This is a read-only structural scan, not financial advice or audit evidence. Consult your CPA.

Data Processing Agreement

This Data Processing Agreement (DPA) describes how TieOut processes data and our commitments to data protection and privacy.

Processing Architecture

TieOut uses a browser-only processing architecture that minimizes data collection and server-side processing:

  • File processing: All CSV file analysis happens entirely in your browser using client-side JavaScript. Your file contents never leave your device.
  • Cryptographic digests: Only SHA-256 hashes of input and output data are transmitted to our servers for verification purposes.
  • No file storage: TieOut does not store, cache, or persist any uploaded file contents on our servers.

Personal Data We Process

TieOut processes minimal personal data:

  • Email addresses: Collected only if you join a waitlist or purchase a plan. Used solely for account management and service delivery.
  • Payment information: Processed securely via Stripe. TieOut does not store credit card numbers or payment details.
  • Session metadata: IP address (hashed), browser user agent, and timestamp for security and fraud prevention.

Data We Do NOT Collect

TieOut explicitly does not collect:

  • File contents from CSV uploads
  • Account names, balances, or financial data from your files
  • Client names or personally identifiable information from uploaded data
  • Behavioral analytics or cross-site tracking data

Data Retention

  • Session logs: Retained for 90 days for security auditing
  • Email addresses: Retained until you request deletion or unsubscribe
  • Payment records: Retained per legal requirements (typically 7 years)
  • File digests: SHA-256 hashes may be logged for up to 90 days

Your Rights

You have the right to:

  • Request access to any personal data we hold about you
  • Request deletion of your personal data (subject to legal obligations)
  • Request correction of inaccurate personal data
  • Object to processing of your personal data
  • Request data portability (receive your data in a structured format)

Data Processing Location

TieOut infrastructure is hosted on Cloudflare Pages (global CDN) and uses Cloudflare D1 for minimal metadata storage. Your file processing happens entirely in your browser, regardless of geographic location.

Security Measures

  • TLS 1.3 encryption for all data in transit
  • No server-side file storage (zero-knowledge architecture)
  • Hashed IP addresses and minimal PII in logs
  • Regular security audits (SOC 2 Type II target Q1 2026, subject to third-party audit schedule)

Enterprise DPA Requests

For accounting firms or enterprises requiring a custom Data Processing Agreement, including GDPR or CCPA addendums, please contact our security team at contact@tieout.app.

Contact for Data Requests

To exercise your data rights or request information about data processing, contact:

Email: contact@tieout.app
Subject: Data Request - [Your Email]

We will respond to verified requests within 30 days.

Last updated: December 25, 2025