Tiller’s 12-Point Security and Privacy Promise
“We consider our commitment to customer privacy and security with every decision we make. And unlike many personal finance services, Tiller does not sell your data to advertisers or third parties.” – Tiller founder Peter Polson
1. Unlike other financial apps, Tiller doesn’t make money selling your data or showing ads.
2. Your data is protected with bank-grade 256-bit AES encryption
Sensitive data is encrypted in transit and at rest with bank-grade 256-bit AES encryption.
By default, neither Microsoft nor Google will see your data. You choose whether to feed your data into a Microsoft Excel (desktop or cloud) or Google Sheets spreadsheet.
3. Tiller securely connects to financial sources via Yodlee
Tiller uses an API from Yodlee to securely access bank information. We chose Yodlee because 15 of the top 20 largest United States banks use and trust the same API from Yodlee to securely aggregate bank data.
Yodlee is regularly audited by banks, regulators, and independent entities. Yodlee is a publicly-traded company and has undergone 200 audits by financial institutions in the past 24 months.
4. Tiller does not see or store bank credentials
Credentials are encrypted in your browser and passed directly to Yodlee. Yodlee provides a read-only token granting Tiller’s servers access to customer transactions. Tiller is moving swiftly into open banking, ensuring that no credentials ever have to be shared for bank data access (more below).
5. Your financial data is stored in your own private spreadsheets
Tiller doesn’t lock your data into a proprietary format. Your transactions, balances, and custom categories are stored in standard columns and rows, in spreadsheets owned exclusively by you. Your spreadsheets are accessed and managed through your Google or Microsoft account independent of Tiller.
If you cancel your Tiller subscription, all your imported transactions, balance history, and templates remain untouched in your Google or Microsoft Excel spreadsheet. More here.
6. No one on Tiller’s team sees your transaction data
Tiller is unique in our industry in that we’ve designed our processes so our team is blind to customer transactions and balances. This data remains encrypted and private externally and internally.
We have strict protocols internally to protect other information beyond transactions and balances, including such as user names and email addresses.
7. Tiller does not pull information that isn’t needed for your spreadsheets
Tiller works to minimize the private data we collect, focusing on that data that is essential to providing our core services for you. We restrict sharing of private data between internal systems.
8. Tiller only has read-only access to bank data
Tiller cannot move, transfer, or invest money. Tiller cannot create new accounts, or change passwords, or modify permissions with any financial institution.
9. Tiller supports 2-Step verification
Tiller’s authentication system is built around Google and Microsoft who both sharebecause Google has best-in-class security. Customers OAuth with their Google or Microsoft account into Tiller. We encourage all customers to implement Google’s multi-factor authentication.
10. Tiller is a leader in open banking
Tiller is a leader in open banking, an API-based approach to data-sharing where customers access their bank data without sharing usernames or passwords. Open banking is currently the most secure, reliable, and transparent way to connect financial sources to personal finance services like Tiller.
Tiller was the very first of Yodlee’s licensees to launch open banking. Yodlee chose Tiller in part because our customer retention rates are among the highest they’ve seen in the personal finance industry.
We currently support open banking with Capital One, Chase, Citi, Bank of America, Wells Fargo, and Charles Schwab. We’re moving swiftly to include all of the major US banks with our open banking initiative.
11. Tiller is audited by third-party security firms
Tiller successfully completed recent security audits from Yodlee and an independent security firm, an audit defined in part by requirements from major US banks that are participating in open banking.
12. You can easily request to have your data deleted
You can request that your data be deleted at any time with a simple data delegation request. Simply log in to the Tiller console and request data deletion via the support chat widget or email firstname.lastname@example.org. Data deletion requests are confirmed within 24 hours.
You can choose to delete your Tiller account but keep all data imported to your Google Sheet or Microsoft Excel spreadsheets for your private use, completely independent of Tiller. (See point #5 above.)
Read why so many people trust and love Tiller
See Tiller’s latest reviews from verified users at the Microsoft AppSource (4.7-star rating) and Google Workspace Marketplace (4.7-star rating).