Rotki - local-first, privacy-preserving crypto portfolio tracker and accounting tool

General Project Showcase
1

Hey all! Lefteris here, founder of rotki, disclosing my affiliation up front.

After my reply in the “Any privacy focused Crypto Tracker?” thread, this seemed like the right category to properly introduce the project.

What it is

rotki is a portfolio tracker and accounting tool that runs entirely on your own machine. It’s focused on crypto but through manual balances and history can handle virtually anything. We want to make it a more generic financial tool than just crypto (eventually). You install the app, connect your wallets and exchange accounts, and your data lives in an encrypted local SQLite database on your computer. No sensitive financial data touches our servers.

It is multiplatform. Runs on Windows, Macos and Linux. Also has a docker package. It supports many chains (Ethereum and its L2s, Bitcoin, Solana, Polkadot, Kusama and others), exchange integrations (Kraken, Binance, Coinbase, Bitstamp, and more), and decoding for major DeFi protocols (Aave, Uniswap, Compound, Curve, Lido, etc.). End-of-year tax reports can be generated for various jurisdictions.

What “privacy-preserving” actually means here

The most important privacy angle for us is self-hosting and keeping all sensitive financial data on your local machine. Your wallet addresses, balances, transaction history, cost basis, tax events … none of it leaves your computer. With the rise of crypto kidnappings, wrench attacks, and targeted attacks on people suspected to hold significant crypto, this matters more than it did a few years ago. Cloud portfolio trackers and tax tools concentrate exactly the data an attacker would want: addresses linked to identity, total holdings, transaction patterns. A single breach at a centralized provider exposes all of it. rotki’s architecture means there’s nothing centralized to breach.

Beyond that:

  • No account required. No email needed to use the free tier. No registration.
  • Local database. Your wallet addresses, transactions, and balances live in encrypted SQLite on your machine.
  • No telemetry by default. The app doesn’t phone home with usage data unless you explicitly opt in, in which case we collect some basic anonymous usage data to help improve the product.
  • AGPL-3.0. Source is public. If we disappear tomorrow your data and the tool still work.
  • The compromise we’re honest about: rotki has to query blockchain indexers, RPCs and price APIs to actually work. Third parties (Etherscan, CoinGecko, etc.) see queries about specific addresses. We let users plug in their own node URLs and API keys to mitigate this. Full address privacy is fundamentally limited by how public blockchains work, not by our architecture.
  • Speed. First sync takes a long time unlike the SaaS alternatives as it’s your local tool that does the heavy lifting and nothing is pre-indexed. After that everything is saved/cached in your local machine and retrievals are near-instant from the DB.

A brief history

rotki started in 2017 as a personal side project. I needed to do my taxes and I was tired of cloud crypto trackers wanting all my data and I wanted something local. It was opensource from the start (you can see ~20k commits on GitHub). Since 2020 it’s been a small OSS company based in Berlin, currently 3 developers. I’ll be honest: building a privacy respecting project as a sustainable business is hard. We’ve survived this long through subscriptions, grants, and stubbornness, but it’s not easy and we’re not sure what the sustainable long-term shape of the business looks like. We’re still going.

Honest limitations

To save anyone evaluating it some time:

  • Learning curve is real. Local-first crypto accounting requires reconciliation work. Marking spam tokens, adding missing prices, fixing edge cases and more. With thousands of crypto protocols, hundreds of chains and exchanges It’s not a plug n play tool. We’re working on improving this but it’s an honest gap today. I don’t think it can ever be truly “fixed” but improvements can definitely be made.
  • No formal external security audit. Code is public under AGPL, the database is encrypted, and we don’t custody anything. But we haven’t paid for a third-party audit.
  • Some DeFi gaps. We support a lot but not everything. New protocols and chains take time to add. We prioritize on what is most used and what paying users ask for.
  • A paid tier exists for higher limits and some features. Core local functionality is free.

Where to find it

Happy to answer questions, take criticism, or hear what’s missing. If anyone here has tried rotki and bounced off, I’d genuinely like to know why. That feedback is more useful than another GitHub star.