Trust & Safety
Security & Trust
SheetForge is built with security-first principles from day one.
Data Protection
- Your data stays where it lives - we never copy or import your spreadsheet
- Read-only access via secure API - no write access granted unless you enable write-back
- Encryption in transit: TLS 1.2+ on all connections
- Encryption at rest: AES-256 for all stored data
- We never use your data to train AI models
Infrastructure
- Hosted in the UK, operated by London-based APPS 365 LTD
- Daily automated backups at 02:00 UTC
- Health monitoring at
/healthwith automated alerting - 99.9% uptime target
Access Controls
- Passwords: minimum 12 characters, complexity enforced
- 2FA: mandatory for all admin users
- Account lockout: after 5 failed attempts, 15-minute lockout period
- Session timeout: 2 hours idle (configurable per account)
- All authentication events logged to immutable audit record
Compliance
- GDPR compliant - Data Processing Agreement available on request: hello@sheetforge.ai
- Built by APPS 365 LTD, Company No. 13955007, London, UK
- SOC 2 controls implemented (working towards certification)
- Security events logged to immutable audit log
- See our full GDPR & Privacy policy for data handling details
Responsible Disclosure
- Found a vulnerability? Email security@sheetforge.ai
- We aim to respond within 48 hours
- We follow coordinated disclosure practices