top of page

Security Policy

Effective Date: Dec 22, 2022

Introducing SheetWhiz: SheetWhiz is a Chrome extension that brings Excel functionality to Google Sheets. 

 

SheetWhiz’s Commitment to Security: Since our customers’ Google drives are some of their most extensive banks of confidential information, privacy and reliability have been at the core of our business since day one. 

 

As an organization, SheetWhiz strives to build a secure application in accordance with security best practices to uphold the confidentiality, integrity, and availability of our customer’s data. In the spirit of transparency, this document describes the systems and best practices we have in place to protect your data. 

​

Architecture

  • Our infrastructure is hosted on Google Cloud, designed to to provide 99.9% availability, with services hosted regionally

  • Features leverage Google APIs which are secured through Google’s OAuth process

  • Features that interact with your Sheets data run on Google App Scripts which is a service hosted on Google Cloud and is built on a distributed architecture

  • Features/functionality that do not need access to your Sheets data run locally in your browser through our Chrome extension

  • SheetWhiz user settings data is stored directly on the user’s browser and not on any of our internal systems. We do not have access to this data

  • SheetWhiz uses PCI-DSS compliant credit card processors

Security Controls

  • All business systems follow the principle of least privilege. We only ask for permissions when we have to. More specifically, we ask for the minimum set of permissions when logging in. Only when using features that necessitate greater access do we request these permissions (such as for features that interact with your data) 

  • We do not view or store any of your data in your spreadsheets. There is no mechanism at SheetWhiz for us to do this. We only access your spreadsheets to display information to you, and this data is not accessed by anyone from SheetWhiz. Furthermore, data that is accessed is secured through HTTPS and through TLS

  • We do not and do not need to access any of your data from your Sheets during our development process

  • Application source code is stored in a secure environment and changes go through a peer review process

  • SheetWhiz securely connects to Google Sheets through Google’s OAuth process. Administrators have the ability to configure security and privacy access to SheetWhiz through their Google Workspace accounts

Data Privacy

  • All data in transit is secured with TLS 1.2 and above encryption as well as an SSL Certificate, and data (related to login and product usage stats) at rest is secured through Firebase and Mixpanel services using AES 256-bit encryption

  • All API and client communication (desktop, web, and mobile) require HTTPS connections

Compliance

Google's Published Listing Review Process

  • Google’s review team checks the SheetWhiz extension for compliance with their developer program policies every time we update our extension, and, if any violations are found, take appropriate enforcement actions. The review process is illustrated in the “Google’s Published Listing Review Process” diagram

  • The review process uses a combination of manual and automated systems. Since launching, none of our updates have been rejected by the Google review team and we have submitted over 50 builds to the Chrome store

  • Google also periodically reviews our app regardless of whether we submit a new build or not. The “Google’s Periodic Review Process” diagram illustrates how policy violations are handled as part of this review process

  • Google also requires that the SheetWhiz Chrome Extension adhere to Google API Services User Data Policy, including the Limited Use requirements, as required by Google 

  • The server that hosts our website holds an A rating from Qualys SSL Labs, a leading service that analyzes many security-related web server properties for millions of websites

Screen Shot 2023-11-18 at 9.57.55 PM.png
Google's Periodic Review Process
Screen Shot 2023-11-18 at 9.55.49 PM.png

Frequently Asked Questions (FAQ)

Can SheetWhiz see any details in my Google Drive? No - there is no mechanism in place for anyone at SheetWhiz to view, store or otherwise interact with any of your data in your sheets

​

Can I request SheetWhiz delete my data? Yes, send us a request here

​

What types of personal data does SheetWhiz store? 

The main personal data we collect is email, which we collect when you login to our tool. This information is collected so you can save your shortcuts to your account as well as for troubleshooting and product improvement purposes. We also collect payment information if you choose to purchase SheetWhiz Pro.

​

More information can be found on our Privacy Policy

 

What subprocessors does SheetWhiz have? 

  • The tools we use are all highly reputable services. These include:

  • Firebase for authentication

  • Mixpanel for analytics (security policy here)

  • Google APIs to support features

  • Wix for our website (security policy here). The server that hosts our website holds an A rating from Qualys SSL Labs, a leading service that analyzes many security-related web server properties for millions of websites.

  • Slack for internal communications (security policy here)

  • Google and OneSignal (security polich here) for email communications

  • Stripe (security policy here) and Wix for payments

​

Where can I learn more? 

Read our End User License Agreement, Terms of Service, Privacy Policy, and Data Processing Addendum for more details. You can also send us any questions here

bottom of page