Privacy Policy

Last Updated: March 13, 2026

SSFeatures, LLC ("SSFeatures," "Company," "We," "Us," or "Our") is committed to protecting Your privacy. This Privacy Policy explains how We collect, use, disclose, and safeguard Your information when You use Our Service.

Please read this Privacy Policy carefully. By accessing or using the Service, You acknowledge that You have read, understood, and agree to be bound by this Privacy Policy. If You do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Definitions

For the purposes of this Privacy Policy:

"Account" means a unique account created for You to access Our Service, identified by Your email address.

"Browser Extension" means the SSFeatures browser extension software that enhances Smartsheet functionality, available for Chrome, Edge, Firefox, Safari, and other supported browsers.

"Company" means SSFeatures, LLC, a Nevada Limited Liability Company.

"Cookies" means small data files placed on Your Device that store information about Your browsing session or preferences.

"Dashboard" means the web-based user portal accessible at app.ssfeatures.com/dashboard where You can manage Your Account, Subscription, and licensed users.

"Device" means any device that can access the Service, such as a computer, smartphone, or tablet.

"Local Storage" means the browser-based storage mechanism used by the Browser Extension to store Your settings and preferences locally on Your Device.

"Personal Data" means any information that relates to an identified or identifiable individual.

"Service" means, collectively, the Browser Extension, Website, Dashboard, and any related software, features, or services offered by SSFeatures.

"Smartsheet" means the Smartsheet project management and collaboration platform operated by Smartsheet Inc., with which the Browser Extension integrates.

"Usage Data" means data collected automatically when using the Service, including analytics and diagnostic information.

"Website" means the SSFeatures website accessible at https://ssfeatures.com and all related subdomains.

"You" means the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service.

2. Data Controller

SSFeatures, LLC is the data controller responsible for Your Personal Data.

Contact Information:

• Email: [email protected]
• Website: https://ssfeatures.com/contact

For security-related inquiries, please visit Our Trust Center at https://trust.ssfeatures.com.

3. Information We Collect

3.1 Account Information

When You create an Account or subscribe to Our Service, We collect:

• Email address
• First name
• Last name
• Organization name (if provided)
• Billing address (for paid subscriptions)

3.2 Browser Extension Data

What We Collect:

The Browser Extension collects minimal data necessary to provide the Service:

• Authentication Data: The email address, first name, and last name associated with Your Smartsheet account to verify Your subscription status
• Feature Usage Analytics: Anonymous data about which SSFeatures features You use (e.g., "Auto Sort feature activated") to improve Our Service

What We Do NOT Collect:

SSFeatures never collects, transmits, or stores Your Smartsheet data. This includes:

• Sheet data, cell contents, or formulas
• Report data or dashboard content
• Form submissions or responses
• Comments, attachments, or proofs
• DataMesh, Data Shuttle, or Bridge data
• Dynamic View or WorkApps content
• Any other Smartsheet content or metadata

Your Smartsheet data remains entirely within Your browser and is never sent to SSFeatures servers.

3.3 Settings and Preferences (Local Storage Only)

Your SSFeatures settings and preferences (such as sort configurations, feature preferences, and UI customizations) are stored exclusively in Your browser's Local Storage. This data:

• Is stored only on Your Device
• Is never transmitted to Our servers
• Is never stored in Our databases
• Is automatically deleted if You uninstall the Browser Extension

3.4 Usage Data

We automatically collect certain information when You access the Service:

• IP address
• Browser type and version
• Operating system
• Device identifiers
• Pages visited on Our Website
• Time and date of access
• Time spent on pages
• Referring website addresses
• Clickstream data

3.5 Payment Information

When You make a purchase, payment information is collected and processed directly by Our payment processor, Stripe. We do not collect, store, or have access to Your full payment card details. We receive only:

• Last four digits of the card (for display purposes)
• Card type (e.g., Visa, Mastercard)
• Billing address
• Transaction confirmation

