| Date | Metal | Type | Image | Name | Qty | Weight | Purchase | Melt | Retail | Gain/Loss | Source | Actions |
|---|
| Date | Item | Field | Old Value | New Value | Undo |
|---|
Your Privacy is Protected: All data is stored locally in your browser using localStorage and never transmitted to any server. Your precious metals inventory information remains completely private and under your control.
Data Backup Responsibility: Since data is stored locally, it will be lost if you clear browser history, reset browser data, or use private browsing mode. Remember to export your data regularly to keep a copy.
Use at Your Own Risk: This tool is provided for informational and organizational purposes only. The developer assumes no responsibility for any financial decisions, investment choices, or data loss. Always verify spot prices and calculations independently.
Spot Price Accuracy: Prices displayed are for reference only and may not reflect real-time market conditions. Always confirm current pricing with your dealer or official market sources before making transactions.
Choose which timezone to use when displaying timestamps. Stored data is always UTC.
Optional buttons shown in the top-right of the app header.
Cycle color theme.
Switch display currency.
Cycle sparkline period.
Sync all spot prices.
Toggle visibility and reorder major page sections.
Reorder and toggle sections in the item view modal.
Select layout style.
Sort field and direction on load.
Max items shown before scrolling (cards + table).
Custom themes coming soon — build your own color scheme.
Reorder and show/hide spot price and summary cards. Drag rows to reorder.
Choose which badges appear next to item names in the table.
Minimum item count for a filter chip to appear.
Group item names by base name (e.g., "American Silver Eagle (3)").
Auto-extract text from parentheses and quotes in item names as additional filter chips.
Enable, disable, and reorder chip categories. Assign the same Group letter to merge categories so their chips sort together.
Show item count on each filter chip (e.g., "Gold (13)").
Sort chips within each category by name or quantity.
Suppressed auto-generated chips. Right-click any name chip to add it here.
Define chip labels with comma or semicolon-separated name patterns.
Show smart suggestions when typing in the Name, Purchase Location, and Storage Location fields.
Rewrite common coin names (e.g. "ASE") into Numista-optimized search queries with direct lookups for known catalog IDs.
Pre-configured lookup rules shipped with StakTrakr. Toggle individual rules on or off.
Add your own regex patterns to rewrite Numista search queries. Custom rules override built-in patterns.
Get a free API key at numista.com/api (2,000 requests/month free tier). Your key is stored locally in your browser.
Choose which Numista data fields appear in the item view modal.
Sync metadata for all inventory items with Numista catalog IDs. Images are loaded on-demand when viewing items. Uses your API key (counts toward monthly quota).
Requires a PCGS API account at api.pcgs.com (1,000 requests/day). Token is stored locally in your browser.
HTTPS required — cert verification will not work on file:// protocol.
Free hourly spot prices — no API key required.
This is a free, best-effort service. Prices may be delayed or temporarily unavailable. No guarantee of accuracy, uptime, or availability is provided.
🐉 Here be dragons
Cloud Sync lets you store encrypted vault backups on your own cloud storage account. Your data is encrypted with AES-256-GCM before it leaves StakTrakr — your provider never sees the plaintext.
This feature is in early beta. It works, but rough edges remain. We are a small team and your patience means a lot.
Supabase-powered cloud storage for StakTrakr sponsors. Zero-config encrypted sync with automatic backups.
No snapshot available.
Your vault password is remembered for this browser session after the first backup or restore. Closing the browser clears it.
Show coin images in the table.
Which coin sides to show.
Numista images take priority.
Create rules that automatically assign images to items matching a name pattern.
Select multiple inventory items and apply batch operations — edit shared fields, duplicate entries, or remove items in bulk. This feature is actively developed; please report any issues on GitHub.
Import data from external services like Numista.
Export your data files.
AES-GCM encrypted vault file. Use to back up and restore all inventory data.
Permanently remove inventory or wipe all app data. These actions cannot be undone.
All prices, spot values, and exports will use this currency. Spot prices are fetched in USD and converted using daily exchange rates.
Show a quick currency switcher in the app header.
Choose how the 24h percentage change on spot cards is calculated.
Set market prices for Goldback denominations manually or auto-estimate from gold spot. Check current rates at goldback.com/exchange-rates.
Use denomination prices as retail value for gb-unit items.
Auto-estimate prices from gold spot: 2 × (spot / 1000) × modifier.
Manual edits will be overwritten on the next spot refresh.
Enter the 1 Goldback exchange rate to auto-fill all denominations.
| Denomination | Gold Content | Market Price | Last Updated |
|---|
No market prices yet
Sync to load current bullion retail prices from APMEX, Monument, SDB, and JM Bullion.
Browse inventory changes, spot price history, catalog lookups, and per-item price tracking.
