2026fintechFinFlow21 iterations · 9 months

FinFlow — agentic wealth management platform

A global personal-finance platform built as an alternative to Monarch, Copilot and YNAB — with agentic AI, multi-currency support and automatic data aggregation. Twenty-one iterations from MVP to a fully-featured ecosystem.

https://mtplanet.store/
wealth
hover.tracked
Surface

What users see. Identity, motion, UI craft, copy.

A Telegram bot as a first-class interface, a Next.js web app with 24 production pages, native iOS and Android wrappers via Capacitor. A 3D Wealth Map built on R3F that turns spending into a voxel city: investments become skyscrapers, overspending covers them in smog. Eleven settings sections, an admin panel with three roles, dry-run mass-broadcast.

Telegram Bot3D Wealth MapVoice InputMultilingualMobile WrappersAdmin Panel
scripta://case/finflow/architecture
Substrate

What holds it up. Architecture, contracts, infra, latency.

FastAPI + SQLAlchemy 2.0 async + PostgreSQL with Row-Level Security. Defense-in-depth: SECURITY DEFINER functions physically isolate user data, AES-256-GCM application-level encryption with cryptographic erasure for the GDPR right-to-be-forgotten — deleting a user’s individual key invalidates all data without breaking referential integrity. PII scrubber strips merchant names and locations before LLM calls.

Row-Level SecurityAES-256-GCMCryptographic ErasureDual-ledger Multi-currencyAgentic AI HITLPII Scrubber
Story

Beyond the isolated expense tracker

The brief was ambitious: build a platform capable of competing with global leaders by transcending the outdated paradigm of "manual entry plus PDF uploads". The future belongs to Agentic Wealth Management — an autonomous financial assistant that doesn’t just analyse data but takes routine tasks off the user. Open Banking integrations through Plaid, Salt Edge and Tink. Full multi-currency with historical rates. Investment portfolios, crypto, subscriptions. GDPR, CCPA, SOC 2 Type II. Five languages with regional tax adaptation.

Cascading classification

Every transaction passes through a six-tier cascade, each tier producing a confidence score and the first match wins. User-defined regex rules sit at the top (confidence 1.0) — patterns set by a user have absolute priority. Below them: bank hints from MCC codes (0.95), built-in rules for popular merchants (0.6–0.9), a merchant cache that learns from prior runs (0.88), GPT-4o-mini for unknown cases (≥0.6), and a fallback.

  • 01User regex — absolute priority
  • 02Bank MCC hints — 0.95
  • 03Built-in rules — 0.6 to 0.9
  • 04Merchant cache — 0.88
  • 05GPT-4o-mini fallback — ≥0.6

Cryptographic erasure as a primitive

GDPR’s right-to-be-forgotten is usually implemented as a recursive DELETE through a foreign-key graph — slow, error-prone, often impossible without breaking referential integrity. We chose a different primitive: every user gets their own AES-256-GCM key, all their data is encrypted at rest with that key, and erasure becomes a single operation — drop the key. The encrypted ciphertext can remain on disk forever; without the key, it is mathematical noise. Referential integrity stays intact, audit logs stay readable, deletion is provably instant.

Gallery

Pieces of the product.

  • mesh
    3D Wealth Map · voxel city01/06
  • scan
    Telegram bot · voice transcription02/06
  • grid
    Settings — eleven sections03/06
  • mono
    Admin panel — three roles04/06
  • rings
    Multi-currency dual-ledger05/06
  • gradient
    Family Spaces · child sub-accounts06/06
[ Results ]
509/509
backend tests passing
135
FastAPI endpoints
5 langs
localized
0
tech debt
[ Stack ]
FastAPIPython 3.12SQLAlchemy 2.0PostgreSQLCeleryRedisNext.js 14TypeScriptR3FTailwindCapacitor 7OpenAIWhisperLangChain
Next case

Get Refreshed 2.0 — three-floor digital flagship