3.6 Communications

When You contact Us, We collect:

• Email address
• Name
• Content of Your message
• Any attachments You provide
• Support ticket history

4. How We Collect Information

4.1 Information You Provide

We collect information You voluntarily provide when You:

• Create an Account
• Subscribe to the Service
• Contact Our support team
• Respond to surveys or feedback requests
• Participate in promotions

4.2 Information Collected Automatically

We automatically collect information through:

• Cookies and Similar Technologies: When You visit Our Website
• Browser Extension: When You use SSFeatures with Smartsheet
• Server Logs: When You access Our servers
• Analytics Tools: Through Our third-party analytics providers

4.3 Information from Third Parties

We may receive information from:

• Smartsheet: Basic profile information (email, first name, last name) when You use the Browser Extension with Smartsheet
• Payment Processors: Transaction status and billing information from Stripe

5. Legal Basis for Processing (GDPR)

If You are located in the European Economic Area (EEA), United Kingdom, or Switzerland, We process Your Personal Data based on the following legal grounds:

5.1 Contract Performance

We process Personal Data necessary to:

• Provide and maintain the Service
• Process Your Subscription and payments
• Manage Your Account
• Provide customer support

5.2 Legitimate Interests

We process Personal Data for Our legitimate business interests, including:

• Improving and optimizing the Service
• Analyzing usage patterns and trends
• Preventing fraud and ensuring security
• Marketing Our products and services (with appropriate safeguards)

5.3 Legal Obligations

We process Personal Data to comply with legal obligations, such as:

• Tax and accounting requirements
• Responding to lawful requests from authorities
• Enforcing Our terms and policies

5.4 Consent

Where required by law, We obtain Your consent before:

• Sending marketing communications
• Using certain Cookies and tracking technologies
• Processing sensitive Personal Data

You may withdraw consent at any time by contacting Us at [email protected].

6. How We Use Your Information

We use the information We collect to:

6.1 Provide and Maintain the Service

• Verify Your subscription status and license validity
• Enable access to features included in Your Subscription
• Process transactions and send related information
• Provide customer support and respond to inquiries

6.2 Improve the Service

• Analyze usage patterns to improve features
• Identify and fix bugs and technical issues
• Develop new features and functionality
• Conduct research and analysis

6.3 Communicate With You

• Send transactional emails (receipts, subscription updates)
• Respond to Your inquiries and support requests
• Send security alerts and important notices
• Provide product updates and announcements

6.4 Marketing (With Consent)

• Send promotional communications about Our products and services
• Inform You of special offers and new features

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email or contacting Us at [email protected].

6.5 Security and Fraud Prevention

• Monitor for suspicious or fraudulent activity
• Protect against unauthorized access
• Enforce Our Terms and Conditions
• Comply with legal obligations

7. How We Share Your Information

We do not sell Your Personal Data. We may share Your information in the following circumstances:

7.1 Service Providers

We share information with third-party service providers who perform services on Our behalf (see Section 9 for details).

7.2 Business Transfers

If SSFeatures is involved in a merger, acquisition, or sale of assets, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different privacy policy.

7.3 Legal Requirements

We may disclose Your information if required to do so by law or in response to valid legal requests by public authorities (e.g., a court or government agency).

7.4 Protection of Rights

We may disclose information when We believe disclosure is necessary to:

• Comply with a legal obligation
• Protect and defend Our rights or property
• Prevent or investigate possible wrongdoing
• Protect the safety of Users or the public
• Protect against legal liability

7.5 With Your Consent

We may share Your information for other purposes with Your explicit consent.

