1. Who we are
Tutelium is a US platform that helps treasurers and financially responsible people at nonprofits, churches and other organizations with bookkeeping, reconciliation, reporting and compliance, supported by our AI assistant Solon.
Tutelium, Inc. (entity formation in progress; registration number and business address to follow), based in the United States, is the data controller for the personal data we process about visitors to this website and about our (prospective) customers and users.
For the financial and administrative data you enter into the platform as a customer (which may include personal data of donors, members, volunteers or contacts), Tutelium acts as a data processor. Your organization is the data controller for that data. Our data processing agreement applies here.
2. What data do we process?
Account and organization data
Name, email address, phone number, role, organization name, and login credentials (encrypted) of users who create an account.
Bookkeeping and financial data
Transactions, bank statements, receipts, invoices, chart-of-accounts, cost center and fund data, and related attachments that you enter or import into the platform. This may include personal data about third parties (such as names or account numbers of contacts).
Usage and technical data
Data about the use of the platform and website, such as IP address, device and browser information, and actions within the application (for security, troubleshooting and improvement).
Communication
The content of your messages when you contact us, and information you provide when signing up for the early-adopter program or waitlist.
3. Why and on what legal basis?
- Performance of the contract: to deliver the platform, manage your account and provide support.
- Legal obligation: for example, for recordkeeping and tax retention requirements.
- Legitimate interest: to secure and improve our service and communicate with you relevantly, always with respect for your privacy.
- Consent: for non-essential cookies and optional newsletters. You can withdraw consent at any time.
4. AI and language models
Solon supports you with AI. An important principle applies here: language models never get access to your books. For a specific question, we only share an anonymized, minimized summary (for example, an amount or pattern without names, account numbers or donor details) and ask for the best interpretation or next step. We then apply the answer within your own, isolated environment.
Your data is never used to train public AI models. Read more in our responsible AI use policy.
5. Who do we share data with?
We never sell your data. We only share it with carefully selected subprocessors who help us deliver the service, such as:
- Our hosting partner with data storage within the United States;
- An email and notification service for system messages;
- A payment service provider for subscriptions;
- A commercial AI provider for anonymized requests (without access to your books and without training on your data).
We sign data processing agreements with all of these parties. You can find a current overview of subprocessors in the data processing agreement. We may also share data if legally required to do so.
6. Storage and transfer
Your data is stored on servers within the United States and kept encrypted. If a transfer outside the United States is ever unavoidable, we ensure appropriate safeguards are in place.
7. Retention periods
We do not retain personal data longer than necessary. We keep account data for as long as you have an account. We retain bookkeeping and financial data in line with applicable legal and tax retention requirements. After the agreement ends, we delete or return customer data according to the terms in the data processing agreement.
8. Security
We take appropriate technical and organizational measures, including encryption of data at rest and in transit, strict access control, separation of customer environments, logging and audit trails. Read more about how we secure your data.
9. Your rights
You have the right to access, correct, delete, restrict and receive a copy of your data, and you can object to certain types of processing. If it concerns personal data your organization entered as a customer, please direct your request to that organization; we support them in this as their processor.
Want to submit a request or ask a question? Contact us through our contact page. You also always have the right to file a complaint with the relevant data protection authority.
10. Cookies
Our website uses functional and (with your consent) analytics cookies. Read our cookie policy for details and how to manage your preferences.
11. Changes
We may update this privacy policy, for example when we add new features or regulations change. The current version is always available on this page, with the date of the last update at the top.
12. Contact
Questions about privacy? Contact us through our contact page.