Self-Hosted Setup

Run Finlynq on your own infrastructure. The app and PostgreSQL both run in Docker, and sensitive fields are encrypted at rest with a per-user key derived from your account password.

Quick Start with Docker Compose

curl -O https://raw.githubusercontent.com/finlynq/finlynq/main/docker-compose.yml
docker compose up -d

Then open http://localhost:3000 and register your account. One thing first: change the default PostgreSQL password and PF_JWT_SECRET before you expose the container to anything but localhost.

What You Get

✓ Self-contained Docker Compose. Just the app and PostgreSQL, nothing external
✓ Envelope encryption on transaction text fields (payees, notes, tags, holdings)
✓ MCP server for plugging in AI assistants (Claude, etc.)
✓ Automatic schema migrations on container start

Environment Variables

DATABASE_URL is your PostgreSQL connection string (required)
PF_JWT_SECRET is the JWT signing secret, at least 32 chars of entropy (required)
PF_PEPPER handles scrypt password peppering, at least 32 chars (required in production)
PF_STAGING_KEY wraps email-staged transactions, at least 32 chars (required in production)
PORT sets the server port (default 3000)

Security note:the envelope-encryption DEK is derived from your account password via scrypt. Forget the password and the reset flow wipes your data and provisions a fresh DEK. There's no backdoor. So back up your data now and then via the Settings → Privacy & Backup panel.