WITAN Witan Exec · Render · Calc · Lint · Alternatives · Pricing · Agent Skills · Install Witan --- # Security & data handling Witan is an API service. Spreadsheet files are sent to `api.witanlabs.com` for server-side processing (render, calc, lint, and exec). ## Data handling modes ### Default mode - Files are uploaded and cached server-side by content hash. - Cached files are scoped to your organization and role. API keys can access org-level files; org members can access org-level files and their own user-scoped files. - There is no cross-organization file access. - Retention window is short and limited to service operation needs. ### Stateless mode (`WITAN_STATELESS=1`) - Files are processed in memory and immediately discarded. - No workbook content is retained after the request completes. - Useful for sensitive financial and regulated data workflows. Enable stateless mode: export WITAN_STATELESS=1 witan xlsx render report.xlsx -r "Sheet1!A1:Z50" On Windows (PowerShell): $env:WITAN_STATELESS = "1" ## Encryption and transport - In transit: HTTPS (TLS). - At rest: encrypted storage for non-stateless requests. ## Network requirements Outbound host allowlist: - `api.witanlabs.com` on port `443` over HTTPS. No additional outbound hosts are required by the CLI. ## Retry behavior The CLI retries transient failures with exponential backoff: - Retryable status codes: `408`, `429`, `500`, `502`, `503`, `504`. - Network and timeout errors are retryable. - Most other `4xx` errors fail immediately. ## Supported file types - `.xlsx` (Office Open XML) - `.xls` (Excel 97-2003) - `.xlsm` (macro-enabled; macros are preserved but not executed) ## Compliance - DPA available on request via security@witanlabs.com - SOC 2 Type I certified ## Responsible disclosure Report vulnerabilities to security@witanlabs.com. We acknowledge reports within 48 hours. --- © Witan Labs Inc. 2026 hello@witanlabs.com · API Docs · GitHub · Research · Terms · Privacy
How your files are handled, what we store, and how to control it.
Witan is an API service. Your spreadsheet files are sent to api.witanlabs.com for server-side processing — rendering, recalculation, linting, and search all happen on our infrastructure. This page explains exactly what happens to your data.
Every API request operates in one of two modes. You choose which one.
Files are uploaded once and cached server-side by content hash. When you run a command against the same file, the CLI detects the match and skips the upload. This is faster for iterative workflows where you render, edit, render, edit the same file repeatedly.
WITAN_STATELESS=1)Files are sent with every request, processed in memory, and immediately discarded. Nothing is written to disk. No data is retained after the response is returned.
export WITAN_STATELESS=1
witan xlsx render confidential-report.xlsx -r "Sheet1!A1:Z50"
| SOC 2 Type I | Certified. Type II observation period in progress. |
| Encryption in transit | All connections use TLS. The CLI communicates exclusively over HTTPS (port 443). |
| Encryption at rest | All stored data (cached files, logs) encrypted with AES-256. |
| Access isolation | Uploaded files are organization-scoped with role-based access controls. There is no cross-organization access. |
| No training use | File contents are never used for model training, analytics, or any purpose beyond serving your API request. |
| No third-party sharing | File contents are not shared with third parties. |
| Cloud provider | Amazon Web Services (AWS) |
| Data residency | US by default. Single-tenant deployments in custom regions are available — get in touch. |
| Self-hosting | Witan can be deployed on your own infrastructure for full data sovereignty. Contact us to discuss. |
The CLI needs outbound HTTPS access to a single endpoint:
| Host | Port | Protocol |
|---|---|---|
api.witanlabs.com |
443 | HTTPS |
No other outbound connections are made. If your environment uses an allowlist or egress firewall, add this single host.
The CLI automatically handles transient failures so your agent doesn't have to.
408, 429, 500, 502, 503, 504, and network/timeout errors are retried with exponential backoff.4xx responses (authentication failures, bad requests) fail immediately. No retries.Your agent sees either a successful response or a final error — never a transient failure it needs to handle itself.
| Extension | Format |
|---|---|
.xlsx |
Excel workbook (Office Open XML) |
.xls |
Excel 97–2003 workbook (legacy binary format) |
.xlsm |
Macro-enabled Excel workbook (macros are not executed) |
| DPA | A Data Processing Agreement is available on request. Contact us. |
| SOC 2 | Type I certified. Type II observation period in progress. |
If you discover a security vulnerability, please report it to security@witanlabs.com. We will acknowledge receipt within 48 hours and work with you on a fix before any public disclosure.