Where is Tiller storing our transaction data? What are the data retention policies?

I always assumed Tiller does not store/maintain data and you have to pull it into a Spreadsheet regularly so you don’t miss anything.

A while ago I connected an account but never connected it to a SS, and I never pulled transactions into a SS.

Today I went to pull data in and it pulled in many, many months worth of data.

This leads me to believe that Tiller is doing data pulls behind the scenes and storing the data somewhere. And then the spreadsheets pull it from that data store.

  1. Where does Tiller store the data?
  2. How is the data stored/encrypted?
  3. Is each user’s data encrypted with said user’s key or is everyone’s data encrypted using the same key?
  4. How many days/weeks/months/years worth of data does Tiller store?
  5. Any other information relevant to this topic…

Tiller’s 12-Point Security and Privacy Promise has some info about this.

I saw that but I think it is incomplete/inaccurate. It implies data is only stored on my private spreadsheets – but I don’t believe that to be the case.

You’re probably looking for more detail, but it does indicate (‘at rest’ ie. ‘stored’):

Sensitive data is encrypted in transit and at rest with bank-grade 256-bit AES encryption.

Yeah, I saw that. But it just yields more questions.

I am hoping they can provide more transparency about their data policies/practices.

Why assume that Tiller is storing data? I know nothing about nothing when it comes to data and the internet, but I’ve always thought that our data is stored with our banks. When we pull data, Tiller asks Yodlee to get the data from our banks. That data then populates our sheets. I’m not seeing why it would be necessary for Tiller to store our data anywhere.

Tiller’s 12-Point Security and Privacy Promise covers most of what I would want to know. I do not work at Tiller, but I am heavily involved in security reviews at a cloud service company.

The data is stored in your Google account or Excel sheet. Tiller is the go-between, using another third party (tragically named) “Yodlee” to pull your bank info. All data that is piped through is encrypted (256-bit AES)

I am curious about this: The security/privacy promise mentions that Tiller gets security audits from a third party. What security framework or standard does Tiller comply with?

1 Like

I’m thinking Refresh interacts with Yodlee and Fill is all Tiller :thinking:

“our” (Tiller’s) database

  1. Refresh - pulling data from the bank and making it available in our database
  2. Fill - filling transaction and balance data into the spreadsheet when you click the “Fill” button
1 Like

Yeah, that’s all fair and interesting. If you imagine data that gets refreshed via Yodlee but never gets filled into our sheets, then where does that data sit? I’m assuming that once it fills our sheets, it no longer exists anywhere else.

It sits in a Tiller database. Make a Copy of your spreadsheet, link it to the console and the Fills are independent, accessing the data in a Tiller database. The copy will have the same watermark in the sheet’s developer metadata, at the time of the copy, so the Fill knows where it last left off. Yodlee doesn’t have access to our spreadsheets.

Once Yodlee has refreshed your account and we have pulled the data from their systems it is available in our database for filling into your sheet.

1 Like

Yes, yes. I knew that Yodlee didn’t have direct access to out databases. I was thinking of Tiller as simply a conduit to get data from Yodlee into our databases without a need to store it while it passes through.

It would make sense. Most services like Yodlee charge based on the # of API calls. To minimize the # of calls, it would be cheaper for Tiller to pull data for multiple customers at one time and store a temp/cache copy.

Also, Tiller Security And Privacy Promise says “data is protected with bank-grade 256-bit AES encryption”. They could be talking about the data in Microsoft or Google sheets but it is unclear.

Same. I am a cybersecurity architect which is what prompted these questions for me. IMHO, Tiller could do a better job of disclosing this information.

Are you 100% sure that Tiller is not also storing data somewhere as a cache? I’m not convinced they aren’t because they don’t explicitly say they don’t.

Ah. So Tiller does store a copy.

Then Tiller needs to provide some more information on data retention policies.

1 Like

From #1 of the Tiller Security And Privacy Promise, they link their privacy policy, which some additional info.

If you cancel your account we will delete your personal financial and transaction data. After you close your account, you will not be able to sign in to our website or access any of your personal information. However, you can open a new account at any time. If you close your account, we may still retain certain information associated with your account (such as your email address and certain communications with you) for analytical purposes and recordkeeping integrity, as well as to prevent fraud, enforce our terms and conditions, take actions we deem necessary to protect the integrity of our website or our users, or take other actions otherwise permitted by law. If you close your account, we will delete the transaction data we have downloaded from your banks.

1 Like

Tiller Money Privacy Policy states both Tiller and Yodlee store our data.

“We work with our partner Yodlee to collect your bank account transaction data from your accounts on your behalf. Your transaction data is transmitted securely with TLS and stored on our servers, where your transaction descriptions are secured with 256-bit AES encryption. Yodlee also stores your data, subject to their own privacy policy.”

1 Like

There is ONLY one sure way of you/your data being secure…stay off the “network”!

That being said, I ALWAYS assume that when I connect with some entity in the digital space my data is more than likely “in the wind”. Morals and ethics of all involved in that connection are the only barrier to a problem.

Our drive for convenience is the biggest cause of hacking and data corruption…

Ok, that was a bit lofty even before the second cup of coffee! :sunglasses:

@Mark.S @MarcC

Thanks. I saw those.

What I’m trying to see now is the transaction data that they store on their servers, how long do they store them for. It sounds like they store them for life, until we delete our Tiller account but I can’t confirm that.

Thanks for the questions.

Where does Tiller store the data? How many days/weeks/months/years worth of data does Tiller store?

Data is stored in our encrypted database as long as your subscription is active. Tiller users can create multiple spreadsheets, and we store this data so Tiller can populate new spreadsheets with a user’s historic data. We delete transaction and balance data after a user cancels their account.

How is the data stored/encrypted?

Sensitive data is encrypted in transit and at rest with bank-grade 256-bit AES encryption. We do not encrypt with individual keys. We have data safeguards and operational processes in place to ensure the team at Tiller does not have access to customer transaction and balance data.

Thank you for your feedback about the security page on our website. I’ll see if our marketing team can revise that language to be more clear.

1 Like

Data is stored in our encrypted database as long as your subscription is active

So ALL transaction data, is stored forever. So if I connected an account in 2022, even if I never pull the transactions into a Google Sheet, Tiller will still have the transaction data in 2024. This is super helpful for me. Thank you!

We do not encrypt with individual keys.

Interesting. I fully appreciate the complexity and cost of doing something like this so I get why Tiller doesn’t encrypt all user data with user keys. Tiller should consider an add-on where customers pay more for this if they want it. Just a thought.

Thank you again!


Glad that was helpful!