Security at SheetSift

Your workbooks often contain the most sensitive numbers in your business. Here is exactly how we handle them. Last updated: June 11, 2026

1. Encryption

  • In transit — all traffic uses TLS: browser to our edge (Cloudflare), edge to API (Railway), and API to object storage. Plain HTTP is upgraded or refused.
  • At rest — uploads and reports are stored on provider-encrypted object storage; the database is encrypted at rest by our hosting provider.
  • Payments — card details never touch our servers. Stripe collects and stores them; we keep only the subscription status and plan.

2. We Never Execute Your Spreadsheets

SheetSift analyzes workbooks by static parsing only. VBA macros are never executed, DDE and external links are flagged as findings rather than resolved, and formulas are read as text — never evaluated. A malicious workbook can be scanned safely because nothing in it ever runs.

3. Data Retention

  • Uploaded files are purged from storage approximately 1 hour after the scan completes. We keep the analysis, not your file.
  • Reports and findings are retained for 30 days by default, and you can delete any scan immediately from the app.
  • Failed scans are scheduled for purge automatically.
  • Your whole account can be deleted self-serve (Settings → Danger Zone): subscriptions are cancelled, stored files removed, and personal data anonymized. See the Privacy Policy for details.

4. Platform Safeguards

  • Upload size caps and decompression limits (zip-bomb protection: member counts, expansion ratios, and total uncompressed size are all bounded).
  • Cell-count caps prevent pathological workbooks from exhausting resources.
  • Rate limiting on authentication, scan creation, and billing endpoints — including per-account limits that hold even against distributed sources.
  • Signed, time-limited upload URLs; storage objects are scoped per scan.
  • Organization-scoped access control: scans are only visible to active members of the owning organization.
  • Audit logging for organization membership and administrative actions.

5. Malware Posture

Because workbooks are never executed, the primary malware vector is neutralized by design. Files are also short-lived (purged ~1 hour after scanning). A dedicated antivirus scanning layer is on our roadmap; until then the combination of static-only parsing, decompression guards, and ephemeral retention is our defense in depth. We document this honestly rather than claiming AV coverage we don't have yet.

6. AI Processing

AI summaries send limited workbook context (formula patterns, structure, sampled values) to our AI provider under agreements that prohibit training on your data. Detected PII is masked in findings displays. AI analysis is optional per scan.

7. Responsible Disclosure

Found a vulnerability? Email [email protected] and we will respond within 2 business days. Please give us reasonable time to remediate before public disclosure — we commit to not pursuing good-faith researchers.