Tiller 12-Point Security and Privacy Promise
“We consider our commitment to customer privacy and security with every tool and decision we make. We’re proud to be a pioneer in open banking because it’s a big win for consumer privacy, security, and control.
We strictly limit data sharing within Tiller to ensure that systems, tools, and people can only access minimum required data. Tiller is an outlier in the personal finance industry in that no one on our team sees customer transactions and balances.
And unlike many personal finance services, Tiller does not monetize your data by selling it to advertisers or third parties. Your data is just that: your data.“
– Peter Polson, Founder of Tiller
1. Tiller is solely funded by your subscription
One of Tiller’s core values is that our customers are not our product.
2. Your data is protected with bank-grade 256-bit AES encryption
Sensitive data is encrypted in transit and at rest with bank-grade 256-bit AES encryption.
By default, neither Microsoft nor Google will see your data. You choose whether to feed your data into a Microsoft Excel (desktop or cloud) or Google Sheet spreadsheet.
3. Tiller securely connects to financial sources via Yodlee
Tiller uses an API from Yodlee to securely access bank information. We chose Yodlee because 15 of the top 20 largest United States banks use and trust the same API from Yodlee to securely aggregate bank data.
Yodlee is regularly audited by banks, regulators, and independent entities. Yodlee is a publicly-traded company and has undergone 200 audits by financial institutions in the past 24 months.
4. Tiller does not see or store bank credentials
Credentials are encrypted in your browser and passed directly to Yodlee. Yodlee provides a read-only token granting Tiller’s servers access to customer transactions. Tiller is moving swiftly into open banking, ensuring that no credentials ever have to be shared for bank data access (more below).
5. Tiller supports 2-Step verification
Tiller’s authentication system is built around Google because Google has best-in-class security. Customers OAuth with the Google account into Tiller. We encourage all customers to implement Google’s multi-factor authentication.
6. No one on Tiller’s team sees your transaction data
Tiller is unique in our industry in that we’ve designed our processes so our team is blind to customer transactions and balances. This data remains encrypted and private externally and internally.
We have strict protocols internally to protect other information beyond transactions and balances, such as user names and email addresses.
7. Your spreadsheets are private
Every spreadsheet begins as a private spreadsheet just for you. The optional collaboration features in Google Sheets are exceptional (and Excel is good too). You can choose to share your spreadsheets with family members, accountants, or with our team if you want us to check out something in your spreadsheet or are just excited to show us a template you’ve built.
We also offer dummy data if you want to share a spreadsheet you’ve designed, but you want to remove your data from it.
8. Tiller does not pull information that isn’t needed for your spreadsheets
Tiller works to minimize the private data we collect, focusing on that data that is essential to providing our core services for you. We restrict sharing of private data between internal systems.
9. Tiller only has read-only access to bank data
Tiller cannot move, transfer, or invest money. Tiller cannot create new accounts, or change passwords or permissions with any financial institution.
10. Tiller is a leader in open banking
Tiller is a leader in open banking, an API-based approach to data-sharing where customers access their bank data without sharing usernames or passwords. Open banking is currently the most secure, reliable, and transparent way to connect financial sources to personal finance services like Tiller.
Tiller was the very first of Yodlee’s licensees to launch open banking. Yodlee chose Tiller in part because our customer retention rates are among the highest they’ve seen in the personal finance industry.
We currently support open banking with Capital One, Chase, Citi, Bank of America, Wells Fargo, and Charles Schwab. We’re moving swiftly to include all of the major US banks with our open banking initiative.
11. Tiller is audited by third-party security firms
Tiller successfully completed recent security audits from Yodlee and an independent security firm, an audit defined in part by requirements from major US banks that are participating in open banking.
12. You can easily request to have your data deleted
You can request that your data is deleted with a simple data delegation request. Simply log in to the Tiller console and request data deletion via the support chat widget or email firstname.lastname@example.org. Data deletion requests are confirmed within 24 hours.
You can choose to delete your Tiller account but keep all data imported to your Google or Microsoft spreadsheets for your private use, completely independent of Tiller.
Read why so many people trust and love Tiller
See Tiller’s latest reviews from verified users at the Google Workspace Marketplace, where Tiller has a 4.7-star rating and over 36,000 installed users.