Trade-off
We gave up persistent servers
Stateless containers are harder to build and can't rely on local state between requests. But nothing persists after analysis - no disk, no leftover data.
We protect your data by never storing it.
Most analytics tools permanently store your customer data. Jetti Sheets processes everything within Google's infrastructure and keeps nothing.
0
Permanent databases of customer data
4
OAuth permissions requested
24h
Maximum cache retention
100%
Google Cloud infrastructure
We set out to build a safer sidebar.
A tool that lives inside your spreadsheet, processes data in memory, and keeps nothing is architecturally safer than a standalone platform that permanently stores every customer record in its own database. That's not a workaround - it's a better model.
Standalone analytics tools ask you to connect your Stripe account and hand over your entire transaction history - forever. If they get breached, years of your data is exposed. If you leave, your data stays behind. We built Jetti Sheets to be the opposite of that. Process, return, don't store.
It's harder to engineer this way. But it means there's no permanent copy of your customer data on our servers, ever. And as we expand to direct API integrations, every new feature follows the same principle.
Trade-off
We gave up our own database
A permanent database would make our product faster and easier to build. Instead, we use a 24-hour cache you control - because your data shouldn't live on our servers.
Trade-off
We gave up multi-cloud flexibility
Running entirely on Google Cloud means your data never crosses provider boundaries.
Trade-off
We gave up control over deletion
You can see and delete your cached data anytime from the sidebar. We deliberately built it so you don't need our permission or our help to remove your data.
Architecture
Six layers of protection
Every component minimizes how much data we touch, how long we touch it, and who can access it.
Stateless processing
Google Cloud Run containers with no persistent disk. Your data lives in memory during analysis, then the container shuts down. Nothing is written to disk, ever.
Encrypted temporary cache
Analysis results can be cached up to 24 hours for faster repeat views. Encrypted at rest with AES-256, isolated per-user, and auto-deleted. You can also clear it instantly from the sidebar.
Two-layer authentication
Every API request is verified twice: Google Cloud Run IAM validates your Google identity at the network edge, then our License API confirms your subscription and available tokens.
Google-only network
All data travels over Google's internal encrypted network. No external servers.
Per-user isolation
Cached data is keyed to a SHA-256 hash of your email address. No user can access, see, list, or delete another user's cache entries. Completely isolated.
Minimal logging
System logs contain request metadata only: timestamps, row counts, request IDs. Email addresses are masked via hash function in all logs. Retained 30 days, then permanently deleted.
Data Flow
What happens when you click Generate
Your data makes one round trip through Google's encrypted network and comes back as a report in your spreadsheet.
Your Sheet
Source of truth
Google Network
Encrypted in transit
Analysis Engine
In-memory, stateless
Your Report
Written to your sheet
Your spreadsheet is the only permanent copy of your data - before, during, and after analysis.
Permissions
What Jetti Sheets can and can't access
We request the minimum OAuth scopes required to function. Nothing more.
| Permission | Why it's needed |
|---|---|
| View and manage spreadsheets | Read your data for analysis, write results to new tabs in your spreadsheet. |
| Connect to external service | Send data to our analysis engines running on Google Cloud Run. |
| Display sidebar content | Render the Jetti Sheets interface panel inside Google Sheets. |
| Google Drive (file picker only) | Let you select specific files to upload via Google Picker UI. We can only see files you explicitly choose - never your full Drive. |
Full Drive access Gmail Calendar Contacts Other spreadsheets Background execution
Not requested. Not accessible. Jetti Sheets can only see your active spreadsheet and files you explicitly select via the file picker.
Google Workspace Marketplace verified. Jetti Sheets passed Google's security review for OAuth scope compliance, data handling, and permission requirements.
Data Retention
Everything we store. Nothing more.
Three categories. That's the complete list.
| Data | Duration | Purpose |
|---|---|---|
| Email + license key | Until you request deletion | Subscription validation |
| Cached analysis results | 24 hours max (auto-delete) | Faster repeat views. Encrypted, isolated, user-deletable anytime. |
| Request metadata | 30 days | Debugging only. Timestamps, row counts, masked emails. |
We do not store: customer names, revenue figures, transaction history, spreadsheet contents, payment data, or any information from your analysis. Your spreadsheet is the only place your data lives.
