The person behind it
Built by someone who spent a decade in this problem.
PathPlanner and Sanctum weren't built as a startup idea. They were built because the tools that should have existed didn't — and after enough time understanding why financial plans fail in practice, the gaps became too obvious to ignore.
Michael Graham
Founder & CEO, Pathway Tech · Graham Capital Holdings
Michael spent a decade analyzing household debt at the intersection of credit risk and behavioural economics — first in the CDFI sector, then building risk models for community financial institutions. He built PathPlanner and Sanctum because every private financial tool he found either required an account he didn't want to create, a subscription he didn't want to pay, or a cloud he didn't want to trust.
He founded Pathway Tech to build the private financial software he couldn't find. Graham Capital Holdings is a separate, active operation Michael runs in parallel — real financial models, applied to real operating decisions, every week. Capsule, Pathway Tech's Decision Engine and 90-Day Cash Forecast for business owners, grew directly out of that work: it's the tool he built for decisions he was already making, not a theoretical exercise. PathPlanner, Sanctum, and Capsule each stand entirely on their own.
Why we exist
Most personal finance software is built around the company's data model, not yours.
The standard model works like this: sync your financial data to a server, derive value from the aggregate, offer you a dashboard in return. It's a reasonable deal when you don't think about it too hard.
We thought about it too hard.
Financial data is among the most sensitive data anyone generates. It reveals income, debt, spending behavior, and patterns of stress and recovery that nothing else in a digital footprint captures. The standard approach treats that data as a resource. We treat it as your private information — which means our architecture is designed to never have access to it in the first place.
PathPlanner and Sanctum are what you get when you optimize for the user's actual interests rather than the data model. Faster, more private, structurally safer — and built to be owned permanently rather than rented indefinitely.
The conviction
"Software that handles your most sensitive financial decisions should be rigorous, private, and owned — not rented, not surveilled, not dependent on a company staying in business."
— Michael Graham, Founder & CEO
Why privacy-first matters
Privacy in software is usually a setting. Ours is an architectural decision.
Most apps let you opt out of tracking, adjust a toggle, accept a cookie banner. You negotiate with a default that wasn't in your favor.
We built privacy in at the architecture level. Your financial data is encrypted on your device using AES-256-GCM with keys derived from your PIN — keys that are never transmitted, never stored, and that Pathway Tech has no technical access to. We say this not as a marketing claim but as a description of how the system works.
The practical consequence: a breach of Pathway Tech infrastructure cannot expose your financial data. We don't have it. If you forget your Sanctum PIN, we genuinely cannot help you recover it — and that's not a product failure, it's the point. It means Pathway Tech cannot be compelled to unlock your vault. It means no server compromise can expose your financial life.
Privacy by architecture means making design decisions that reduce your exposure even if they increase our complexity. We think that's the correct tradeoff when the subject is your financial life.
AES-256-GCM encryption
Your data is encrypted before it's stored. The cipher provides both confidentiality and integrity verification — meaning tampering is detectable, not just concealed.
PBKDF2-SHA256 key derivation
310,000 iterations. Your encryption key is derived from your PIN — it exists only in memory during your session and is never written to disk or transmitted anywhere.
Zero financial data transmitted
The only contact the app makes with Pathway Tech is when you validate a licence key. No financial data is included. You can verify this in browser developer tools.
No PIN recovery path
Your PIN is never stored. If you lose it, we cannot help you recover it — and that's intentional. It means we also cannot be compelled or breached into unlocking your vault.
Why local-first architecture
Local-first means the server was never the source of truth in the first place.
Local-first means your data lives on your device, not ours. Every calculation happens in your browser. The app doesn't need a connection to think — it already has everything it needs, because everything it needs is where you are.
This is different from "offline mode," which usually means "syncs when connectivity returns." Local-first means the cloud was never in the design.
There are real tradeoffs and we name them directly: if you lose your device without creating a backup, your data is gone. We build good backup tooling and we're honest about this limitation in the product. In return, you get software that is faster (no round-trip latency), more private (nothing to intercept in transit), and safer under failure modes. A Pathway Tech outage affects your licence validation, not your data.
For a tool handling sensitive financial information, those properties are worth the tradeoff. The only reason most products don't work this way is that it's harder to build and harder to monetize on an ongoing basis. We decided both of those were our problems to solve, not yours to compensate for.
Why trust us
Why trust software from a company you haven't heard of?
Fair question. Here are the specific reasons you should — and the specific things you can verify yourself.
Built by someone with relevant expertise
A decade in credit risk and household debt. The behavioral economics research cited in Sanctum's design is real research. This isn't a pivot or a side project rebranded as a company.
The privacy is architectural, not a policy
Your data is encrypted on your device. Pathway Tech has no technical access to it.
You can verify this: open browser DevTools and confirm no network requests contain financial data.
The trial is the full product
Try before you buy. The trial is fully functional — every calculation, every encryption operation, every import. Nothing is hidden until you hit the data limit.
The commitments are written down
Security updates committed through at least 2028, in writing. Founder identified by name. Legal documents published. 14-day unconditional refund policy. Not marketing language — enforceable terms.
14-day money-back guarantee
If the product doesn't do what we said it does, you get your money back within 14 days. No proof of defect required. No conditions.
We answer emails
support@pathwaytech.co. Two business days. One person who knows the product and can answer a specific technical question about how it works.