Trust Center
Privacy
At Smartsheet, we take a global approach to privacy that aligns with international standards and practices for data processing and recognized privacy principles. The information below explains how we collect, use, and share personal data, as well as your related rights or choices regarding how we manage that data.
Privacy Notice
At Smartsheet, we value your privacy and respect your right to know how information about you is collected and used. Our privacy notice describes how Smartsheet collects, uses, and discloses personal and other information we gather through our websites, our mobile applications, and the Smartsheet work execution platform including Brandfolder, Resource Management and Bridge.
Privacy Practices
Smartsheet is committed to respecting privacy rights and treating personal data with the utmost care. Smartsheet takes a global approach to privacy that adheres to standard international practices for data handling and recognized privacy principles.
Review our Privacy FAQs ›
Learn more about Smartsheet Privacy Practices ›
ISO/IEC 27701:2019
Smartsheet operates an ISO/IEC 27701:2019 compliant privacy program. The requirements of this standard can be mapped to and help comply with data privacy laws and regulations like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a European regulation that took effect on May 25, 2018, and sets out standards for the protection and processing of personal data. Learn more about Smartsheet and the GDPR, including how to request a Data Processing Agreement (DPA) with Smartsheet as a data processor.
International Data Transfers
On June 7, 2021, the European Commission (EC) published the final version of new Standard Contractual Clauses (SCCs) for the transfer of EU personal data to third countries, such as the United States. The new SCCs went into effect on September 27, 2021, and provide much-needed clarity for personal data transfers outside of the European Union following last year’s Court of Justice of the European Union’s (CJEU) decision in the Schrems II case.
Data Access and Transfers
Smartsheet is committed to transparency, especially as it relates to where data is hosted, where it may be transferred for our internal business purposes, and where it may be accessed (e.g., for Technical Support).
Learn more about Regional Hosting, Data Access and Transfers ›
Exercise Privacy Rights
You may have certain rights relating to your personal data under local data protection laws (e.g., the General Data Protection Regulation, the California Consumer Privacy Act, etc.) or based on your use of our Offerings. Our privacy notice includes more information about these rights. To exercise these rights please complete the form below.
Smartsheet Subprocessors
Smartsheet engages third-party service providers that process the content customers choose to upload or submit to an online subscription service on our behalf in connection with the provision of our services to customers ("Subprocessors").
Privacy is fundamentally about ensuring our customers trust Smartsheet to process their data appropriately. Providing transparency in our privacy and data practices is key to building and maintaining that customer trust.