Security

Sheety is a secure and safe way to access data from your Google spreadsheets. Here's an overview of some of the steps we take to safeguard your data.

Limited data use

Sheety does not use any of your data for any purpose except to provide you with the service. Sheety itself only stores a very limited set of data on our servers, including:

  • the names of the spreadsheets you add in the Sheety dashboard
  • a temporary authorisation token (OAuth) to access Google's services
  • a refresh token to reauthorise the access token should it become expired
  • any access credentials you add to your project
  • the IP addresses of users accessing your API

Most importantly, Sheety does not store the contents of your spreadsheets. Instead the content is proxied in real-time from Google's servers to ours. For our enterprise plans we do use a caching layer that is managed by Cloudflare (see Third-party suppliers for more information).

Access and Authentication

All access to the Sheety dashboard goes through Google's OAuth single sign-on system. This means we never have access to your Google account credentials.

Customers can strengthen account security by using 2-step verification and security keys. These can help mitigate risks such as the misconfiguration of employee access controls or attackers taking advantage of compromised accounts.

Administrative access

We’ve designed our systems to limit the number of employees that have access to customer data and to actively monitor the activities of those employees. Sheety employees are only granted a limited set of default permissions to access customer information for the purposes of providing support.

Third-party suppliers

Sheety conducts virtually all data processing activities to provide our services. However, we do use some third-party suppliers in order to offer our services:

  • Cloudflare for analytics and content delivery
  • Stripe to process payments and store customer billing information
  • Google to access the contents of your spreadsheet

You can learn more about this on our privacy policy.

Monitoring

We monitor internal traffic and logs, employee actions, as well as outside knowledge of vulnerabilities. Internal traffic is inspected for suspicious behaviour using a combination of open-source and commercial tools for traffic capture and parsing. Our network also sits behind Cloudflare who provide us with a suite of monitoring tools.

Incident management

Should we identify an incident our primary objective is to understand its nature and how it impacts you. For data breaches we aim to contact affected customers within 24 hours. For more information please see our Terms of Service.