Security ยท Data Handling
Security & Data Handling
A plain-English summary of how TickAI handles your data โ€” written for audit partners and compliance teams who need to approve new tools.
๐Ÿ”’
No data stored
Uploaded files are processed in real time and immediately discarded. We do not retain your documents or client data.
๐Ÿšซ
Not used for training
Your data is never used to train AI models. Anthropic's API terms explicitly prohibit using API data for model training.
๐Ÿ”
Encrypted in transit
All data is transmitted over TLS 1.2+ encryption. Your files are never sent or stored in plain text.
How your data flows
01

You upload files in your browser

Your invoice register and PDF files are selected locally on your device. Nothing is uploaded until you click Run Analysis.

02

Files are sent securely to our server

Files are transmitted over HTTPS/TLS encryption directly to our processing server. They are held in memory only โ€” never written to disk or stored in a database.

03

Our server sends the data to Anthropic's API

The file contents are passed to Anthropic's Claude API for AI processing. This transmission is also encrypted. Anthropic processes the data under their enterprise API terms, which prohibit using API data for model training.

04

Results are returned to your browser

The AI analysis results are sent back to your browser and displayed. At this point, the original file data is discarded from our server memory.

05

Nothing is retained

We do not log file contents, store uploaded documents, or retain any client data after your session ends. Your data exists on our infrastructure only for the seconds it takes to process.

Common questions from compliance teams
Is client data stored on TickAI's servers?
No. Files are processed in memory in real time and discarded immediately after analysis. We do not maintain a database of uploaded documents or client information.
Is our data used to train AI models?
No. TickAI uses Anthropic's API, which explicitly prohibits using API inputs and outputs to train models. Your data is used solely to generate your analysis results.
Who has access to uploaded data?
Only the Anthropic API processes your file content โ€” no TickAI staff have access to uploaded documents. Anthropic's enterprise API access controls and security standards apply.
Is TickAI GDPR compliant?
TickAI does not store personal data, which minimises GDPR exposure significantly. However, you as the data controller are responsible for ensuring you have a lawful basis to process any personal data contained in documents you upload. We recommend anonymising documents where possible before uploading.
What encryption is used?
All data in transit is encrypted using TLS 1.2 or higher. This applies to data between your browser and our server, and between our server and Anthropic's API.
Can TickAI outputs be relied upon as audit evidence?
No. TickAI outputs are preliminary AI-assisted analysis only. All outputs must be independently reviewed and verified by a qualified auditor before any reliance is placed on them. TickAI is a productivity tool, not an audit procedure.
Does TickAI have ISO 27001 or SOC 2 certification?
Not currently โ€” TickAI is an early-stage product. We are working towards SOC 2 Type II certification. If your firm requires certification before adoption, please contact us to discuss enterprise arrangements.

Powered by Anthropic's Claude API

TickAI uses Anthropic's Claude API for AI processing. Anthropic is one of the leading AI safety companies, backed by Google and Amazon. Their API terms explicitly state that customer data submitted via the API is not used to train models.

You can review Anthropic's security and privacy documentation at anthropic.com/privacy and their usage policy at anthropic.com/legal.

Questions for your compliance team?

We're happy to provide additional information, complete vendor questionnaires, or arrange a call with your data protection officer. Contact us at security@tickai.io