Tiller’s 12-Point Security and Privacy Promise
“We consider our commitment to customer privacy and security with every decision we make. And unlike many personal finance services, Tiller does not sell your data to advertisers or third parties.” – Tiller founder Peter Polson
Your Trust is Not for Sale
Tiller feeds your financial data in your private spreadsheets under your control. Tiller is not venture-funded. We don’t sell your data or show ads. We’re proud to be solely supported exclusively by customer subscriptions. Your transactions and balances aren’t statistically aggregated by Tiller or third parties.
1.Tiller doesn’t make money selling your data or showing ads.
Because Tiller is solely funded by your subscription, we never show ads or sell your data to third parties. Our customers are not our product.
Detailed privacy policy →
2. Your financial data is stored in your own private spreadsheets
Tiller doesn’t lock your data into a proprietary format. Your transactions, balances, and categories are stored in standard columns and rows, in spreadsheets owned by you. Your spreadsheets are accessed and managed through your Google or Microsoft account independent of Tiller.
If you cancel your Tiller subscription, all your imported transactions, balance history, and templates remain untouched in your Google or Microsoft Excel spreadsheet. More here.
3. Your data is protected with bank-grade 256-bit AES encryption
Sensitive data is encrypted in transit and at rest with bank-grade 256-bit AES encryption.
By default, neither Microsoft nor Google will see your data. You choose whether to feed your data into a Microsoft Excel (desktop or cloud) or Google Sheets spreadsheet.
4. Tiller securely connects to financial sources via Yodlee
Tiller uses an API from Yodlee to securely access bank information. We chose Yodlee because 15 of the top 20 largest United States banks use and trust the same API from Yodlee to securely aggregate bank data.
Yodlee is regularly audited by banks, regulators, and independent entities. Yodlee is a publicly-traded company and has undergone 200 audits by financial institutions in the past 24 months.
5. Tiller does not see or store bank credentials
Credentials are encrypted in your browser and passed directly to Yodlee. Yodlee provides a read-only token granting Tiller’s servers access to customer transactions. Tiller is moving swiftly into open banking, ensuring that no credentials ever have to be shared for bank data access (more below).
6. No one on Tiller’s team sees your transaction data
Tiller is unique in our industry in that we’ve designed our processes so our team is blind to customer transactions and balances. This data remains encrypted and private externally and internally.
We have strict protocols internally to protect other information beyond transactions and balances, including such as user names and email addresses.
7. Tiller does not pull information that isn’t needed for your spreadsheets
Tiller works to minimize the private data we collect, focusing on that data that is essential to providing our core services for you. We restrict sharing of private data between internal systems.
8. Tiller only has read-only access to bank data
Tiller cannot move, transfer, or invest money. Tiller cannot create new accounts, or change passwords, or modify permissions with any financial institution.
9. Tiller supports 2-Step verification
Customers OAuth with their Google or Microsoft account into Tiller. We encourage all customers to implement Google’s multi-factor authentication.
10. Tiller is a leader in open banking
Tiller is a leader in open banking, an API-based approach to data-sharing where customers access their bank data without sharing usernames or passwords. Open banking is currently the most secure, reliable, and transparent way to connect financial sources to personal finance services like Tiller.
Tiller was the very first of Yodlee’s licensees to launch open banking. Yodlee chose Tiller in part because our customer retention rates are among the highest they’ve seen in the personal finance industry.
We currently support open banking with Capital One, Chase, Citi, Bank of America, Wells Fargo, and Charles Schwab. We’re moving swiftly to include all of the major US banks with our open banking initiative.
11. Tiller is audited by 3rd-party security firms
Tiller successfully completed recent security audits from Yodlee and an independent security firm, an audit defined in part by requirements from major US banks that are participating in open banking.
12. You can request to have your data deleted
You can request that your data be deleted at any time with a simple data delegation request. Simply log in to the Tiller console and request data deletion via the support chat widget or email support@tillerhq.com. Data deletion requests are confirmed within 24 hours.
You can choose to delete your Tiller account but keep all data imported to your Google Sheet or Microsoft Excel spreadsheets for your private use, completely independent of Tiller. (See above.)
Included with Tiller
Tiller is a complete personal finance service
based in your own private spreadsheets: