Version 0.2.2 adds server-side infrastructure for AI operations (voice and receipt recognition) to MyFina. This is infrastructure for mobile clients — there is no AI interface in the web app itself.
Off by default
A fresh MyFina install does not send any data to Anthropic. Enabling it is a
deliberate action by the owner in the admin panel (/admin/settings → AI). Until then,
all /api/mobile/v1/ai/* endpoints respond with 503 ai_unavailable.
Protection against accidental spend
Beyond the master kill-switch, there are three separate barriers:
- Env override
AI_KILL_SWITCH— globally overrides any value in the database. - Per-user daily quota — an atomic counter in a single DB operation (no TOCTOU between check and increment).
- Daily cost cap in USD — if responses turn out abnormally expensive, the next call is rejected until midnight UTC.
Privacy
The Anthropic section in /legal/privacy is still a DRAFT — we have not finalised
the legal wording for the DPA and the data-storage region. No «we'll fill it in later
while writing nothing» — every term will be spelled out in the privacy policy before
the feature becomes available to users.
What's next
Phase 2 is the UI on mobile clients (Android lives in a separate repository) with an opt-in toggle and an explicit mark on every transcribed receipt / voice command. Until then the infrastructure stays dormant.