Security
How we protect your data and maintain your trust.
We Never See Your Data
SheetDog runs entirely in your browser. Your spreadsheet data never touches our servers.
Encrypted Connections
All communications use TLS 1.3 encryption. Your data is protected in transit.
Minimal Permissions
We only request the permissions necessary to operate. No access to files you don't explicitly open.
Trusted Infrastructure
Hosted on Vercel with SOC 2 Type 2 certification. Authentication through Clerk (SOC 2 Type 2).
Architecture Overview
SheetDog is a Chrome extension that enhances Google Sheets with keyboard shortcuts and AI-powered editing. Here's how our architecture protects your data:
Browser-Based Processing
All shortcut functionality runs entirely in your browser. When you press a keyboard shortcut, SheetDog interacts directly with the Google Sheets interface—no data leaves your computer.
AI Features
When using AI editing features, the selected cell range is sent to the AI provider for processing. This data is:
- Sent directly to the AI provider over encrypted connections
- Processed according to the AI provider's data handling policies
- Never stored by SheetDog
Teams customers can optionally configure their own LLM API keys for additional control over AI data processing.
Subprocessors
We use the following trusted third-party services to operate SheetDog:
| Service | Purpose | Compliance |
|---|---|---|
| Clerk | Authentication | SOC 2 Type 2 |
| Stripe | Payments | PCI DSS Level 1 |
| Vercel | Hosting & Database | SOC 2 Type 2, ISO 27001 |
| Google Cloud | Sheets API | SOC 2, ISO 27001, FedRAMP |
Google API Scopes
SheetDog requests only the minimum permissions needed to function:
userinfo.email— To identify your accountspreadsheets— To apply formatting and edits to sheets you open
We do not request access to your entire Google Drive. The extension can only interact with sheets you actively open while using SheetDog.
Compliance Roadmap
We are committed to enterprise-grade security. Our roadmap includes:
- SOC 2 Type 1 — Planned for when enterprise demand warrants
- SOC 2 Type 2 — Following Type 1 certification
- Penetration Testing — Annual third-party testing
Contact
For security inquiries or to report a vulnerability, please contact security@sheetdog.app.
For information about how we handle your personal data, see our Privacy Policy.