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

Essential Cookies (Required)

• Purpose: Authentication, security, and basic functionality
• Duration: Session or persistent (up to 1 year)
• Example: Session cookies to keep You logged in

Functional Cookies

• Purpose: Remember Your preferences and settings
• Duration: Persistent (up to 1 year)
• Example: Language preferences, dashboard layout

Analytics Cookies

• Purpose: Understand how visitors interact with Our Website
• Duration: Up to 26 months
• Provider: PostHog
• Example: Page views, feature usage

Performance Cookies

• Purpose: Monitor and improve Service performance
• Duration: Session or short-term
• Provider: Sentry
• Example: Error tracking, performance metrics

8.2 Managing Cookies

You can control Cookies through Your browser settings:

• Block All Cookies: May prevent You from using some features
• Delete Cookies: Will log You out and reset preferences
• Accept All Cookies: Provides the best experience

Most browsers allow You to:

• View what Cookies are stored
• Delete Cookies individually or all at once
• Block third-party Cookies
• Block Cookies from specific sites

8.3 Do Not Track Signals

Our Service does not track users across third-party websites and therefore does not respond to Do Not Track (DNT) signals. We do not engage in cross-site tracking.

9. Third-Party Service Providers

We use the following third-party services to operate and improve Our Service:

9.1 Payment Processing

Stripe

• Purpose: Process payments and manage subscriptions
• Data Shared: Name, email, billing address, payment information
• Data Stored by SSFeatures: Transaction IDs, last four digits of card
• Privacy Policy: https://stripe.com/privacy
• Compliance: PCI-DSS Level 1 certified

9.2 Authentication

Keycloak (Self-Hosted)

• Purpose: Secure user authentication and identity management
• Data Processed: Email, name, authentication tokens
• Location: Hosted on Our servers (see Section 11)
• Note: Keycloak is open-source software that We host and control

9.3 Analytics

PostHog

• Purpose: Anonymous product analytics to understand feature usage
• Data Shared: Anonymized event data only (e.g., "feature X was used"); no personal identifiers, user IDs, or email addresses are sent to PostHog
• Privacy Policy: https://posthog.com/privacy
• Data Retention: 26 months
• Note: Analytics data is not tied to individual users

9.4 Error Monitoring

Sentry

• Purpose: Error tracking and performance monitoring
• Data Shared: Error logs, stack traces, device/browser information
• Privacy Policy: https://sentry.io/privacy
• Note: We configure Sentry to minimize Personal Data collection

9.5 Cloud Infrastructure

DigitalOcean

• Purpose: Cloud hosting and data storage
• Data Stored: Account data, server logs, database backups
• Location: United States (North America)
• Privacy Policy: https://www.digitalocean.com/legal/privacy-policy
• Compliance: SOC 2 Type II certified

9.6 Business Communications

Google Workspace

• Purpose: Email communications, document storage, internal collaboration
• Data Processed: Email correspondence, support communications
• Privacy Policy: https://policies.google.com/privacy
• Compliance: SOC 2, ISO 27001 certified

9.7 Email Marketing

MailerLite

• Purpose: Email marketing and newsletter communications (with Your consent)
• Data Shared: Email address, name (only for users who opt-in to marketing)
• Location: European Union
• Privacy Policy: https://www.mailerlite.com/legal/privacy-policy
• Compliance: GDPR compliant

10. Browser Extension Privacy

10.1 How the Browser Extension Works

The SSFeatures Browser Extension operates entirely within Your browser. It:

• Interacts directly with the HTML and JavaScript on Smartsheet web pages
• Adds UI elements (buttons, menus, dialogs) to enhance Smartsheet
• Calls Smartsheet's own JavaScript functions to perform actions
• Stores all settings in Your browser's Local Storage

10.2 Extension Permissions

The Browser Extension requires certain permissions to function:

10.3 Data Flow

What stays in Your browser:

• All Your Smartsheet data
• Your SSFeatures settings and preferences
• Feature configurations (e.g., sort settings)

What is sent to SSFeatures servers:

• Your Smartsheet email, first name, and last name (for license verification)
• Anonymous feature usage analytics (e.g., "Auto Sort activated")

What is NOT sent:

• Any Smartsheet content, data, or metadata
• Your sort configurations or feature settings
• Any information about Your sheets, reports, or dashboards

10.4 Source Code Transparency

Our Browser Extension source code is fully visible and auditable. Browser extension stores (Chrome, Edge, Firefox, Safari) require unobfuscated code. You can view the source code in Your browser's developer tools under "Sources > SSFeatures > javascript/webpage/webpage-main.js".

