Security & privacy

Your workbooks are the most sensitive thing you own

So we built SheetDelta to touch them as little as possible. Most of what we do never leaves your device at all — and where it does, you decide exactly how much.

Read the privacy policy Contact security

What happens to your files, by surface

Pick the surface whose trust posture matches the workbook in front of you.

Free web tool
Desktop app
Excel add-in
Hosted platform
Self-hosted
Where files are processed Your browser Your machine Your device Our servers Your network
Files leave your control Never Never Never (free mode) Only files you connect Never
Stored at rest by us No No No Encrypted; retention you set No — your storage
Account required No No No Yes Yes
Usable air-gapped Diffing only

“Never (free mode)” for the add-in means signed-out, local diffing. When you sign in to a team review, you’re working against versions your team has already connected to the platform.

The questions a security team actually asks

Straight answers, not a generic trust page.

Are files uploaded, or processed locally?
The web tool and the free add-in process everything locally — in your browser or in Excel. The desktop app is fully offline. Only the hosted platform processes files on our servers, and only the files you explicitly connect.
Are files stored?
Not by the local surfaces. On the hosted platform, connected versions are stored encrypted so you can diff and review them — with retention you control.
Can we control or disable retention?
Yes. Hosted customers set how long versions and diffs are kept; Business plans add stricter retention controls and legal-hold options.
Is there an offline / CLI option?
Yes — the desktop app and the CLI both run with no network access to your file data. The CLI is built for CI and scripted comparisons.
Can teams self-host?
Yes. The whole platform can run inside your own network, including fully air-gapped, on an annual contract.
What is logged?
The local tools keep no logs of your file contents. The platform logs the metadata it needs to run the audit trail — who changed and approved what, and when — never the values of cells you didn’t connect.
How are workbooks encrypted?
In transit with TLS 1.3 and at rest with AES-256 on the hosted platform. Self-hosted deployments use your own storage and keys.

Least privilege, by design

When you connect SharePoint or OneDrive, SheetDelta asks only for the specific libraries you choose — using Microsoft Graph’s Sites.Selected permission model. It can’t see the rest of your tenant, and your admin approves exactly which sites it watches. The most sensitive workbooks never need the cloud at all: that’s what the offline desktop app and self-hosting are for.

Frequently asked questions

What permissions do you request on SharePoint / OneDrive?
The least we can. The platform uses Microsoft Graph’s Sites.Selected model, which grants access only to the specific libraries you choose — not your whole tenant. An admin approves exactly which sites SheetDelta can watch.
Where is the hosted platform data held?
In the region you choose at signup. If your workbooks legally can’t leave your jurisdiction or your premises, self-hosting keeps everything inside your own network.
Do you train any models on our workbooks?
No. Your workbook contents are never used to train models and are never shared with third parties.
How do we delete our data?
Hosted data is deletable on request — contact us and we purge it. Self-hosted data is yours to manage entirely. The local tools store nothing on our side to begin with.

Have a security review to run?

Send us your questionnaire — we’d rather answer it up front than surprise you later.

Contact security See the privacy policy