Security

Last Updated: November 20, 2020

Security is a top priority at Spreadsheet.com. You’ve entrusted us with your sensitive and valuable data, and we take this responsibility seriously. We work continually to improve our security processes and controls. Below we’ve provided an overview of our security practices and tools. If you have questions about any of this, send us a note to info@spreadsheet.com.

Infrastructure, network security, and file storage

All Spreadsheet.com servers are instances of the Amazon Elastic Compute Cloud (Amazon EC2) service from Amazon Web Services (AWS). Our EC2 servers reside within an Amazon Virtual Private Cloud (Amazon VPC) and cannot be accessed via the public internet. The access mechanisms to these servers are limited to an essential set of protocols and ports via internet-facing proxy servers. The file attachments you upload within Spreadsheet.com are stored and served from the Amazon Simple Storage Service (Amazon S3). 

Encryption in transit

Spreadsheet.com uses TLS 1.2 to transmit data between your device and our cloud servers. TLS termination happens at Amazon Elastic Load Balancers (Amazon ELB) and the keys are managed by the ELB service itself. 

Encryption at rest

Your spreadsheet data in Spreadsheet.com is stored using the MongoDB Atlas cloud database service managed by MongoDB on AWS. Atlas cloud service database clusters are configured to store data in encrypted form using the industry standard AES-256 symmetric encryption algorithm for everything: databases, backups, snapshots, and logs.

Access Control

Spreasheet.com currently supports email and password based authentication. We plan to add support for 2-factor authentication (2FA) soon, as well as support for OAuth2 based Google Account Authentication.

SOC-2 compliance

Spreadsheet.com is currently planning to undergo a Service Organization Controls (SOC 2 type 2)  audit.

Sub-processors

Spreadsheet.com utilizes the following services to store and transmit your data, and to provide a continuous and reliable service. We’ve taken care to vet the security and privacy practices of these vendors.

Amazon Web Services
MongoDB Atlas
SendGrid
Pusher