Protection and Security Standard¶
Protection is a usability safeguard, not a security control¶
Excel sheet protection, workbook structure protection, and cell locking exist in this venture's products to prevent accidental edits — a customer overwriting a formula by typing in the wrong cell, or reordering tabs by mistake. They are not, and must never be represented as, a security boundary. Excel protection features are trivially bypassable (including without a password, using widely known methods) and provide no meaningful protection against a motivated user.
Do not claim protected workbooks are "secure"¶
No product documentation, marketplace listing, or customer-facing material may describe a protected sheet or workbook as "secure," "locked," "safe from tampering," or similar language implying a security guarantee. Acceptable framing is functional and modest: e.g., "Sheets are protected to help prevent accidental changes to formulas."
Do not store secrets or credentials in workbooks¶
Products must never embed API keys, passwords, tokens, or any other credential inside a workbook, its properties, or any linked external data connection. Workbooks are distributed, downloadable files with no meaningful access control once purchased; anything embedded in them should be treated as effectively public.
Relationship to company-level standards¶
This standard is a venture-specific application of, and does not substitute for, the company-level ../../../../docs/standards/security-and-privacy-standard.md and the trust commitments in ../../../../docs/company/customer-trust-principles.md. Where those documents impose stricter requirements, they govern.