Security & Privacy

Privacy by architecture. Not bolted on after.

Unlike platforms that capture and store screenshots, TNDRL captures the structure of work — application patterns, decision logic, timing, and workflow variants — not the underlying business data. PII, financial data, and health records never leave your perimeter.

Data Architecture

Three tiers. You control what moves.

Tier 1
Metadata
Tier 1 — Metadata Only
What TNDRL analyzes
Application names, field names, timing, decision logic, workflow variants. Zero PII. Zero data content. This is the structural signal that powers automation readiness scoring and drift detection. Syncs continuously to cloud for real-time analysis.
Tier 2 — Sanitized Proxy
Optional enrichment
Normalized steps, field-type annotations, smart-masked frames, temporal metadata. No raw text, no PII. Created by semantic proxy packager before transmission. Syncs on schedule — you control the frequency. Optional for organizations requiring deeper behavioral analysis without exposing content.
Tier 3 — Raw Data
On-premise only
Full-resolution captures with complete details. Stays on your infrastructure. Never transmitted by default. Available for high-security environments requiring local-only processing — collection, analysis, and governance all run within your perimeter.
Privacy Guarantees

What TNDRL does NOT capture

Our architecture excludes sensitive data by design, not as an afterthought.

No Screenshots

We capture what you did (the application, the step, the outcome) — not what was on screen. No vision processing. No full-resolution captures.

No Keystroke Logging

We don't record or transmit raw keyboard input. Field names and metadata flow through our pipeline — not the text people typed.

No Raw PII Transmission

Sensitive data is classified and masked at the collection point. Only the structural signal travels to the cloud. Masking rules are configurable.

No Financial Data Egress

Credit card patterns, account numbers, and transaction amounts are detected and redacted at the source. Cloud never sees payment card data.

No Health Records Storage

PHI is never stored in the cloud by default. HIPAA-adjacent workflows are observable through anonymized behavioral patterns only.

No Personal Data Hoarding

We capture work execution patterns, not personal details. Data retention policies are granular and configurable per tier.

Architecture

Collection happens at the source

Fiber (desktop app + Chrome extension) runs on the processor's machine. Classification, masking, and tiered packaging happen at the source — before any data leaves the machine. The cloud only receives what your policy allows.

Desktop
Browser
Fiber
(classify
+ mask)
Tier 1/2
egress
Cloud
Analytics
Tier 3 stays local
Masking is applied before transmission. Every field type (credit card, SSN, email, phone, date of birth, medical record number) has a detection and redaction rule. Custom patterns are supported for organization-specific sensitive data. All masking happens on the collection machine — cloud never sees the original value.
Encryption in transit. All data transmitted from Fiber to cloud is encrypted with TLS 1.3. Collection can be configured to use a customer-managed encryption key for further control.
Collection is centrally governed. Processors don't control what gets collected. Collection behavior is managed from the web app — schedules, data tiers, masking rules, retention policies all come from central configuration distributed to the fleet.
Compliance

Designed for regulated environments

HIPAA
Designed for PHI-adjacent environments. Behavioral metadata collection avoids PHI capture by design. No screenshots means no embedded medical data. Business Associate Agreement (BAA) available upon request for healthcare workflows.
PCI DSS
No cardholder data captured or stored. Smart masking detects and redacts credit card patterns at the source using Luhn algorithm validation. Compliant with PCI DSS Level 1 requirements for organizations processing payments.
SOC 2
Audit trail for all data access, collection policy changes, and enforcement decisions. SOC 2 Type II attestation in progress. Immutable logging of who accessed what and when — full compliance auditability.
GDPR / CCPA
Data minimization by architecture. Collection captures operational structure, not personal data. Right to deletion supported — purge individual behavioral records on request. Data residency options available (EU, US, or on-premise).
Flexibility

Deploy on your terms

Cloud Analytics

Fiber collects on-premise. Tier 1 + Tier 2 sync to TNDRL cloud for analysis and governance. Real-time workflow modeling, scoring, and drift detection. Most customers start here.

Hybrid

Collection and processing on-premise. Only aggregated insights and policy decisions sync to cloud. For organizations with strict egress policies or data residency requirements.

Full On-Premise

Everything runs within your perimeter — collection, analysis, governance, enforcement. For highly regulated environments (financial services, government, healthcare) requiring complete data sovereignty.

Comparison

Security comparison: TNDRL vs. screenshot platforms

Dimension TNDRL Screenshot Platforms
Data Captured Behavioral metadata Full screenshots
PII Exposure Risk None by design High — screenshots contain visible PII
Compliance Friction Low — no sensitive data leaves perimeter High — screenshot storage creates audit burden
CISO Approval Path Straightforward Requires extensive data handling review
Data Retention Configurable per tier; metadata-only by default Centralized storage of all captures
On-Premise Option Yes — full stack available Limited or not available
HIPAA Ready Yes No — screenshots contain PHI
PCI DSS Compliant Yes — no cardholder data captured No — screenshots may contain payment card data

Ready to review TNDRL's security architecture in detail?

Our security team is available for detailed architecture reviews, threat modeling sessions, and compliance assessments with your CISO or security team.

Request a Security Review Download Security Whitepaper