Privacy

What passes through the server

When you connect through Claude, the server receives your YNAB OAuth access token and uses it to call the YNAB API for the specific tool request you make. Responses are returned to your Claude session.

The hosted server does not intentionally persist budget data, transactions, category names, account balances, or OAuth tokens. Tokens are held only for the active request/session path needed to complete the connector flow.

What may be logged

Infrastructure logs may contain ordinary request metadata such as timestamps, route names, status codes, and operational errors. They should not contain full budget payloads by design.

Control

You can revoke access at any time from YNAB OAuth settings. If you prefer full control, use the downloadable self-hosted version and run it with your own YNAB OAuth application.