Trust isn't something you ship in a release. You earn it every day. We want to be upfront with you about a security event we detected, the steps we took right away, and how we came out the other side with zero customer data compromised.
What happened
On March 31st, 2026, our security monitoring flagged unusual activity targeting our infrastructure. The signals were subtle. The kind of thing that could easily look like noise. We didn't treat it as noise.
Within hours, I confirmed that bad actors were probing our systems. I immediately moved to a full incident response.
Here's what matters most: No customer data was accessed, leaked, or compromised. We caught this early, and we acted fast.
What we did about it
Most companies in this situation would patch the vulnerability, rotate credentials, and call it a day. We decided that wasn't good enough. When you trust us with your data, your spreadsheets, your business workflows, "probably fine" is not a standard we're okay with.
So we did something big: we moved our entire production database to a brand new, isolated instance and project.
Here's what that looked like:
1. Immediate containment
The moment I confirmed suspicious activity, I locked down access and started forensic analysis. I traced every request, checked every access log, and mapped the full scope of the threat. Our monitoring caught the activity so early that the bad actors never reached customer data.
2. Full infrastructure migration
Instead of just hardening the existing environment and hoping for the best, I built an entirely new database project from scratch. This wasn't a backup restore. It was a clean-room migration to completely separate infrastructure. No shared credentials, no shared access tokens, no shared attack surface with the original environment.
Every table, every row, every relationship was migrated with integrity checks at each step. I verified data consistency across the old and new environments before cutting over.
3. Credential rotation and access hardening
Every secret and every service account credential was regenerated. Nothing from the old environment carried over except the data itself. I also tightened access controls, reduced the blast radius of service accounts, and added more monitoring layers.
4. Verification and validation
Before bringing the new environment live, I ran the full test suite. I did manual verification of critical flows (authentication, billing, quota tracking, AI processing). And I confirmed that every customer's data was intact and accurate.
Why we went this far
We could have taken a lighter approach. The forensic analysis showed that customer data was never accessed. The probing was caught early. A credential rotation and patch would have been a reasonable response.
But SheetMagic handles sensitive data. Your spreadsheets contain business information. Your workflows depend on our reliability. I owed it to you to remove any possibility of compromise. Not reduce it. Remove it.
Moving to entirely new infrastructure was the most extreme option, and I chose it on purpose. The cost was real. Operational complexity and some very late nights. But I would rather go too far on your security than not far enough.
What this means for you
Nothing changes on your end. Your SheetMagic add-on, dashboard, and all integrations keep working exactly as before. Your data is intact. If you use your own AI API keys (BYOK), those were never at risk. They're stored locally in your Google account, not on our servers.
Our commitment going forward
This experience confirmed something we already believed: security isn't a checklist. It's a daily practice. Here's what we're doing to stay ahead.
We've expanded our anomaly detection to catch even subtler signals, faster.
Service accounts now run with the minimum privileges they need. If any single component is compromised, the damage stays contained.
We're running internal security reviews and infrastructure audits more often.
And we're telling you about it. You're reading this post because we believe you deserve to know when something happens, what we did, and why you can keep trusting us.
Thank you
To our users: thank you for trusting SheetMagic with your work. That trust means a lot to us. When I saw a threat, I didn't minimize it, I didn't delay, and I didn't cut corners. I treated your data like it was my own. Because that's the only standard that matters.
If you have questions about this incident or our security practices, reach out at support@sheetmagic.ai. We're happy to talk through the details.
Security summary: Suspicious activity detected early. Zero customer data compromised. Full infrastructure migration completed. All credentials rotated. Enhanced monitoring in place.