[tptacek]

Why are you trying to encrypt online spreadsheets? It's very unlikely that you're going to get much operational security out of the encryption features in a spreadsheet application; you will get far more security out of careful use of sharing and authorization controls, which are things you can get from Google Docs and not so much from other platforms.

Remember too, if the tool you're looking at works entirely in a browser, without an extension (sometimes even with an extension!), it's not "end-to-end encrypted"; it's as encrypted as the server wants you to be as you run it.

[kanjus]

I should have specified my threat model above, I'd ideally want zero-knowledge encryption on all tools, since Google is a threat in my model: assume that the NGO has a database of whistleblowers that needs protection

[colejohnson66]

Even if the encryption and decryption is done client side like with Mega?

[ekiru]

Yes, the server can straightforwardly, any time you load the application, serve to you (including to specifically you, a single target, making it much less likely to be noticed), a modified version of the JavaScript powering that client-side encryption which will send the plaintext off to the server.