Security

We know how important it is to protect sensitive data, and we have designed SSFeatures with both security and privacy as our number one focus. This page answers the most frequently asked questions about security.

If this page does not answer your question, and you have a security question about a specific feature, please visit the Features page for answers about that specific feature. Alternatively Contact us and send us your question directly and we will promptly respond.

Frequently Asked Questions - Security

Do you ever send any of my SmartSheet data from my browser to your servers?

Absolutely not. The SSFeatures extension stores all your data within your browser's local storage using your browser's local storage API. We do not send any of this data to our servers or save it in our databases.

However, we do send the email address you use to log into SmartSheet to our server to verify that you are on the free trial or have a paid subscription.

Do you ever store any of my SmartSheet data in your databases?

Absolutely not. We do not even send any of your data from your browser to our servers.

Why does the browser extension require permission 'storage'?

The browser extension requires the 'storage' permission to save your settings within your browser. This allows us to store your settings locally without sending any data to our servers or database. For example, when you enter sort settings in the SmartSheet sort popup, we save those settings in the browser storage so we can automatically fill out the window for you the next time you open it.

This is crucial to ensure that we never have to send any of your data to our servers.

Why does the browser extension require "host permissions"?

We designed SSFeatures to be as user-friendly as possible, with a key goal of integrating our features directly into the SmartSheet web application. For example, we aimed to add a 'Sort Automatically' checkbox directly onto the webpage to enhance the user experience. To achieve this, browsers require us to add a script onto the SmartSheet webpage, enabling interaction with all of SmartSheet's HTML elements.

This approach also allows us to call SmartSheet's code directly. For instance, instead of implementing our own data sort function, we can use SmartSheet's built-in data sort function directly.

Is communication from the extension encrypted in transit with TLS 1.2 or greater?

Yes

Do you utilize full-disk encryption (AES-256 or greater) solution for all employee computers?

Yes

Would my SSFeatures Dashboard data be removed from your server if requested?

Yes, please contact us using the "Contact Us" page.

In case of any security incidents impacting SSFeatures extension or dashboard user data, will I be notified within 24 hours?

Yes

Will any of my information be shared with another entity, software, or 3rd party?

Which Cloud Provider do you use to process or store data?

DigitalOcean

Where are the physical locations where the data will be stored?

North America

Does SSFeatures require access to my organization's network?

Does SSFeatures require a software agent running on my organization's hosts?

Does SSFeatures require a connection to my organization's network whatsoever?

No, you can use SSFeatures from any network that you wish.

Do you use a "least access" model with users and employees gaining access only to what they need?

Yes

Do you have logical access controls for your servers, systems, and databases?

Yes

Is access to SSFeatures data logged and reviewed internally?

Yes

For your internal systems, is there a process to periodically evaluate whether access is still needed?

Yes

For your internal systems, when access is no longer needed, is it removed within a reasonable time frame?

Yes, within 2 weeks of the periodic evaluation.

Do you require 2-factor authentication (2FA) for remote access into your internal network?

Yes

Do you have protections against brute force login attempts?

Yes

Do you have protection against DDoS attacks?

Yes

Is technical maintenance only executed from secured maintenance workstations with encrypted hard drives?

Yes

When accessed from a public network location, is the maintenance environment only accessible with a strong (multi-factor) authentication?

Yes

Is there a backup and restore plan for when things go wrong during maintenance?

Yes

Is there a description of the information system, operating procedures, and configuration?

Yes

Do users have the ability to upload or store information within SSFeatures?

Does the SSFeatures extension push data to another party, other than SmartSheet?

Does any third party have the ability to remote access the servers or databases?