Add Private Terminal (Finance → Investment Research)

[cerkon1]

Type

Addition

---

Changes

Adds Private Terminal to the Finance category, under a proposed new Investment Research section (alternativeTo: TradingView, Koyfin, Bloomberg Terminal, Yahoo Finance). Happy to re-home it to a different section if you'd prefer.

Private Terminal is a free, MIT-licensed, local-first desktop research dashboard (Tauri v2 — Rust + React/TypeScript) for stocks, crypto, and macroeconomics: watchlist with multi-indicator candlestick charts, 29 FRED macro series, cross-section percentile heatmap, and seven cross-asset analysis tools.

Privacy properties: no accounts, no telemetry, no analytics, no cloud sync. All state lives in a local SQLite file, and the only network requests are to the public data sources the user enables (FRED, Yahoo Finance quotes, optional RSS feeds).

---

Supporting Material

• Source code: https://github.com/cerkon1/private-terminal
• Product page: https://www.privateacb.com/terminal/
• Privacy details: the README's "Privacy stance" section (including a full table of outbound network calls), and in-app at Settings → Privacy

---

Affiliation

I am the author of Private Terminal.

---

Checklist

• I have read the Contributing guide, and confirmed my PR aligns with the requirements
• I have performed a self-review (valid Markdown formatting, spelling, and grammar)
• I have indicated whether I have any affiliation with any software / services added
• I agree to follow the repositories Contributor Covenant Code of Conduct

[liss-bot]

Hello @cerkon1

Thank you for contributing to Awesome Privacy! We will review your submission shortly. In the meantime, please ensure all changes are correct and inline with our Contributing Requirements.

Our automated checks detected some issues:

• Please fill in pull request template in full. You can find a copy of this here
• Description length (403 chars) is outside the recommended 50–250 character range. Please see our Contributing Guidelines
• The link(s) you included seem to be returning a 404. Please double check all URLs listed are valid and publicly accessible
• It looks like your submission is quite a small project without a lot of users yet. In some circumstances we may ask you to resubmit this once the project is more mature and has a proven track record of good practices and maintenance.
• This project appears to be quite new (created less than 4 months ago). Repositories should have a proven track record before listing, and at least 16 weeks since first stable release.
• This project appears to contain AI-generated code. Additional care will be needed when reviewing the submission.

^{🤖 I am a bot, and sometimes make mistakes. If you feel that any info here is incorrect or inaccurate, feel free to add a comment below with any corrections or justifications. This bot does not use AI, and just runs preliminary validation checks against submission requirements. Human review is still needed.}

Summary of Changes:

• Added Private Terminal in Finance → Investment Research
• Added section Investment Research in Finance

Submission Info

Repo Stats

• 🟢 License: MIT License
• 🔴 Repo Age: 1 month
• 🟢 Last Updated: today
• 🟠 Releases: 2
• 🔴 Stars: 0
• 🔴 Contributors: 1
• 🟢 Is Fork: No
• 🟢 Is Archived: No
• ⚪ Security Advisories: Unknown
• 🔴 Vibe Coded: 62 AI commits
• 🔵 Commits: 63
• 🔵 Open Issues: 0
• 🔵 Website: https://www.privateacb.com/terminal/
• 🔵 Author: cerkon1
• 🔵 Languages: TypeScript, Rust, CSS, HTML

Website Checks

• ⚪ Status: Unknown
• 🟢 HTTPS: Yes
• ⚪ Blacklist: Unknown
• ⚪ Redirect: Unknown
• ⚪ Risk Score: Unknown
• ⚪ HSTS: Unknown
• ⚪ CSP: Unknown
• ⚪ X-Frame-Options: Unknown
• 🔴 Security.txt: Missing
• ⚪ Server: Unknown
• ⚪ Server Location: Unknown
• ⚪ Title: Unknown

^{The above data does not determine a submissions eligibility. Human review is still needed.
Key: 🟢 = good. 🟠 = warning. 🔴 = attention required. 🔵 = info. ⚪ = unknown.}

^{For full details, please see workflow run 27314487470}

---

Updates

Edit 1: - 1 issue was resolved, but 5 checks are still failing, see here for details
Edit 2: - 4 checks are still failing, see here for details

