Skip to content

Architecture & Security

How the Add-ins Work

SimpleAddins are Microsoft Word task pane add-ins built with Office.js — Microsoft's official framework for extending Office applications. They run inside Word's task pane sidebar and interact directly with your document through the Word JavaScript API.

Key Characteristics

  • Client-side only: All processing happens on your local machine. No document content is ever sent to a server.
  • Offline capable: Once installed, the add-ins work without an internet connection. Only licence checks and feedback submission require connectivity.
  • Sandboxed: Add-ins run in a secure sandbox with limited privileges — they can only access your document through the Office.js API, never the file system directly.

Technology Stack

ComponentTechnologyPurpose
LanguageTypeScript 5.xType-safe JavaScript with modern features
FrameworkOffice.jsMicrosoft Word API integration
BuildWebpack 5Module bundling with product-specific overlays
UIVanilla HTML/CSSLightweight, no external UI framework dependencies
StorageOffice.js Settings APIPersistent user preferences and data
AuthMSAL.jsMicrosoft SSO integration
PaymentStripe.jsClient-side licence purchasing
DocumentationVitePressStatic site generator for this documentation

Security Model

Local-First Data Architecture

The most important security principle is that your document data never leaves your machine:

OperationWhere it happensData transmitted
Scanning fieldsLocal Word APINone
Filling fieldsLocal Word APINone
Applying changesLocal Word APINone
Colour codingLocal Word APINone
Saving clipsLocal Office settingsNone
Saving sessionsLocal Office settingsNone
Licence checkSimpleAddins APILicence key only
Sending feedbackSimpleAddins APIYour message only

Data Storage

User data is stored using the Office.js Settings API, which provides two storage types:

  • Roaming settings: Synced across devices via your Microsoft/Office 365 account
  • Document settings: Saved within the specific Word file

All sensitive data (SSO tokens, user profile, clips) is encrypted with AES-256 before storage using the internal SecureStorage module.


Privacy by Design

What Data is Collected

Minimal telemetry only:

  • Licence validation requests (licence key hash, timestamp)
  • Feedback messages (only when explicitly submitted by you)
  • Anonymous error reports (if you opt in)

What Data is NEVER Collected

  • Document content or structure
  • Field values you enter
  • Text from clips you save
  • File names or paths
  • User behaviour analytics
  • Third-party tracking data

Ejudiciary Users

For users signing in with @ejudiciary.net Microsoft accounts:

  • Email domain is checked locally to enable Pro-equivalent features
  • No special tracking or data collection occurs
  • Enhanced Export and LLM Import features are unlocked client-side after SSO verification

Zero-Pin Design

The add-ins use a zero-pin architecture for clean resource management:

  • No persistent timers: No setInterval loops running in the background
  • No document event listeners: No DocumentSelectionChanged handlers pinning the JavaScript runtime
  • Explicit cleanup: Event listeners are removed when panels close or tabs switch

This means:

  • Documents can close cleanly without "save pending" warnings caused by the add-in
  • Word can shut down normally even if the add-in is open
  • No background CPU usage when the add-in is idle

Third-Party Dependencies

DependencyPurposePrivacy Impact
Microsoft Office.jsWord APIMicrosoft standard library
MSAL.jsMicrosoft SSOAuthenticates directly with Microsoft
Stripe.jsPayment processingLoads from Stripe; card data never touches our servers

No analytics libraries, tracking pixels, or advertising scripts are included.


Next Steps

SimpleAddins — Professional add-ins for Microsoft Word