Security & Data Handling

Browser-Only Processing

All data processing happens entirely within your browser. Your financial data never leaves your device and is never transmitted to our servers. This zero-knowledge architecture ensures that even we cannot access your sensitive financial information.

No Server-Side Storage

TieOut does not store any of your uploaded data. Once your session ends, all processed information is permanently deleted from memory. We maintain no persistent storage for user-uploaded files, ensuring complete data sovereignty.

Encryption in Transit

All communications between your browser and our servers are protected with TLS 1.3 encryption. This ensures that any metadata or session information transmitted during your visit is protected against interception and tampering.

Deterministic Verification

For audit purposes, TieOut computes cryptographic digests of both inputs (InputDigest) and outputs (OutputDigest) using SHA-256. This enables verification that results are consistent with the original data, providing transparency into the processing pipeline.

SOC 2 Type II Certification

Status: Pursuing (timeline subject to third-party audit schedule, target Q1 2026)

Our security architecture is designed to meet SOC 2 Type II requirements:

• ✅ Browser-only processing (zero server-side file storage)
• ✅ Data minimization by design (only SHA-256 digests transmitted)
• ✅ TLS 1.3 encryption for all metadata in transit
• ✅ Deterministic outputs with cryptographic verification
• 🔄 Third-party security assessment (planning phase)

What we have today:

Browser-only architecture that prevents server access to your files.

What's next:

Formal third-party audit process once timeline is confirmed (target Q1 2026).

Responsible Disclosure

For security vulnerability reports, data processing agreements (DPA), or security-related inquiries, please contact: