to a second host you own).
• You do not trust a third-party SaaS with the data, including a SaaS marketed as “private” or “zero-knowledge”.
• You accept that physical access to your unlocked machine is a compromise. The same is true of a self-hosted server you SSH into.

The local-only shape does not protect against:

• A compromised endpoint. If your laptop is owned, any local data is at risk regardless of app encryption.
• Loss of the data file with no backup. The app encrypts at rest; it does not magic the file back if you delete it and have not backed it up.

A reasonable setup, for what it is worth, is FileVault on the disk, the SelfCapsule data file inside a folder backed up nightly to an encrypted Borg repo on a NAS you own, and a copy of the repo replicated to a friend’s NAS via Tailscale. That is durable, private, and does not put a cloud vendor in the middle.

When to pick which shape

Quick decision rubric. None of these are absolute.

• Pick the server shape (Actual Budget, Firefly III) if you genuinely need multi-device sync, household multi-user, or a programmable API surface, and you are willing to own the ops cost.
• Pick the local-only shape (SelfCapsule, GnuCash) if you primarily check finances on one machine, prefer zero ongoing ops cost, and value the minimal attack surface that comes from having nothing to expose.
• Pick GnuCash if you want full double-entry accounting and you are happy to read the manual.
• Pick SelfCapsule if you want a clean modern app, one-time payment, AES-256 at rest, and the smallest possible footprint on your network.

There is no wrong answer in this list. There is only the wrong answer of accepting a cloud-finance tool when self-hosting in either shape would have served you.

Try it on your own terms

SelfCapsule is a one-time purchase, macOS and Windows. The app runs locally, the data file lives where you put it, and nothing leaves your machine. If that is the shape of self-hosted personal finance that fits your setup, download it and run it offline; your data never leaves your machine.

The pricing page confirms there is no subscription tier and no telemetry.

If you have feedback, the SelfCapsule account is active on r/selfhosted under u/SelfCapsule. Honest critique is welcome; that is how local-only tools get better.

---

Related reading:

• Why Local-First Software Is the Future of Personal Finance
• Personal Finance Without Subscriptions: Why One-Time Purchase Software Is Making a Comeback
• Best YNAB Alternatives That Don’t Require a Bank Login (2026)