FAQs

Quick answers about Grid Tools.

Payments, pricing, security, privacy, and the dashboard. For feature questions, see Features.

Purchasing and Pricing

Plans, payments, and access.

What's included in Free?

Basic column navigation and selection at no cost. Download Grid Tools, open Smartsheet, and start using it immediately. Upgrade to Pro anytime for the full toolkit.

What does Pro add?

Advanced grid and bulk-management tools, workflow editor utilities, quality-of-life enhancements, and navigation tools. Subscribe monthly or annually.

What payment methods are accepted?

Via Stripe: major credit cards, digital wallets, and bank transfers.

How do I cancel?

Account and License Management

Users, licenses, and admin controls.

How do I update my payment method?

Can I adjust my license count?

Yes. Dashboard > Subscriptions > Manage Payments. Additions apply immediately; removals take effect at the end of the billing cycle.

How do I manage team licenses?

Sign In > Dashboard > Manage Users. Add users by Smartsheet email or add a company domain for automatic access. Usage is tracked against your license count. Changes can be made at any time.

How do I set up company-wide access?

Sign In > Dashboard > Manage Users > Domains. Add your company domain. Access is granted automatically to all matching emails. Usage is monitored over 90 days; you'll be notified when nearing your license limit.

Can I add more admins?

Yes. Add admins in the dashboard to share license management responsibilities.

Can I transfer account ownership?

Yes. Contact us to arrange a transfer.

Security and Privacy

Data handling, permissions, and infrastructure.

Does my Smartsheet data leave my browser?

No. All Smartsheet data stays in browser local storage. The only server communication is your Smartsheet email address for subscription verification and anonymous usage counts (action names and timestamps) to enforce plan limits.

Do you store my Smartsheet data?

No. Your data never reaches our servers, so it is never stored.

Is my data shared with third parties?

No. Never.

Does Smartsheet data go to third parties?

No. Never.

Can users upload data to Grid Tools?

No. No upload or storage capability.

Can I request data deletion?

Yes. Contact us.

Breach notification timeline?

Within 24 hours of a confirmed incident affecting user data.

Why the 'storage' permission?

To save your settings (e.g., dark theme preference) locally in the browser. No data is sent to our servers — that's the point of using local storage.

Why host permissions?

Grid Tools embeds controls directly into the Smartsheet interface. Host permissions are required by browsers for this integration. This also lets us call Smartsheet's native functions instead of building our own.

Does Grid Tools tamper with Smartsheet's code?

No. Smartsheet's code is unobfuscated. Grid Tools calls it directly without modification.

Is the source code visible?

Yes. Dev Tools > Sources > Grid Tools to browse all source files. Chrome and Firefox extension stores require all code to be visible and auditable.

Can you inject code remotely?

No. Extension stores detect and block remote code injection. See Chrome's remote code policy and W3C enforcement examples.

Network access required?

No. Grid Tools runs entirely in the browser.

Any agents or host software required?

No. Browser extension only — no host agents.

Any network requirements?

None. Works from any network.

Is data encrypted in transit?

Yes. TLS 1.2 or greater for all server communication.

Full-disk encryption on employee machines?

Yes. AES-256 or greater on all workstations.

Cloud provider?

Cloudflare.

Server locations?

North America.

DDoS protection?

Yes. All traffic proxied through Cloudflare.

Least-privilege access model?

Yes. All internal access follows least-privilege principles.

Logical access controls in place?

Yes. Role-based access controls on all servers, systems, and databases.

Is data access logged?

Yes. All access is logged and reviewed regularly.

Periodic access reviews?

Yes. Conducted regularly to ensure permissions remain appropriate.

Timeline for revoking unneeded access?

Within 2 weeks of periodic evaluation.

2FA for remote access?

Yes. Required for all remote access.

Brute-force protection?

Yes. Rate limiting and account lockout.

Secured maintenance workstations?

Yes. Encrypted hard drives required.

MFA for public-network maintenance access?

Yes. Required.

Backup and restore procedures?

Yes. Documented for all maintenance operations.

System documentation maintained?

Yes. Architecture, procedures, and configuration are documented internally.

Third-party server access?

No. Internal personnel only.

Still have a question?

If your question isn't covered here, reach out directly.