Your privacy and data security are fundamental to TieOut. This policy explains what data we collect, how we use it, and your rights regarding your information.
Browser-Only File Processing
Most important: When you upload a CSV file to TieOut for scanning, the file is processed entirely in your browser using client-side JavaScript. Your file contents:
- Never leave your device
- Are never uploaded to TieOut servers
- Are never stored on our infrastructure
- Are permanently deleted when you close the browser tab
Only a cryptographic digest (SHA-256 hash) of your file is transmitted to our servers for verification purposes. This digest cannot be reversed to reconstruct your file contents.
Data We Collect
TieOut collects minimal data necessary for service delivery:
Account & Payment Data
- Email address: If you join a waitlist or purchase a plan
- Stripe session IDs: To verify payment and manage entitlements
- Payment metadata: Processed securely via Stripe (we do not store credit card numbers)
Technical & Session Data
- IP address: Stored in hashed form for security and fraud prevention
- Browser user agent: To ensure compatibility and troubleshoot issues
- Session metadata: Timestamps and usage patterns for auditing
- File digests: SHA-256 hashes of uploaded files (not file contents)
Waitlist Data
- Email address: Stored (base64-encoded) in localStorage before submission
- Timestamp & source page: To track waitlist signups
How We Use Your Data
- Service delivery: To provide scan results and manage your account
- Payment processing: To verify purchases and grant access to paid features
- Security & fraud prevention: To protect against abuse and unauthorized access
- Product improvement: To analyze usage patterns and fix bugs (no behavioral tracking)
- Communication: To send service updates, waitlist notifications, or respond to support requests (no marketing emails without consent)
Data We Do NOT Collect
TieOut explicitly does not collect:
- File contents from CSV uploads
- Account names, balances, or financial data from your files
- Third-party analytics cookies (no Google Analytics, Facebook Pixel, etc.)
- Cross-site tracking data or advertising identifiers
- Unnecessary personal information
Data Retention
- Session logs: Retained for 90 days, then automatically purged
- Email addresses: Retained until you request deletion or unsubscribe
- Payment records: Retained per legal requirements (typically 7 years)
- File digests: SHA-256 hashes may be logged for up to 90 days
Data Sharing & Third Parties
TieOut does not sell or share your personal data with third parties, except:
- Stripe: For payment processing (subject to Stripe's privacy policy)
- Cloudflare: For hosting and CDN services (subject to Cloudflare's privacy policy)
- Legal requirements: If required by law or to protect our legal rights
Your Rights
You have the right to:
- Access: Request a copy of your personal data
- Deletion: Request deletion of your data (we honor all requests)
- Correction: Request correction of inaccurate data
- Portability: Request your data in a structured format
- Objection: Object to processing of your personal data
To exercise these rights, contact us at contact@tieout.app with subject "Data Request". We will respond within 30 days.
Security Measures
- TLS 1.3 encryption for all data in transit
- Browser-only file processing (zero-knowledge architecture)
- Hashed IP addresses in logs
- No server-side file storage
- Regular security audits (SOC 2 Type II target Q1 2026, subject to third-party audit schedule)
Children's Privacy
TieOut is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.
Changes to This Policy
We may update this Privacy Policy from time to time. Significant changes will be communicated via email (if you have an account) or by posting a notice on our website.
Contact Us
For privacy-related questions or data requests, contact us at:
Email: contact@tieout.app
Security: contact@tieout.app
Last updated: December 25, 2025