Recent inventory changes. Click a row to edit the item, or undo/redo individual changes.
| Date | Item | Field | Old Value | New Value | Undo |
|---|
Spot price updates recorded from API syncs and manual edits.
| Timestamp | Metal | Spot Price | Source | Provider |
|---|
Historical LBMA reference prices from bundled seed data (read-only).
| Date | Metal | Spot Price | Provider |
|---|
Catalog API call history. Failed lookups are highlighted in red.
| Time | Action | Query | Result | Items | Provider | Duration |
|---|
Per-item price snapshots recorded on add, edit, and spot price sync.
| Timestamp | Item Name | Retail | Spot | Melt | Actions |
|---|
Cloud sync activity — backups, restores, connections, and token refreshes.
| Time | Action | Provider | Result | Detail | Duration |
|---|
| Date | Avg | Median | Lowest | APMEX | Monument | SDB | JM |
|---|
Only you. Your inventory is stored entirely on your own device using your browser's localStorage (and IndexedDB for images). No data is ever sent to any server unless you explicitly choose to use a cloud backup feature like Dropbox.
Even when you use cloud backup, the data is encrypted on your device before it leaves — the cloud provider receives an encrypted blob they cannot read.
No. There is no server-side component, no database, and no analytics that transmit your inventory. The developer has no technical means to access your data.
The only outbound network requests the app makes are:
staktrakr.com/version.json (no inventory data included)No cookies. No advertising SDKs. No tracking pixels. The app itself uses browser localStorage and IndexedDB solely to store your inventory and preferences on your own device.
However, when you use the hosted version at staktrakr.com (served via Cloudflare Pages), Cloudflare Web Analytics is active at the network edge. It collects aggregated, anonymous page view metrics — things like visit counts, countries, and browser types — to help the developer understand usage. Cloudflare does this without cookies and without building individual user profiles.
No inventory data is ever included. If you download and run the app locally from a ZIP file, no analytics run at all.
Does not: set cookies · use localStorage · fingerprint individuals · share data with advertisers · track you across sites
Does: log page views at the network edge · process IP addresses server-side (not stored individually) · report aggregated metrics to the site owner only
If you clear browser storage (not just history), your inventory data stored in localStorage will be deleted. Browser history alone does not affect your data.
Recommendation: Export a backup regularly using the ZIP or vault export options. This gives you a file you control, independent of any browser.
StakTrakr is open-source software — anyone can read the code at github.com/lbruton/StakTrakr. There is no hidden code.
The app loads several trusted third-party libraries (Chart.js, PapaParse, jsPDF, Bootstrap) from CDNs. These are industry-standard libraries used by millions of websites.
Like any web app, your device's security is part of the equation. Keep your browser and operating system updated, and be cautious about browser extensions that have broad permissions.
Your data is never locked in. You can export at any time in multiple formats:
All export options are in the Inventory → Export menu.
Yes. Because the app runs entirely in your browser with no server requirement, a downloaded copy will continue to work indefinitely — even without an internet connection — as long as browsers continue to support standard web APIs (localStorage, IndexedDB, JavaScript).
You can always save a ZIP of the app and open it locally. The app is designed from the ground up to work with the file:// protocol.
The app is MIT licensed and open source. If development stops, anyone in the community can fork the project and continue it. Your data remains yours in exportable formats regardless.
The offline-first, single-file design means the app won't simply stop working the way a subscription service would.
No. When you use the cloud backup feature, your inventory is encrypted on your device before it is uploaded. Dropbox only ever receives an encrypted file — they cannot read what's inside it.
Encryption uses AES-256-GCM (symmetric authenticated encryption) with a key derived from your password via PBKDF2-SHA256 with 100,000 iterations. The encryption happens entirely in your browser using the Web Crypto API — the same cryptographic standard used by password managers and secure messaging apps. The cloud provider receives only the ciphertext and a random salt, never your password or plaintext data.
Encryption transforms your data into unreadable scrambled text using a secret key derived from your password. Without the correct password, the data is mathematically impossible to read — even if someone intercepts the file or the cloud provider is breached.
Think of it like a safe deposit box: the bank (Dropbox) holds the box, but only you have the key. The bank has no way to open it.
Important: If you lose your vault password, the data cannot be recovered. Store your password somewhere safe.
Your local data (in localStorage/IndexedDB) is protected by your browser's same-origin security model — other websites cannot read it. The vault encryption protects backups with strong cryptography.
The practical risks are the same as any local software:
Standard device security hygiene — OS updates, reputable extensions only, device lock screens — provides strong protection.
Most precious metals apps store your data on their servers and require accounts. StakTrakr is different:
index.html, and it runs anywhereThe core app is free and always will be. Every feature you see today — full inventory management, spot price sync, CSV/PDF/ZIP export, encrypted vault backups, Dropbox cloud sync, Numista/PCGS integration — is included with no account required and no paywall.
Running the app costs real money: the domain renewal, and the API provider that supplies hourly live spot prices for all users on a best-effort basis. Sponsoring at $1/month or more on GitHub helps cover those costs directly.
