This policy outlines the systems and best practices CogniSheets Ltd, a company registered in England & Wales ("we", "us"), employs to protect your data. We are committed to building secure applications that adhere to industry best practices, ensuring the confidentiality, integrity, and availability of our customers' data.
Key Security Principles
Your Google Sheets data is processed only to provide the functionality you explicitly request and is not stored, logged, or retained by CogniSheets Ltd.
Formula analysis is performed either locally in your browser or through short-lived cloud processing with no persistent storage.
CogniSheets cannot access your spreadsheets outside of actions you explicitly initiate within the extension.
Architecture
Our infrastructure is hosted on Google Cloud Platform and designed for reliability and resilience, with services hosted regionally.
We leverage Google APIs, secured through Google’s OAuth2 process.
Functions that interact with Google Sheets data run on Google Cloud Platform’s Cloud Functions for short-lived, on-demand processing. Google Sheets data is processed in memory only and is not written to persistent storage, databases, or logs.
Functions that do not require access to Google Sheets data operate locally in your browser through our Chrome extension.
Authentication is managed through Firebase, a service hosted on Google Cloud Platform.
Data Privacy
All API and client communications are secured via HTTPS connections.
Data in transit is encrypted using TLS 1.2 or higher. Where infrastructure-level data protection applies (such as configuration and operational metadata), Google Cloud Platform provides encryption at rest using industry-standard mechanisms.
Security Controls
We follow the principle of least privilege for all business systems. Permissions are requested only for features that require access to Google Sheets data.
We do not view or store any of your data in your Google Sheets. There is no mechanism at CogniSheets Ltd for us to access spreadsheet contents outside of providing the requested functionality.
We do not log the contents of your Google Sheets. Any operational logs are limited to technical diagnostics and do not contain spreadsheet data.
We do not request access to Google Drive, thus we cannot access any data other than the specific Google Sheet analysed by the CogniSheets Formula Explorer Chrome extension.
Our application source code is stored in a secure environment and undergoes a review process for all changes.
The review process combines manual and automated systems. Google periodically reviews the CogniSheets Formula Explorer Chrome extension, regardless of whether a new version is submitted.