Habeas - Export your data from sites that hide it, in your session

Habeas is an open-source browser extension that reclaims your data (receipts, invoices, bank/card transactions) from services with no API or export that hide it behind anti-bot walls. It runs in your real, logged-in session, so it stores no credentials and never fights bot detection: the opposite of Plaid/Tink. Local-first: your data only leaves the browser to a destination you choose (folder, Drive, Dropbox, WebDAV, S3). Sources are declarative, auditable data, not code, in an open registry.

Add a comment

Replies

Best
Hi everyone — maker here 👋 I built Habeas because I was tired of services that hold my data — receipts, invoices, years of bank and card statements — but offer no API, no bulk export, and actively make it hard to get out. I wanted my own history, in a format I control. The core idea: Habeas runs inside your own, already-logged-in browser session. It only ever reads what your browser can already read. So you never hand a password to anyone, you solve MFA yourself, and it doesn't fight anti-bot — because your session is valid. It's the opposite of server-side aggregators like Plaid/Tink, which run on someone else's box with your bank login. On the obvious "isn't this risky / a scraping tool?" question — the safety is structural, not a promise: - Credentials are never stored or transmitted; the live session token lives only in memory and is wiped when you close the browser. - A same-registrable-domain guard means a session captured on a site can only ever be replayed to that same service. Sending your data anywhere else needs an explicit allowlist and a consent screen. So silent exfiltration is impossible by construction, not by policy. - Local-first: your data never leaves the browser unless you pick a destination (a folder, Drive, Dropbox, WebDAV, S3, or your own endpoint). No servers in the path, no telemetry. - Sources are declarative data, not code — auditable JSON in an open registry, so you can read exactly what any source does before installing it. It's your own data, in your own session, via user-run open source (GDPR Art. 20 / habeas data). Some services' ToS restrict automation — that's documented and your call; Habeas isn't a payment-initiation/PSD2 actor. Honest current state: 11 sources so far (Hover domains, Spanish supermarkets, retail, and banks incl. ING), and the registry is open — a record mode + validator make it easy to add your own for any service. Would genuinely love feedback on the model, the trust boundary, or the adapter format. AMA 🙏

Love the local-first approach and the open registry idea, that's a real differentiator. One thing that would make me actually adopt this daily: a small "schedule" field per source, so I can tell it to grab new receipts from my airline every Sunday night or pull card transactions on the 1st of the month, without remembering to open the extension myself. Would turn it from a tool I use into one I rely on.

 Hi! That's a really great idea. I'll implement it ASAP. Only Habeas won't be able to do by itself if there's no open session at that moment. But I'll do it so it nags you with the login process the next time you are around.