Comparison
A fundamentally different architecture
Traditional analytics tools need a permanent connection to your payment provider and a database to store everything. We need neither.
Standalone analytics tools
Customer data
Stored permanently - every record, forever
Revenue database
Yes, accessible to their support team
Where data lives
Copied to their AWS/GCP servers
If breached
Full customer history exposed
Delete your data
Submit a request and wait
API connection
Permanent OAuth to Stripe
Payment provider credentials
Holds your Stripe API keys
Data visibility
No way to see what they've stored about you
Jetti Sheets
Customer data
No permanent storage
Revenue database
No database exists
Where data lives
Your sheet -> Google Cloud -> your sheet
If breached
Max 24h of encrypted, auto-deleting cache
Delete your data
Delete it yourself, instantly, from the sidebar
API connection
None required - works from your spreadsheet
Payment provider credentials
Not required - no API keys to your payment provider
Data visibility
See every cached file - its size, type, and age - from the sidebar
FAQ
Security questions
No. The analysis pipeline is fully automated - your data goes in, results come out, no human is involved at any point. Cached data is encrypted, isolated per-user, and auto-deleted within 24 hours.
The worst-case exposure is cached analysis results from the last 24 hours - encrypted at rest and isolated per-user. There's no database of customer records, no transaction history, no API credentials to payment providers. Compare this to a breach at a standalone analytics tool, which would expose your entire customer history from the day you connected your account.
Open the Reports tab in the Jetti Sheets sidebar. You'll see every cached file - its size, type, and age. Select individual entries or clear everything at once. It takes about two seconds. Anything remaining auto-deletes after 24 hours regardless.
No. Your data generates your report. That's the only thing it's used for. We don't aggregate across users, we don't build profiles, we don't sell data, and we don't feed anything into AI models. Our revenue comes from subscriptions - you pay us for the tool, not the other way around.
Your reports stay in your spreadsheet - they're regular tabs you own. Any cached data auto-deletes within 24 hours. Your license record (email + key) is kept so you can reactivate later, but email support@jettisheets.com and we'll delete that within 48 hours.
No. When we add direct API integrations (e.g., connecting to Stripe), they'll follow the same privacy-preserving architecture: process your data, return results, don't store it permanently. The same stateless processing, the same temporary cache model, the same user-controlled deletion. The principles that define this security page won't change as the product grows.
Infrastructure
Technical specifications
For security teams and technical evaluators.
Processing
Google Cloud Run - stateless containers with no persistent disk, in-memory only, per-request lifecycle. Containers terminate after each analysis.
Cache storage
Google Cloud Storage with 24-hour lifecycle policy. AES-256 encryption at rest via Google-managed keys. Per-user isolation via SHA-256 hashed identifiers.
Authentication
Layer 1: Google Cloud Run IAM validates Google identity tokens at the network edge. Layer 2: License API verifies active subscription + available tokens.
Network
Single-region deployment on Google Cloud. All traffic encrypted in transit over Google's internal backbone. Zero egress to third-party services.
License database
Google Cloud SQL (PostgreSQL) with regional HA. Stores email + license key only. No customer data, no revenue data, no spreadsheet contents.
System logging
Request metadata only: timestamps, row counts, request IDs, error codes. Email addresses are masked via deterministic hash. 30-day retention window.
Security Roadmap
What's in place and what's next
We're transparent about where we are and where we're going. This page will be updated as items ship.
Shipped
Stateless, in-memory processing
AES-256 encrypted cache
24-hour auto-expiry on all cache
User-controlled cache management
Two-layer authentication
Email masking in all system logs
Per-user SHA-256 isolation
Google Cloud-only infrastructure
Coming next
Formal cache access audit logging
SOC 2 Type I certification
Data processing agreements
Customer-managed encryption keys
External penetration testing
Have a question about security?
We take every inquiry seriously and respond within 48 hours.