GlidePath Money

Browser extension

Skip the monthly “export, find the file, drag it in” ritual.

Right now, getting transactions out of your bank into any finance tool is roughly: log in, click Export, save the file somewhere, dig the file out of Downloads, drag it into your app, repeat for every card and every month. The GlidePath browser extension folds all of that into one step.

Install it once. From then on, when you click "Download" on your bank’s site, the CSV flows straight into your GlidePath app on your own machine. Your bank credentials never leave the browser. The CSV never touches our servers. It’s the convenience of an aggregator without giving anyone your bank login.

What the extension does

Three pieces, working in the background. You won’t see most of this happening — that’s the point.

🪝

Catches your bank's CSV download

When you click Download on a supported bank site, the extension spots the request and grabs a copy of the CSV bytes before the file leaves the browser.

🎯

Routes it to the right account

The first time you download from each card, you tell GlidePath which account it belongs to. From then on, every future download from that card auto-routes silently.

🔒

Never leaves your machine

The CSV flows from your browser to localhost:5000 — your own GlidePath install. We never see your transactions, your bank credentials, or anything else. Local-first is the architectural promise.

Supported banks today

Four major US banks at launch. The architecture extends to any bank whose download endpoint we can fingerprint — adding a new one is usually a single-day task on our side.

Bank Auto-capture? What to expect
Chase ✓ Silent The filename includes the card's last-four. Transactions land directly on the matching card with no setup needed.
American Express ✓ One-time setup First download per card: pick the target account once via the app's inbox panel. Future downloads auto-route silently.
Citi ✓ One-time setup Same pattern as Amex. Costco Visa, Diamond Preferred, etc. each get mapped once and remember forever.
Bank of America ⚠ Popup-flow BoA's anti-automation defenses prevent silent auto-capture. Download as usual, then drop the file into the extension popup with the card's last-four. One extra click per download.

Missing your bank? The extension has a universal popup-fallback that works with any CSV from any bank — open the popup, pick the file, type the last-four. Same import quality, one extra click. We add per-bank auto-capture as quickly as customers ask.

First-time setup, one card at a time

Most banks don't expose which specific card a download came from in the URL or filename — there's no "this is the Costco Visa" field anywhere. So the first time you download from each card, you tell GlidePath where it goes. After that, it remembers.

  1. Download the CSV normally from your bank's site — same as if you were saving it to disk. The extension catches it.
  2. You'll see a Chrome notification like "✓ N transactions imported · Citi → Browser Extension Inbox (Citi #c13cfd58…)". The #c13cfd58… is the bank's internal ID for that card — proof we caught the right download.
  3. Open your GlidePath app and go to /Accounts. You'll see an orange-bordered panel titled "Re-route extension-import inbox" with that batch of transactions waiting.
  4. Pick the matching account from the dropdown — the dropdown is filtered to just that bank's accounts to make it easy. Click "Move all".
  5. The mapping is saved. The success message will confirm: "Future downloads from this card will auto-route here." From now on, downloads from that exact card go straight to your account with no inbox stop.

How long does the one-time setup take?

About 30 seconds per card. For someone with eight cards across four banks, that's a four-minute one-time pass. After that, you blast through downloads on each bank's site and the app updates itself.

When auto-capture doesn't work

Sometimes you'll see a notification like "auto-capture didn't work — the file is in your Downloads folder, drop it into the extension popup to send it." Here's what that means and what to do.

Why it happens

  • Bank security defenses. Banks like Bank of America use POST-only download endpoints with single-use CSRF tokens that can't be replayed from a background context. This is intentional on their part.
  • Bank UI changes. Banks redesign their sites periodically. If a download URL changes, our extension may not recognize it until we ship an update.
  • Session expired. If your bank session times out mid-download, the re-fetch may return an auth error.

What to do

  1. The file is already in your Downloads folder.
  2. Click the GlidePath extension icon in your browser toolbar.
  3. The popup opens. Click "Choose File" and pick the CSV.
  4. Optionally enter the card's last 4 digits in the Account last 4 field. That lets the app match it to the right account directly, no inbox stop.
  5. Click "Send to GlidePath".

Same import quality, same dedup. The popup is the universal escape hatch for any CSV from any bank — even ones we don't have a built-in capture path for yet.

Installing the extension

We're submitting to the Chrome Web Store shortly. Until then, the extension can be installed manually as an "unpacked" extension.

Chrome Web Store (coming soon)

Once approved, a one-click install from the Chrome Web Store will be the recommended path. Microsoft Edge picks up Chrome extensions automatically; Firefox has a separate Add-ons listing planned.

Manual install (today)

  1. Email hi@glidepathmoney.com and we'll send you the latest extension zip.
  2. Extract it to a folder you'll keep around (don't delete it after install).
  3. In Chrome, open chrome://extensions/.
  4. Toggle Developer mode ON in the top-right.
  5. Click "Load unpacked" and select the extracted folder.
  6. The extension shows up. Click the pin icon to keep its icon in your toolbar for easy access.
  7. When you visit a supported bank's site for the first time, Chrome may prompt you to allow access to that bank's domain. Accept.

Troubleshooting

The extension icon shows the wrong version after an update

Chrome doesn't auto-refresh extension code in already-open tabs. Go to chrome://extensions/, click the reload icon (⟳) on the GlidePath card, then hard-refresh any bank tabs (Ctrl+Shift+R) so the new content scripts inject.

I got a "new permission needed" prompt after updating

That happens when we add a new bank to the supported list — Chrome asks you to grant access to that bank's domain. Click "Accept" or "Enable" to allow. We never request domains beyond the banks we actually capture exports from.

The inbox panel on /Accounts doesn't show new transactions

Your browser is showing a cached version of /Accounts. Hard-refresh with Ctrl+Shift+R. The server-side rendering is correct; the cache is the culprit.

Two cards from the same bank both show "Browser Extension Inbox (X)"

Each unique card gets its own inbox row with a truncated bank ID (e.g., Citi #c13cfd58… vs Citi #16353aad…). If you can't tell which is which from the row label alone, click into /Transactions and filter to that inbox account to see the payees — most of the time you'll recognize the card from the merchants alone (e.g., COSTCO purchases → Costco Visa).

My antivirus is blocking the GlidePath installer

Fresh unsigned installers trigger heuristic warnings in McAfee, Norton, and sometimes Windows Defender SmartScreen. We're in the process of getting an EV code-signing certificate, which permanently fixes this. Until then: either whitelist the file in your AV's exclusions list, or click "More info → Run anyway" in SmartScreen.

How do I uninstall?

Open chrome://extensions/, find GlidePath Money — Bank CSV Helper, click Remove. The extension stores no data outside Chrome's per-extension storage (which Chrome wipes on uninstall), and the app on your PC keeps working without it — you can still drag CSVs into the /Import page manually.

Privacy guarantees

  • Bank credentials never leave your browser. The extension never sees, stores, or transmits your bank login. You log in like you always have.
  • CSV bytes never reach our servers. The data flows from your browser to http://localhost:5000 — that's your own GlidePath install, on your own machine. We have no copy of it.
  • No telemetry from the extension. The extension makes two kinds of outbound requests: re-fetching the bank's download URL (to capture the CSV) and posting to localhost. That's it. No analytics, no error reporting, no anything.
  • Host permissions are bank-only. The extension declares access only to bank domains it can capture exports from (chase.com, americanexpress.com, citi.com, bankofamerica.com today). Adding a new bank is a permission update you have to approve.
  • Open-source-able by request. If you want to read the extension's source before installing, ask us. We have nothing to hide.