When I told people I was building a native desktop app for real estate investors, the reactions were... mixed. "Why not make it a web app?" "Aren't desktop apps dead?" "What about mobile?" These are reasonable questions in 2026, when the default assumption is that everything ships as a web service with a backend, a database, and a subscription.
I had a clear answer: the users I was building for have financial data that shouldn't leave their device. And once I committed to that constraint, the desktop became the obvious choice.
Here's the full story.
The problem I was trying to solve
I own rental properties. I've used most of the popular landlord tools: Stessa, spreadsheets, various property management platforms. They all have the same fundamental architecture: your data lives on their servers, you access it through their interface, and they control what happens to it.
For most categories of software, that's fine. But for real estate financial data, it bothered me in a way I couldn't ignore. My portfolio data includes every property I own, what I paid for it, what it's worth now, how much equity I have, what my income is from each unit, my mortgage balances and lenders, my tenants' names and contact information, and five years of tax records. That's not just financial data, it's a complete picture of my financial position.
When Stessa was acquired by Roofstock in 2022, I remember thinking: my data is now inside a real estate marketplace. A company whose business model is built on facilitating property transactions now has a detailed map of my portfolio. They have my property addresses, my equity positions, my income by property. That is a structural conflict of interest.
I started looking for alternatives. There weren't any that combined the depth of features I needed with genuine data privacy. Everything was cloud-based. Everything required an account. Everything uploaded my records to a server I didn't control.
So I built what I needed.
The gap in the market
The landlord software market has converged on a specific model: free-to-start, cloud-based, with revenue from subscriptions, transaction fees, data monetization, or referrals to affiliated services. This model works well for the companies. It works adequately for users who aren't paying attention. It works poorly for users who think carefully about data ownership.
There's a significant segment of real estate investors who care deeply about this: privacy-conscious investors, high-net-worth individuals who don't want their financial details on a startup's servers, Canadian investors who need T776 support, professional investors who want analytical depth beyond basic income tracking, and anyone who's been burned by a cloud service going down, being acquired, or changing their pricing.
This segment isn't well-served by the existing market. They want something that works like modern software, polished UI, intelligent features, automation, but without the cloud dependency and data exposure. That's SealedFolio.
Why privacy matters for financial data specifically
Privacy concerns in software often get dismissed as paranoia. But for real estate financial data, the risks are concrete and the stakes are high.
Consider what an adversary could do with your complete portfolio data. A competitor investor could identify properties you're holding and make offers when you're in a weak position. A plaintiff's attorney in a civil suit could subpoena cloud records to understand your financial exposure. A tax authority could use transaction patterns to identify discrepancies. A data broker could sell your financial profile to targeted marketing campaigns or lenders who use it to adjust your rates.
None of these are hypothetical. All of them become possible when your financial data lives on a server that other parties can access, through legitimate requests, data monetization, or breach.
When your data is encrypted on your device with a key that only you have, none of these attack vectors work. I can't hand over what I don't have. A breach of SealedFolio's servers (of which there are none) can't expose your records. A subpoena to us would produce nothing because we genuinely have no access to your data.
The technical decisions
Once I decided to build a native desktop application, I had choices to make. The most important decisions were around the encryption approach (how to protect user data) and whether local AI was viable for document scanning.
Why a native desktop app
Building a native desktop app instead of a web app was the critical architectural decision. A web app requires a server. A server requires storing user data. Storing user data means you can be subpoenaed, breached, or acquired, and your users' financial records go with you.
A native desktop app avoids the core cloud-database problem. The application runs on the user's machine. There is no hosted SealedFolio portfolio database. Calculations, reports, AI scanning, encryption, and the main ledger workflow happen locally. Network access is limited to license validation and optional features a user enables, such as Plaid bank import, map/geocoding views, model downloads, update checks, sample media, or encrypted backup copies to a folder they control.
We chose a framework that uses the native system WebView for the UI layer, keeping the binary small and memory usage low. The backend is written in a memory-safe language that prevents entire categories of security vulnerabilities, buffer overflows, use-after-free, data races, that are common in traditional desktop applications. For software whose core promise is secure local storage, memory safety is not optional.
The encryption stack
SealedFolio uses three layers of encryption:
- Database-level: SQLCipher database encryption. The database is encrypted at rest so even if someone extracts the database file from your machine, it's unreadable without the key.
- Document-level: XChaCha20-Poly1305 with per-file keys. Each document, photo, and attachment gets a unique randomly-generated key. Compromising one file doesn't compromise any other. The per-file keys are themselves stored encrypted in the database.
- Key derivation: Argon2id with 64MB memory cost, 3 iterations, and 4 threads. Argon2id is the winner of the Password Hashing Competition and is specifically designed to be expensive to compute in parallel, which is what makes brute-force attacks impractical. The 64MB memory requirement means GPU-based cracking attacks that work on simpler hash functions don't work on Argon2id at this parameterization.
The key derived from your master password is used to unlock the database and decrypt per-file keys. It's held in memory only while the vault is unlocked, protected from being swapped to disk, and explicitly zeroed when you lock the vault. When SealedFolio is closed, there is no residual key material in memory.
Local AI for document scanning
One of the more interesting challenges was AI document scanning without a cloud API. The obvious approach, send documents to a cloud AI service for OCR and extraction, was immediately ruled out. Sending your mortgage documents to a third-party API defeats the entire privacy model.
The alternative is running an AI model locally. Modern hardware with GPU acceleration has made this genuinely practical. A model small enough to run on consumer hardware can accurately extract structured data from financial documents, dates, amounts, parties, terms, property details, without any network call.
Document extraction typically completes in 5-15 seconds depending on document complexity. Not instant, but fast enough to be practical for occasional use, and the tradeoff of a few extra seconds for complete privacy is one most users are happy to make.
The questions I had to answer
Before committing to this architecture, I had to honestly answer some hard questions:
"Is there a real market for privacy-focused real estate software?" The answer turned out to be yes, privacy-conscious investors exist in significant numbers, and the Stessa/Roofstock acquisition crystallized the concern for many people who hadn't thought about it before.
"Will the lack of bank syncing be a dealbreaker?" For some users, yes. For others, the CSV import workflow is a reasonable tradeoff. Most banks offer CSV exports. The column mapping wizard makes the import take a few minutes, not hours.
"Can I build something good enough to compete with funded cloud tools?" A desktop app actually has some advantages here: no infrastructure costs means more engineering time can go into features. No server means better performance for analytical calculations that run locally. No cloud means no downtime from server issues.
Why now
The timing felt right for several reasons. Modern hardware made local AI genuinely fast. Desktop app frameworks matured to the point where building a production-quality cross-platform app is tractable for a small team. Increased public awareness of data privacy (post-GDPR, post-Cambridge Analytica, post-Stessa acquisition) means users are more receptive to the privacy pitch than they would have been five years ago.
And the competition essentially handed me a positioning. When Stessa was acquired by Roofstock, every serious investor using that platform was forced to ask whether they were comfortable with their data inside a real estate marketplace. Many of them weren't.
SealedFolio exists because I needed it, I couldn't find it, and the technology to build it properly had finally arrived. That's usually a good reason to build something.
If you're a real estate investor who's been thinking about these same questions, where your data lives, who can see it, and what happens when the tool you rely on gets acquired, join the waitlist. This was built for you.