Hi folks! Thanks for your questions and comments. I apologize for the delay in hearing from the Tiller team directly, we were away for a company retreat last week.
Tiller values privacy, and this has been front and center in our choice of aggregators.
Yodlee’s security practices were a significant factor in our choice to trust them as a partner to access bank data. Yodlee’s customers include 15 of the 20 largest U.S. banks who rely on Yodlee in the same way we do here at Tiller: to securely aggregate data from other banks and institutions.
In other cases, Yodlee shares de-identified transaction data for market analytics and insights with third parties, but Tiller has specifically negotiated with them to exclude our customers from that data sharing. We do not want our customer data shared for their analytics, even if de-identified, as this is in conflict with our position around privacy and security.
Yodlee does not use Tiller customer data to offer new services. This may be true if you sign up for Yodlee services directly from the Yodlee website, but it does not happen when using Yodlee as an aggregator with Tiller.
As for credentials, Yodlee and Plaid store credentials for banks that don’t support open banking. Tiller was proud to be Yodlee’s first deployment of open banking in the United States, and we’re thrilled major banks have embraced it. Plaid similarly has a strong position around privacy and security, and it too has embraced open banking with the major banks.
When using Yodlee or Plaid with an open banking institution, customers authenticate with their bank on their bank website and grant read-only access to Tiller. No credentials are shared or stored because the customer is authenticating on their bank website directly.
We continue to monitor both Yodlee and Plaid for their postures around privacy and security. Thanks too for your careful review. We love customers who pay attention to these details.
Regards,
Nathan