As a thank-you, sponsors will get access to optional infrastructure perks as they are built out:
None of these are features being removed from the free tier — they are new infrastructure that costs money to operate. If sponsorship never materializes, the core app stays exactly as it is. If it grows, everyone benefits from a more sustainable project.
The hourly API spot prices are provided on a best-effort basis. If infrastructure costs become unsustainable, that service may be reduced — but the app itself, and Dropbox sync, will always remain free and open source.
We believe in transparency. Here are real trade-offs you should know about.
Browser localStorage is not permanent storage. It can be cleared by:
Mitigation: Export a ZIP or vault backup regularly, especially on iOS. Consider connecting a cloud backup provider.
The app is designed to work with the file:// protocol (opening index.html directly from your filesystem). However, a small number of browser configurations restrict localStorage persistence in file:// contexts.
If you experience data not persisting when opening the file directly, try serving it from a local web server (e.g., python3 -m http.server) or use the hosted version at staktrakr.com.
StakTrakr is a one-person project. A paid independent cryptographic audit hasn't been commissioned — that's the honest limitation. But the codebase is not unreviewed. Every commit runs through a layered set of automated security and quality checks:
Development is also assisted by Claude Code (Anthropic's AI coding assistant), which is explicitly instructed to flag security concerns — SQL injection, XSS, insecure storage patterns, and similar issues — during implementation.
This is the realistic security posture of a well-maintained open-source personal project: comprehensive automated tooling, no paid human audit. For most users tracking a personal collection, this is a reasonable level of assurance. Users with very high threat models may wish to verify the encryption implementation themselves — the source is fully public.
Dropbox is the only fully active cloud backup provider. The Cloud tab in Settings also shows placeholder cards for four future providers: Google Drive, OneDrive, pCloud, and Box. These are shown to communicate the roadmap, not as functional options. All will use the same client-side AES-256-GCM encryption as Dropbox — the provider never sees your plaintext data.
The spot prices displayed are fetched from public metal pricing APIs and represent the theoretical melt value of metal at that moment. They are not buy/sell prices from a dealer.
Actual transaction prices will differ due to dealer premiums, bid/ask spreads, and market conditions. The "Melt Value" shown is a reference floor, not a guaranteed sale price.
Enter your vault password to encrypt your inventory before syncing. This password never leaves your device.
Both this device and another device have changes since the last sync. Choose which version to keep.
Another device has pushed a newer version of your inventory. Would you like to update now?
| Timestamp | Retail | Spot | Melt | Actions |
|---|
StakTrakr is a client-side web application for tracking precious metals inventory. Your data stays on your device — we do not operate servers that store user data. Last updated: February 17, 2026.
All inventory data, settings, and preferences are stored locally in your browser using localStorage and IndexedDB (for images). Nothing is transmitted to StakTrakr servers.
Browser localStorage is not permanent storage. It can be cleared by browser settings, private/incognito sessions, or on iOS if the device is low on storage and the app hasn't been used recently.
Recommendation: Export a ZIP or vault backup regularly, especially on iOS. Consider connecting a cloud backup provider.
StakTrakr will request authorization to read and write files in a /StakTrakr/ folder on your account. It stores an OAuth access token in your browser's localStorage to maintain the connection. StakTrakr does not access any other files in your cloud storage account.
No. Your backup is encrypted on your device with AES-256-GCM before it is uploaded. The cloud provider receives only ciphertext and a random salt — never your password or plaintext data. The key is derived from your password via PBKDF2-SHA256 with 100,000 iterations using the browser's Web Crypto API.
You can disconnect at any time in Settings → Cloud. Disconnecting removes the stored OAuth token from your browser. Your cloud files are not automatically deleted — you can remove them manually from your cloud provider's file manager.
StakTrakr may contact external services for spot price data, exchange rates, and catalog lookups. These requests contain no personal information — only metal type or coin identifiers. No cookies or tracking identifiers are sent. Specific services include:
staktrakr.com/version.json (version update check)No. The app itself does not use analytics, tracking pixels, fingerprinting, or advertising of any kind. There are no third-party scripts embedded in the app that collect user behavior.
When you use the hosted version at staktrakr.com (served via Cloudflare Pages), Cloudflare Web Analytics is active at the network edge. It collects aggregated, anonymous page-view metrics (visit counts, countries, browser types) without cookies and without building individual user profiles. No inventory data is ever included. If you run the app locally from a downloaded ZIP, no analytics run at all.
StakTrakr does not set cookies. OAuth providers may set their own cookies during the authorization flow in the popup window. Cloudflare Web Analytics does not use cookies.
StakTrakr is not directed at children under 13 and does not knowingly collect information from children.
If this policy changes, the updated version will appear in the app with a new date. Questions about this policy can be directed to the project's GitHub Issues page.
| Vendor | Price | Confidence |
|---|
| Date | Avg | Median | Lowest | APMEX | Monument | SDB | JM |
|---|