What "privacy-first" means for a portfolio tracker
A privacy-first portfolio tracker processes your holdings on your own device and never uploads them to a server. The opposite is a cloud tracker, which stores your transactions in its own database — usually behind a login. The simplest test: if the company had a data breach tomorrow, would your portfolio be in it?
The line isn't always black-and-white. Even a local-first tool needs the network for one thing: fetching live prices. The question that matters is what it sends. A well-designed local tracker sends only the ISINs and currency pairs it needs a quote for — never your quantities, cost basis, or account balance.
The comparison at a glance
Four common ways to track a DeGiro portfolio, sorted from most local to most cloud-based:
| Tool | Where your data lives | DeGiro connection | Account needed | Price |
|---|---|---|---|---|
| FolioInsights | Your browser (opt-in E2E sync) | CSV upload or extension | No — email only to unlock | €29 one-time |
| GIROTRACKER | Your browser | CSV upload | No | Free |
| Browser extensions (Mercury, Zeus) | Your browser's local storage | Reads your DeGiro session | Install required | Free / freemium |
| Cloud trackers (Portseido, PDT, …) | Their servers | CSV or linked account | Yes | Mostly subscription |
Free cloud trackers usually monetise through a paid tier or by limiting how many transactions you can track for free. Always read what leaves your browser, not just the price.
Local-first vs cloud: the real trade-off
Local-first wins on privacy and cost. Nothing about your holdings is stored on someone else's server, there's no account to be breached, and there's no subscription — you're not the product. The cost is convenience: you import a CSV yourself instead of linking an account that auto-updates.
Cloud trackers win on automation and reach. They can sync several brokers into one view, update overnight without you lifting a finger, and open on any device with a login. The trade-off is that your full transaction history sits in their database, and most charge a recurring fee for it.
How to check where a tracker sends your data
You don't have to take a marketing page at its word. Open your browser's developer tools (F12), go to the Network tab, and import a small CSV. If you see your transaction rows or amounts in an outgoing request body, the data is leaving your machine. If the only outgoing calls carry ISINs and currency codes, it's staying local.
Two other quick signals: does the tool still work with the network disconnected after the page loads (local tools largely do), and does it force you to create an account before you can see anything (often a sign your data is being stored server-side)?
Where FolioInsights fits
FolioInsights is local-first by design. Your DeGiro CSV is parsed in the browser and your transactions are stored in the browser's IndexedDB, so by default they never leave your device. The one routine exception is live quotes: fetching them sends only the ISINs and currency pairs a price is needed for — never your amounts, quantities, or cost basis.
There's one opt-in exception too. The optional mobile sync — off by default, and currently rolling out to selected accounts — does upload your transactions, but only as ciphertext: they're encrypted in your browser (AES-GCM under a PBKDF2-derived key) and the server stores a blob it cannot read. It's a one-time €29 purchase rather than a subscription. The trade-off is honest — you import your CSV yourself, and multi-broker auto-linking isn't the goal. If privacy and full DeGiro-specific analytics matter more than hands-off automation, that's the fit.
Try FolioInsights with your CSV →
Do any DeGiro trackers keep my data fully local?
Yes. FolioInsights and GIROTRACKER both run the analysis in your browser; FolioInsights keeps your holdings in IndexedDB and uploads nothing by default — its optional sync only ever uploads end-to-end-encrypted ciphertext the server can't read. Browser extensions like Mercury and Zeus also keep data in local storage. The cloud trackers — Portseido, Portfolio Dividend Tracker, Capitalyse and similar — store your transactions on their servers behind a login.
If FolioInsights fetches live prices, is it really private?
Yes. Fetching a quote requires sending an identifier — an ISIN and a currency pair — but never how many shares you hold, what you paid, or your balance. Your quantities and cost basis stay in your browser's IndexedDB. A price request reveals that someone, somewhere, wants a quote for a stock; it reveals nothing about your position size.
Are browser extensions for DeGiro safe to use?
It depends on the extension. A well-behaved one stores data locally and reads only your DeGiro session, but a browser extension can request broad permissions and update silently, so you're trusting its code on every page you visit. Check its requested permissions and reviews before installing, and prefer open-source or audited ones.
Is a cloud tracker ever the better choice?
Often, yes. If you hold accounts at several brokers and want them merged into one auto-updating view across phone and laptop, a cloud tracker does that far more smoothly than importing CSVs by hand. The trade-off you accept is that your full holdings sit in a third-party database, usually for a recurring fee.
Doesn't DeGiro already show my performance?
Only partly. DeGiro shows current value and a basic return, but it doesn't isolate your true return after fees, dividend tax and currency effects, and it won't compute weighted-average cost basis or benchmark you against an index. That gap is exactly why standalone trackers exist.