Security Overview

Protecting your data is our primary directive. Learn how CellySheets secures your information from end-to-end.

1. Data Sovereignty & Compliance

For Canadian businesses, medical professionals, and legal entities, where your data is stored matters. CellySheets is built on the foundation of strict data sovereignty.

  • 100% Canadian Infrastructure: Our databases, WebSocket servers, and application layers are hosted entirely within Canada. Your data never crosses the border.
  • Protection from Foreign Laws: Because your data remains in Canada, it is protected against foreign jurisdictional reach, such as the US CLOUD Act.
  • Regulatory Compliance: We adhere strictly to PIPEDA (Personal Information Protection and Electronic Documents Act), FIPPA, and PIPA requirements.

2. Application Security

We utilize modern, battle-tested cryptographic standards to secure your account and data in transit and at rest.

  • State-of-the-Art Password Hashing: User passwords are securely hashed using Argon2, the winner of the Password Hashing Competition, rendering brute-force and rainbow table attacks mathematically infeasible.
  • Secure Authentication: Sessions are managed via short-lived, cryptographically signed JSON Web Tokens (JWTs).
  • Encryption in Transit: All data moving between your browser and our servers is encrypted using strict TLS/SSL protocols. Real-time collaboration occurs over Secure WebSockets (WSS).

3. Workspace & Access Control

Collaboration requires granular control over who can see and modify your data. We provide robust tools to manage access.

  • Role-Based Access Control (RBAC): Document owners can explicitly define collaborator permissions (Viewer, Commenter, Editor). Team plans support organizational roles (Owner, Admin, Member).
  • Comprehensive Audit Logs: For Team subscriptions, every critical action—such as user invitations, role modifications, document creations, and deletions—is securely logged. Admins can review these logs at any time to monitor workspace integrity.
  • Real-Time Synchronization Control: Our CRDT (Conflict-free Replicated Data Type) engine mathematically guarantees that document state remains consistent across all connected clients without requiring central locking.

4. Data Resilience

Your spreadsheets are your business's lifeblood. We ensure they are never lost.

  • Automatic Document Snapshots: CellySheets automatically captures regular binary snapshots of your document's state vector. This provides a reliable version history and acts as a fail-safe against accidental data deletion by collaborators.
  • Transactional Integrity: Our PostgreSQL database utilizes strict ACID transactions to ensure that storage quotas, billing events, and document updates remain perfectly synchronized.

5. Secure Payment Processing

We do not store your credit card information. All payments are processed securely through Helcim, a fully PCI DSS compliant, Canadian-based payment processor. Helcim securely tokenizes your payment methods to handle recurring subscriptions without exposing your sensitive financial data to our application servers.

6. Vulnerability Reporting

If you believe you have found a security vulnerability in CellySheets, please contact us immediately at security@cellysheets.ca. We take all reports seriously and will work rapidly to investigate and remediate any issues.