10.5 No Remote Code Execution

SSFeatures does not and cannot remotely inject code into Your browser. Browser extension stores explicitly prohibit and detect remote code execution attempts.

11. Data Retention

We retain Your Personal Data only as long as necessary for the purposes described in this Privacy Policy. Specific retention periods are:

Subscription Cancellation vs. Account Deletion

• Subscription Cancellation: Your Account and data remain active. You may resubscribe at any time.
• Account Deletion: Upon Your explicit request, We will delete Your Personal Data in accordance with this policy. Contact [email protected] to request Account deletion.

12. Data Security

We implement robust security measures to protect Your Personal Data:

12.1 Technical Safeguards

• Encryption in Transit: All data transmitted between Your browser and Our servers is encrypted using TLS 1.2 or greater
• Encryption at Rest: Data stored in Our databases is encrypted using AES-256 encryption
• Access Controls: Logical access controls for all servers, systems, and databases
• DDoS Protection: All traffic is proxied through Cloudflare's DDoS protection
• Secure Development: Regular security reviews and code audits

12.2 Organizational Safeguards

• Background Checks: Background checks for employees with access to Personal Data
• Least Privilege Access: Employees have access only to data necessary for their role
• Confidentiality Agreements: All personnel are bound by confidentiality obligations
• Two-Factor Authentication: Required for all internal systems and remote access
• Employee Training: Regular security awareness training
• Access Reviews: Periodic evaluation of access rights with revocation within 2 weeks when no longer needed
• Encrypted Workstations: Full-disk encryption (AES-256) on all employee devices

12.3 Incident Response

• Security Monitoring: Continuous monitoring for suspicious activity
• Incident Notification: We will notify affected users without undue delay (and in any event within 72 hours) of discovering a security incident impacting user data
• Backup and Recovery: Regular backups with tested restore procedures

12.4 Compliance

SSFeatures has achieved SOC 2 Type 1 certification for the period of January 15, 2025 to January 15, 2026. For detailed information about Our security practices, certifications, and procedures, please visit Our Trust Center at https://trust.ssfeatures.com.

13. International Data Transfers

13.1 Data Location

Your Personal Data is processed and stored on servers located in the United States (North America), operated by DigitalOcean.

13.2 Transfer Mechanisms

If You are located outside the United States, Your Personal Data will be transferred to the United States. We rely on the following mechanisms to ensure lawful transfers:

• Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses for transfers from the EEA, UK, and Switzerland
• Data Processing Agreements: We maintain appropriate data processing agreements with Our service providers

13.3 Your Consent

By using the Service, You consent to the transfer of Your Personal Data to the United States and acknowledge that data protection laws in the United States may differ from those in Your country.

14. Your Privacy Rights

14.1 Rights for All Users

Regardless of Your location, You have the right to:

• Access: Request a copy of the Personal Data We hold about You
• Correction: Request correction of inaccurate Personal Data
• Deletion: Request deletion of Your Personal Data
• Data Portability: Request Your data in a machine-readable format
• Opt-Out: Unsubscribe from marketing communications

To exercise these rights, contact Us at [email protected].

