How Sheetspin works
Give Sheetspin your pitch. AI spins your website's full data backend into existence — forms, content, gallery, calendar, newsletter, and more — entirely inside your Google Drive. No server, no subscription, no lock-in.
The problem with website backends
Most websites need a backend the moment they add a contact form, a blog, or a newsletter signup. The options are either a paid SaaS (that owns your data), a DIY server (that requires ongoing maintenance), or a patchwork of separate tools that don't talk to each other.
Sheetspin takes a different approach: your entire site's backend lives in a single Google Sheet that you already own. A single Google Apps Script acts as the API layer, reading a live configuration tab on every request. There's nothing to maintain and nothing to pay for.
Architecture overview
Sheetspin does not store your data. There is no Sheetspin database and no third-party storage of your information. Every provisioning API call is made directly from your browser using your own Google OAuth access token. AI features (site structure proposals and data seeding) route through a lightweight server endpoint that forwards your prompt to Gemini and returns the response without logging anything. The resources created belong entirely to you.
Your Browser
│
├─── Google OAuth ──▶ Short-lived access token (memory only)
├─── Gemini API (Google) ──▶ AI proposes site module structure
├─── Google Drive API ──▶ Creates Sheet + Drive folder
├─── Apps Script API ──▶ Creates & deploys API handler
└─── (no Sheetspin server involved)
Your site's live API (after provisioning):
Visitor's Browser / Your Claude agent
│
└─── fetch(scriptUrl, { body: URLSearchParams })
│
└─── Apps Script ──▶ reads _manifest tab at runtime
├─── form tab: appends row + sends email
├─── rows tab: GET returns JSON array
├─── key-value: GET returns config object
└─── Returns { result: 'success' } or { result: 'error', error: '...' }The manifest pattern — no redeployment needed
The Apps Script handler doesn't have your site structure hardcoded into it. Instead, it reads a _manifest tab in your Google Sheet on every request. The manifest is a JSON object that lists all your modules — their names, types, form field configurations, and Drive folder references.
This means you can add a new module, remove an old one, or update form fields by simply updating the sheet and the manifest row. No redeployment. No changes to the script. Your endpoint URL never changes.
Step-by-step walkthrough
Sign in with Google
You grant Sheetspin a temporary OAuth access token. This token lives only in browser memory — it's never sent to any Sheetspin server, never written to disk, and is gone the moment you close the tab.
Describe your site to AI
Type a plain-English description of your website — what it does, what kind of content it has, whether it needs forms or a gallery. Gemini (Google's AI) reads this and proposes a complete module structure: each tab, its type (form, rows, key-value, asset, etc.), field names, and settings.
Review and customize
You see each proposed module as a card. For form-type modules, you can expand the field editor to customize field labels, types (text, email, textarea, phone, select), required flags, and email settings (CC, BCC, subject, sender name, reply-to, honeypot spam protection). Accept, edit, or remove any module before provisioning.
Your Drive gets the full spin
A Drive folder is created for your site. Inside it: a Google Sheet with one tab per module plus a _manifest tab, and an asset subfolder for any file storage modules. All columns are pre-populated based on the module type and your field definitions.
Apps Script is deployed
A single Apps Script project is created and bound to your sheet. The doPost() handler receives form submissions; doGet() serves row data as JSON. Both read the _manifest tab at runtime so the script never needs to be updated as your site evolves. The script is deployed as a public web app — producing the unique HTTPS URL that is your site's API endpoint.
Authorize your script
Because the script was deployed via API, Google requires a one-time manual authorization before it can run. Open the script URL shown in the Site Kit, sign in if prompted, and approve the permissions dialog. The script requests three scopes: access to its one spreadsheet (spreadsheets.currentonly), email sending (gmail.send), and read access to its Drive folder (drive.readonly). This runs under your Google account — not ours.
Manage and evolve your site
From the Site Kit, you can add new modules at any time, remove ones you no longer need, and edit form field configurations — all with instant effect. No code changes, no redeployment. Use AI-powered data seeding to populate any module with realistic sample data using Gemini, or export your CLAUDE.md skill file so your Claude Code agent knows your site's full API and data schema.
What gets created in your Google Drive
A Drive folder
Named after your site slug. Contains your Google Sheet and any asset subfolders. You can browse, share, and manage it like any other Drive folder.
A Google Sheet with multiple tabs
One tab per module (form submissions, blog posts, gallery images, etc.) plus a _manifest tab that the script reads on every request. All tabs are pre-populated with the correct column headers.
A single Apps Script web app
One script handles all your modules dynamically by reading the _manifest tab. It supports form submissions (doPost) and data retrieval (doGet). One deployment URL, forever — no matter how many modules you add or remove.
Module types
Contact Form
Submissions go to a sheet tab + email notification. Supports CC, BCC, custom subject, honeypot spam protection.
Newsletter
Single email field form. Collects subscriber addresses in a dedicated tab.
Blog / Content
Structured rows with title, body, slug, and published flag. Your doGet endpoint returns published items as JSON.
Gallery
Links Google Drive image files to rows in a sheet tab. Your doGet returns captions and Drive file IDs.
Calendar / Events
Date-structured rows with title, description, start/end times. Returned as a sorted JSON array.
Asset Storage
Files are uploaded to a Drive subfolder. The doGet endpoint lists them for your frontend.
Site Config
Key-value pairs for site-wide settings (tagline, social links, etc.). Retrieved as a single JSON object.
Custom Rows
Freeform tabular data with any column structure you define. Returned as a JSON array.
CLAUDE.md — your AI skill file
After provisioning, the Site Kit lets you export a CLAUDE.md file. Drop this into your website project and Claude Code will understand your site's entire backend without any configuration:
You can also use the AI seed data feature to populate any module with realistic sample rows generated by Gemini — useful for testing your frontend before real data arrives. The seed request sends only your column names and module type to the AI — no personal data.
Limitations to know about
Email quota
Google Apps Script free accounts are limited to roughly 100 email notifications per day. This is a Google-imposed limit that applies to your personal Apps Script quota.
One-time script authorization required
After provisioning, you must visit the script URL once while signed in to Google to authorize it. This is a Google requirement for scripts deployed via the API. The authorization dialog will show the script requesting spreadsheets.currentonly, gmail.send, and drive.readonly — all scoped to the resources for this one site.
Apps Script API must be enabled
The Google Apps Script API must be enabled in your Google account before provisioning. If it isn't, Sheetspin will detect this and show a direct link to enable it — it's a single toggle.
No file uploads via the form endpoint
The API endpoint handles URL-encoded data and JSON, not multipart uploads. File storage uses Drive directly — asset modules list files you upload to Drive manually or via the Drive API.
Honeypot-only spam protection
Forms support a honeypot hidden field that silently discards bot submissions. For higher-traffic forms, consider adding reCAPTCHA to your frontend HTML manually.