Is my data secure with Tariffi?
Quick answer
Yes. Tariffi uses AES-256 encryption at rest, TLS 1.2+ in transit, role-scoped database access with audit logging, and 7-year data retention per 19 CFR Part 163. ES-003 files are archived to cold storage with year-segmented paths and lifecycle deletion policies. Pre-signed download URLs expire after 60 seconds.
Detailed Answer
Tariffi's security architecture is designed for handling sensitive customs and financial data with regulatory retention requirements.
Data encryption:
- At rest: AES-256 encryption on all stored data, including ES-003 uploads, CAPE declaration drafts, engagement documents, and audit logs.
- In transit: TLS 1.2+ for all communications between the web frontend, API gateway, and backend services. No unencrypted data transmission.
Access control:
- Role-scoped access. Every database query is scoped to the authenticated user's role and tenant. Importers see only their own data. Brokers see only entries associated with their Filer Code.
- Audit logging. Every data access event is logged with timestamp, user identity, and action type. Logs are retained for 7 years per 19 CFR Part 163.
File storage:
- Cold storage archival. ES-003 files and engagement documents are archived to encrypted cloud storage with year-segmented paths.
- 60-second pre-signed URLs. When you download a file, the URL expires after 60 seconds to minimize the exposure window.
- Lifecycle deletion. Automated policies delete archived data after the retention period expires (5 years + 1 month for cold-storage archives).
Data retention:
Per 19 CFR Part 163, Tariffi retains claim data, audit logs, and broker-review records for 7 years from the date of the relevant customs entry. After this period, data is securely purged.
What we do NOT do with your data:
- No selling to third parties.
- No use for marketing or advertising.
- No aggregation with other importers' data for analytics.
- No access by other broker partners (tenant isolation).
Full details in our Privacy Policy and Terms of Service.
Related Questions
What is your security posture?
AES-256 encryption at rest, TLS 1.2+ in transit, role-scoped database access with audit logging, 7-year data retention per 19 CFR Part 163, and broker tenant isolation at the database layer. Under NDA we share penetration-test summaries and subprocessor attestations. Additional certifications disclosed as they become available.
What about client confidentiality?
Each broker partner has an isolated tenant — you see only CAPE filings assigned to your Filer Code. Tenant isolation is enforced at the database layer with role-scoped access and audit logging. No cross-broker visibility, no aggregated client lists, and the partnership agreement bars Tariffi from soliciting your clients for customs brokerage services.
How do I get a tariff refund?
Upload your ACE ES-003 entry-summary CSV to Tariffi. Our platform analyzes your entries for IEEPA and Section 301 overpayments, prepares the CAPE declaration data, and routes it to a CBP-licensed customs broker partner who files under their own license. No advance fees — you pay a contingency only when CBP approves your refund.
What is an ES-003 file and how do I get it?
An ES-003 is CBP's standardized entry-summary export from the ACE portal in CSV format. It contains all data needed for CAPE declarations: entry numbers, HTS codes, duty amounts, and liquidation dates. Your customs broker can pull it, or you can export it directly from ace.cbp.gov if you have portal access.
Need help?
Upload your ES-003 to see how much you could recover, or talk to our team.