Community · Help

SheetApps User Guide

Turn an Excel workbook (or Google Sheet) into a multi-user web app — forms, validation, lookups, import/export and more.

Security & data residency

SheetApps protects your data with access control, isolation and optional encryption. Here's what that means and where the limits are.

  • Access & isolation. Each person has a role (owner / admin / editor / viewer) per app, and admins can temporarily lock the workspace for members. Your workspace's data is isolated from every other workspace — by row-level security on shared hosting, or a separate database file when an app is self-hosted. Signing in is limited to one active session: logging in on a new device signs the account out everywhere else.
  • Automatic sign-out. A workspace admin can set an idle timeout (Admin console → Users) so everyone is signed out after a period of inactivity — with a short warning first. It's off by default; leave it blank to keep people signed in until they sign out.
  • Two-factor authentication (2FA). When your operator enables it, you can add a one-time code from an authenticator app (Google Authenticator, 1Password, Authy…) to your password sign-in — set it up from your account's Change password page. Turning it on gives you ten single-use recovery codes: save them somewhere safe, as they're your only way back in if you lose your phone. 2FA applies to password sign-in; Sign in with Google is already protected by Google.
  • New-device sign-in alerts. If your operator has this on, we email you whenever your account is signed into from a device or country it hasn't been seen on before — so an unexpected sign-in doesn't go unnoticed. If it wasn't you, change your password right away with Forgot password.
  • Field encryption (encryption at rest). When the operator enables it, sensitive fields are encrypted in the backend before they reach the database, with a key the database never holds — so anyone with raw database, backup or dashboard access sees only ciphertext. It covers ssn and credit_card by type, and any field you tag sensitive / mask / pii on the Rules sheet — so you can encrypt a free-text notes or salary column too. Values are decrypted only for entitled viewers, masked in exports and support sessions by default, and card numbers are always reduced to their last 4 digits. Trade-off: an encrypted field can't be substring-searched (the index only ever sees ciphertext).
  • Support access. SheetApps support can only view your data after you grant read-only, time-limited consent; sensitive fields stay masked even then, and you can mark an app's data so support can't open it at all.
  • Data residency. Hosted data lives in the region of the SheetApps deployment you sign in to; there is currently no per-workspace region choice, and field-encryption uses a single operator-managed key. If you need data kept in a specific country, or you want to hold the encryption key yourself, self-hosting the app (or a published bundle) gives you full control of where the data lives and who holds the keys.
Mind the key. Field-encryption is only as recoverable as its key: the operator sets it, and if it's lost or rotated the encrypted values — including those in older backups — can't be read back. Whoever runs the deployment should back the key up safely and separately from the data.