[cerkon1]

Thanks for the automated review — corrections and updates on each point:

• Template — the PR body has been rewritten to follow the template in full (Type / Changes / Supporting Material / Affiliation / Checklist).
• Description length — shortened to 183 characters (was 403).
• 404 links — I couldn't reproduce this: all three URLs in the entry (url, github, icon) return HTTP 200 via GET and HEAD, including with a non-browser user agent. Possibly a transient failure — happy to adjust if a specific URL is still failing for you.
• Security.txt — now published at https://www.privateacb.com/.well-known/security.txt (RFC 9116).
• Project age / size — fair point, and acknowledged: the repo is young and doesn't yet have a star history. For transparency: it's the free, open-source sister project of an established product by the same developer, it ships signed-checksum releases, and it's in active maintenance. If the maintainers prefer the 16-week track record first, I'm happy to close and resubmit later this year — your call.
• AI-generated code — correct and disclosed: the codebase was built with AI assistance under human direction and review.

[lissy93]

Hey @cerkon1 - looks cool, thank you for submitting.
But as per contrib guidelines, this probably doesn't meet maturity requirements, given it's a newly created project so doesn't yet have any track record of good maintenance, security or privacy.

Just a small suggestion, the repo is missing the build process from CI, no signing, build provenance/attestations, SBOM, checksums, etc. So it's not verifiable that what you're executing is actually the code in the repo.

I did give it a super quick test drive in a VM. It all looks good
And noticed a couple of discrepancies between what your privacy policy says (https://www.privateacb.com/privacy/) and what's actually happening:

• Policy says API keys are encrypted, but they're not
• Outbound sources listed in policy are incorrect
• Country to the policy watchlist is being transmitted to unofficial Yahoo finance + Finnhub

I did get a purchase popup tho, which makes me think this is going to be paywalled soon, and so would make it illegible for listing here.
Edit: Some of my findings were invalid, since I tested 2 different .exe files from same author. See his reply below.

[cerkon1]

Hey @lissy93 — thanks for actually test-driving it in a VM, that's more effort than most reviews get.

Fair call on maturity, no argument there. Happy for this to be closed and I'll come back when the project has some history behind it.

One thing I do want to untangle though: I think you ended up testing two different apps. The trial banner / "Purchase Now" popup in your screenshot is PrivateACB, our paid crypto tax app — that's the download on the privateacb.com homepage. Private Terminal (what this PR is for) is the MIT terminal and has no trial or license code in it at all — nothing is getting paywalled. The mix-up is on me, both apps live on the same site and the separation clearly isn't obvious enough.

The Yahoo/Finnhub traffic and the unencrypted API keys you saw are Private Terminal's, and the app does disclose both — Settings → Privacy lists every outbound destination and flat out says the FRED/Finnhub keys sit unencrypted in the local SQLite file. The only things leaving the machine are ticker symbols / series IDs to fetch quotes, plus your API key where a service needs one. (The tax app, for what it's worth, does match the policy — keys go through Windows DPAPI, and its only endpoints are BoC, FRED, CoinGecko and CryptoCompare. No Yahoo or Finnhub anywhere in that codebase.)

You're right about two things though, and I've fixed them:

• The privacy policy only covered the tax app and never mentioned Private Terminal, so checking the terminal against it would naturally look contradictory. There's now a dedicated Private Terminal section live at privateacb.com/privacy/ covering its actual endpoints and the unencrypted key storage.
• Verifiable builds — fair hit. CI now runs on every push, and releases ship SHA256 checksums plus GitHub build provenance attestations, so you can check a binary against the repo with gh attestation verify. Code signing once I sort out a cert.

Thanks again — honestly this was more useful than a merge would have been. I'll resubmit once there's a track record, if you're open to it.

[lissy93]

One thing I do want to untangle though: I think you ended up testing two different apps

Ah my bad on the wrong exe! I did try out both, and was confused why they were so different 😅
Yeah, I'll cross out my comment about the paywall and priv policy then.

Nice work on the build CI. That usually takes me at least 10 attempts to get working 😅

And apologies for the false positives about the website being down from the bot. I'll update the bot script to better handle 403 errors.