Last Updated: June 15, 2021

Security is a top priority at You’ve entrusted us with your sensitive and valuable data, and we take this responsibility seriously. We work continually to improve our security processes and controls. Below we’ve provided an overview of our security practices and tools. If you have questions about any of this, send us a note to

Infrastructure, network security, and file storage

All servers are instances of the Amazon Elastic Compute Cloud (Amazon EC2) service from Amazon Web Services (AWS). Our EC2 servers reside within an Amazon Virtual Private Cloud (Amazon VPC) and cannot be accessed via the public internet. The access mechanisms to these servers are limited to an essential set of protocols and ports via internet-facing proxy servers. The file attachments you upload within are stored and served from the Amazon Simple Storage Service (Amazon S3).

Encryption in transit uses TLS 1.2 to transmit data between your device and our cloud servers. TLS termination happens at Amazon Elastic Load Balancers (Amazon ELB) and the keys are managed by the ELB service itself.

Encryption at rest

Your spreadsheet data in is stored using the MongoDB Atlas cloud database service managed by MongoDB on AWS. Atlas cloud service database clusters are configured to store data in encrypted form using the industry standard AES-256 symmetric encryption algorithm for everything: databases, backups, snapshots, and logs.

Access Control currently supports email and password based authentication. We plan to add support for 2-factor authentication (2FA) soon, as well as support for OAuth2 based Google Account Authentication.

SOC-2 compliance is currently planning to undergo a Service Organization Controls (SOC 2 type 2)  audit.

Sub-processors utilizes the following services to store and transmit your data, and to provide a continuous and reliable service. We’ve taken care to vet the security and privacy practices of these vendors.

Amazon Web Services
MongoDB Atlas