AttendanceSheeter

Security

How we protect your data at every layer

Security Is the Architecture, Not a Feature

AttendanceSheeter is built from the ground up so that your data is protected by default — not by policy alone, but by the way the system works.

Encryption at Every Layer

Free Tier: Zero-Knowledge

Your attendance data is encrypted on your device before it ever reaches our servers. We never see the plaintext — only you hold the key to decrypt it.

Sheeter+: Encrypted at Rest

Every Sheeter+ user gets their own unique encryption key. Attendee data is encrypted before it's stored — even if someone accessed the database directly, they'd see only encrypted data.

In Transit

All connections use TLS encryption. Data is encrypted between your browser and our edge servers — the same standard used by banks and financial institutions.

Per-User Data Isolation

Each Sheeter+ account has its own encryption key. Your data is encrypted with your key alone — no other user's key can decrypt it, and our systems only decrypt your data when you actively request it (viewing your dashboard, exporting a report, etc.).

What this means in practice: Even in the unlikely event of a database breach, an attacker would see only encrypted data. Each user's data requires a separate key to decrypt, and those keys are themselves protected by an additional layer of encryption.

Secure Public Submissions

When attendees submit via QR code or kiosk, they aren't logged in — but their data is still encrypted before storage. Each sheet has its own encryption keypair so that public submissions are protected from the moment they're received.

  • QR code submissions are encrypted with the sheet's public key
  • Kiosk submissions use the same protection
  • Only the sheet owner can decrypt and view the data
  • Bot protection via Cloudflare Turnstile prevents spam submissions

Automatic Data Deletion

Free Tier

All data automatically and permanently deleted within 24 hours. No exceptions, no archives, no backups.

Sheeter+

Data retained for up to 30 days for your convenience, then automatically and permanently deleted.

Instant deletion available anytime. You can delete individual attendees, entire sheets, or your whole account at any time — no waiting period, no "are you sure?" delays on data removal.

What Gets Encrypted

All personally identifiable information (PII) is encrypted at rest for Sheeter+ sheets:

Full Name
Email
Phone
Position
Organization
Referred By
Digital Signature
Custom Fields

Non-sensitive metadata like timestamps and submission method remain unencrypted so we can sort and display your data without decrypting everything.

Compliance & Data Rights

  • GDPR compliant: Full data export and account deletion available from your settings
  • CCPA compliant: We don't sell your data — ever
  • Data portability: Export all your data as JSON at any time
  • Right to erasure: Delete your account and all associated data instantly
  • Minimal collection: We only collect what's needed to provide the service
  • No third-party data sharing: Your attendance data is never shared with or sold to anyone

Infrastructure

AttendanceSheeter runs on Cloudflare's global edge network — the same infrastructure trusted by millions of websites worldwide. Your data is processed at the edge location closest to you for speed and reliability.

  • Edge-deployed serverless functions (no persistent servers to compromise)
  • DDoS protection included by default
  • Automatic TLS certificate management
  • Rate limiting on all submission endpoints to prevent abuse

Payment Security

All payment processing for Sheeter Pro subscriptions is handled securely through our Merchant of Record, Polar.sh, and their payment processor, Stripe.

  • No card data on our servers: Credit card information is transmitted directly to Stripe — it never touches AttendanceSheeter servers
  • PCI DSS Level 1: Payment processing meets the highest level of PCI compliance
  • Webhook verification: Subscription status updates are verified via HMAC signature validation
  • API key security: API keys are SHA-256 hashed before storage — raw keys are never stored
  • Minimal data: We store only subscription status, plan type, and billing period dates

Digital Signature Protection

Signatures are treated as sensitive biometric data. They're encrypted at rest alongside other PII, excluded from Excel exports for security, and watermarked in PDF exports to prevent tampering and verify authenticity.

Questions about our security?

Read our full Privacy Policy or reach out to our community on Facebook.