14.2 Additional Rights for EEA, UK, and Swiss Residents (GDPR)

If You are located in the European Economic Area, United Kingdom, or Switzerland, You also have the right to:

• Restrict Processing: Request that We limit how We use Your data
• Object to Processing: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Lodge a Complaint: File a complaint with Your local data protection authority

EEA Supervisory Authorities: https://edpb.europa.eu/about-edpb/about-edpb/members_en

UK Information Commissioner's Office: https://ico.org.uk

Swiss Federal Data Protection Authority: https://www.edoeb.admin.ch

14.3 Rights for California Residents (CCPA/CPRA)

If You are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide You with specific rights:

Right to Know

You have the right to request that We disclose:

• Categories of Personal Information collected
• Categories of sources from which Personal Information was collected
• Business or commercial purpose for collecting Personal Information
• Categories of third parties with whom We share Personal Information
• Specific pieces of Personal Information We have collected about You

Right to Delete

You have the right to request deletion of Personal Information We have collected from You, subject to certain exceptions.

Right to Correct

You have the right to request correction of inaccurate Personal Information.

Right to Opt-Out of Sale or Sharing

SSFeatures does not sell Your Personal Information. We do not share Your Personal Information for cross-context behavioral advertising.

Right to Non-Discrimination

We will not discriminate against You for exercising Your privacy rights.

Categories of Personal Information Collected (Past 12 Months)

How to Exercise Your Rights

Submit requests to [email protected]. We will verify Your identity before processing requests. You may designate an authorized agent to make requests on Your behalf.

Response Timing

We will respond to verifiable requests within 45 days. If We need more time (up to 90 days total), We will notify You.

14.4 Rights for Other Jurisdictions

We respect privacy rights under other applicable laws. If You are located in a jurisdiction with specific privacy rights not listed above, please contact Us at [email protected] to discuss how We can assist You.

15. Children's Privacy

The Service is intended for users who are at least 18 years of age, as specified in Our Terms and Conditions. We do not knowingly collect Personal Data from children under the age of 13 (or 16 in certain jurisdictions).

If We become aware that We have collected Personal Data from a child without parental consent, We will take steps to delete that information promptly.

If You believe We have collected information from a child, please contact Us immediately at [email protected].

16. Do Not Track Signals

Our Service does not track users across third-party websites. We do not respond to Do Not Track (DNT) browser signals because We do not engage in cross-site tracking.

The Browser Extension only operates on Smartsheet domains and does not track Your activity on other websites.

17. Automated Decision-Making

SSFeatures does not use automated decision-making or profiling that produces legal effects or similarly significant effects on You.

18. Links to Third-Party Websites

Our Service may contain links to third-party websites or services that are not owned or controlled by SSFeatures, including Smartsheet.com.

We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. We encourage You to review the privacy policies of any third-party sites You visit.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When We make changes:

• We will update the "Last Updated" date at the top of this Privacy Policy
• For material changes, We will notify You via email to the address associated with Your Account at least 30 days before the changes take effect
• We will post the updated Privacy Policy on Our Website

Your continued use of the Service after the effective date of any changes constitutes Your acceptance of the revised Privacy Policy.

We encourage You to review this Privacy Policy periodically.

20. Contact Us

If You have any questions, concerns, or requests regarding this Privacy Policy or Our data practices, please contact Us:

SSFeatures, LLC

• Email: [email protected]
• Website: https://ssfeatures.com/contact
• Trust Center: https://trust.ssfeatures.com

For Privacy-Specific Inquiries:

Please include "Privacy Inquiry" in the subject line of Your email.

Response Time:

We aim to respond to all inquiries within 5 business days.

21. Additional Information

21.1 Smartsheet Relationship

SSFeatures is an independent company and is not affiliated with, endorsed by, or officially connected to Smartsheet Inc. Smartsheet is a trademark of Smartsheet Inc. Our Browser Extension is designed to enhance Your Smartsheet experience but operates independently of Smartsheet's systems.

21.2 Trust Center

For comprehensive information about Our security practices, compliance certifications, and data protection measures, please visit Our Trust Center at https://trust.ssfeatures.com.

21.3 Questions About Specific Features

If You have privacy or security questions about a specific SSFeatures feature, please visit Our Features page at https://ssfeatures.com/features or contact Us directly.

By using the SSFeatures Service, You acknowledge that You have read and understood this Privacy Policy.