Skip to content
Privacy & Security

Your spreadsheet neverleaves your spreadsheet.

Formula Foundry was built around a single architectural premise: the editor runs on the client, the data stays in the sheet, and the AI assistant only sees what you explicitly ask about. This page is what that means in practice — and what it means for your IT and procurement reviews.

Read our privacy policyQuestions? Talk to us

How we built this

Three architectural decisions worth knowing about.

Your data stays in your spreadsheet

The editor itself — multi-line authoring, syntax highlighting, @@variables, snippets, the visual builder — runs entirely on the spreadsheet client. @@variable definitions live in a hidden sheet inside your workbook, not on our servers. We don't transmit your formulas, your cell values, or any other workbook content to Formula Foundry servers as part of the editing experience. If you've installed the add-on and never used the AI assistant or saved a shared (team) snippet, your spreadsheet contents have never reached our infrastructure.

The AI assistant is opt-in and scoped

AI features are off by default until you click into them. When you do, only the cell, selection, or specific formula you reference is sent to the AI provider — never your full sheet, never adjacent ranges you didn't ask about. Each AI request is independent; we don't aggregate or retain a copy of your formula context beyond the duration of the request itself.

Analytics is consent-gated by default

Product analytics (PostHog) tracks anonymous, aggregated usage events — only after you grant consent through the cookie banner. The default is opt-out: until you click Accept, no analytics events are sent. Strictly necessary cookies (session, anti-fraud) are the only ones that run unconditionally, and they're scoped to the marketing site, not your spreadsheet.

What we touch and what we don't

Data we collect — and don't.

Concrete answer to the first question every IT review asks.

We never collect

  • Your full spreadsheet contents
  • Cell values from cells you didn't reference in an AI request
  • Workbook structure (sheet names, tab order, named ranges) outside the formulas you explicitly send to the AI
  • Formulas from cells you don't open in the editor
  • Your @@variable definitions — they live in a hidden sheet inside your workbook, not on our servers
  • Your collaborators' edits, comments, or activity
  • Anything from sheets you didn't open Formula Foundry on

We do collect (with your knowledge)

  • Your account email and name (for sign-in and billing)
  • The cells, selections, and formulas you explicitly send to the AI assistant — for the duration of that request
  • Aggregate, anonymous usage events on the marketing site, if you've granted analytics consent
  • Standard server logs (IP, user agent, request path) for security and abuse detection — retained for 30 days
  • Shared snippets you publish to your team's library (because team libraries need to sync across the team)

Infrastructure

Where things run.

Transport

All traffic over HTTPS (TLS 1.2+). The add-on talks to our backend through the same encrypted channels your spreadsheet client uses for its own API calls.

Authentication

Sign-in is handled by Firebase Auth — Google's identity infrastructure. We don't store passwords; authentication tokens are short-lived and refreshed transparently.

Hosting

The marketing site runs on Vercel; the customer-facing portal and API run on Firebase Hosting and Firebase Functions. Both are major cloud platforms with their own security postures and audit history; we don't reinvent transport or storage primitives.

Account data residency

Account, billing, and snippet library data is stored in Google Cloud regions selected for the user's account. Talk to us if your procurement requires a specific data-residency commitment.

Compliance & legal

What we have today.

GDPR-aligned cookie consent flow on the marketing site, built on Google Consent Mode v2 (default-deny baseline; analytics fires only after explicit acceptance). Privacy policy and terms of service are publicly available and version-controlled. Data Processing Agreement (DPA) and a sub-processor list are available on request for Business-tier customers — drop us a line and we'll get them to your legal team within one business day. Formal third-party security audits (SOC 2, ISO 27001) aren't on the shelf yet; if your procurement requires them, talk to us early so we can help your team make a documented risk assessment in the meantime.

Request a DPA

Got questions?

Security FAQs

Reviewing Formula Foundry for
your team or organization?

If you're running a procurement or IT review, we'd rather get questions early than discover surprises late. Email us with what your security review needs and we'll either point you at existing documentation or tell you honestly what we don't have yet.

Talk to usRead the privacy policy

Average reply time: under 1 business day.