Smartsheet User Agreement
BY CLICKING A BOX INDICATING ACCEPTANCE OF, OR EXECUTING AN ORDER THAT INCORPORATES, THIS USER AGREEMENT (“Agreement”), THE IDENTIFIED INDIVIDUAL, ORGANIZATION, OR OTHER LEGAL ENTITY (“Customer”) AGREES THE TERMS AND CONDITIONS OF THIS AGREEMENT GOVERN CUSTOMER’S ACCESS TO AND USE OF THE SERVICES PROVIDED BY SMARTSHEET INC. ("Smartsheet"). THIS AGREEMENT IS EFFECTIVE AS OF THE DATE OF SUCH ACCEPTANCE OR EXECUTION (“Effective Date”). IF ANY TERMS OR CONDITIONS IN THE SMARTSHEET AGREEMENT SUPPLEMENT APPLY TO CUSTOMER (e.g., if customer is a U.S. government entity or educational institution) OR A SPECIFIC SERVICE (e.g., Smartsheet Gov or Event Reporting), THOSE TERMS AND CONDITIONS ARE ALSO INCORPORATED HEREIN BY REFERENCE AND FORM PART OF THIS AGREEMENT.
ANY INDIVIDUAL AGREEING TO BE BOUND BY THIS AGREEMENT ON BEHALF OF AN ORGANIZATION OR OTHER LEGAL ENTITY REPRESENTS THAT SUCH INDIVIDUAL HAS THE AUTHORITY TO BIND SUCH ENTITY TO THE TERMS AND CONDITIONS CONTAINED HEREIN.
CUSTOMER SHALL NOT ACCESS OR USE THE SERVICES WITHOUT PRIOR WRITTEN CONSENT OF SMARTSHEET IF CUSTOMER IS OR BECOMES A DIRECT COMPETITOR TO SMARTSHEET OR ITS AFFILIATES.
- 1.1 Right to Access and Use. Subject to the terms and conditions of this Agreement and in consideration of the fees specified in any Order or SOW, Smartsheet hereby grants Customer a worldwide, non-exclusive, non-transferable right to access and use Smartsheet’s online Services during the applicable Term for Customer’s own business purposes. Users may exercise such limited right on behalf of Customer.
- 1.2 Restrictions. Customer’s access to and use of the Services during any Term is subject to the applicable restrictions in an Order, SOW, and Smartsheet’s Limits Policy and Acceptable Use Policy available on the Site as of such Term’s start date. Customer shall not permit a set of login credentials for a Service to be used by more than one User and shall not commercially sell, resell, license, sublicense, distribute, or frame the Services to a third party. Customer shall access and use the Services in compliance with this Agreement, the Documentation, and applicable laws and regulations, and shall promptly notify Smartsheet of any known unauthorized access or use. Customer is responsible for Users’ access to and use of the Services.
2. Security and Processing.
- 2.1 Security. Smartsheet has implemented and will maintain information security policies and safeguards as described in Schedule 1 (Security Practices) to this Agreement, which include physical, organizational, and technical measures designed to preserve the security, integrity, and confidentiality of Customer Content and to protect against information security threats. Smartsheet may update such security policies and safeguards from time to time, provided that any such update does not materially reduce the overall level of security or commitments as described in Schedule 1.
- 2.2 Processing. Customer represents and warrants that it has all rights, permissions, and consents necessary to: (a) submit all Customer Content to the Services; and (b) grant Smartsheet the limited rights to process Customer Content for the provision of the Services. Customer hereby grants Smartsheet a worldwide, non-exclusive, non-transferable, right to use and otherwise process Customer Content under this Agreement only: (x) as required by applicable law; (y) as requested by Customer in writing or as allowed by Customer via a Service’s access controls; and (z) as necessary to provide the Services and prevent or address technical problems with the Services or violations of this Agreement. Smartsheet’s limited right to process Customer Content hereunder will not excuse any obligation of Smartsheet relating to Customer Content under this Agreement. If Customer requires, in its sole discretion, specific terms for processing Customer Content which includes personal information, Customer may submit a form agreeing to the terms of the Data Processing Addendum ("DPA") at www.smartsheet.com/legal, and the DPA on the Site at the time of such submission will be incorporated into this Agreement on the date of such submission or the Effective Date, whichever is later.
- 2.3 Subcontractors. Smartsheet may engage subcontractors to act on Smartsheet’s behalf in connection with Smartsheet’s provision of the Services, including processing Customer Content, provided that: (a) such subcontractors are subject to applicable confidentiality and data security obligations that are substantially as protective as those set forth in this Agreement; and (b) Smartsheet is responsible for such subcontractors’ acts and omissions in relation to Smartsheet’s obligations under this Agreement.
3. Intellectual Property and Proprietary Rights.
- 3.1 Smartsheet. As between the parties, all right, title, and interest in and to Smartsheet Properties is owned by Smartsheet notwithstanding any other provision in this Agreement. Except as expressly set forth in this Agreement, Smartsheet does not convey any rights to Customer or any User.
- 3.2 Customer. As between the parties, Customer retains all its right, title, and interest in and to Customer’s Confidential Information, including Customer Content, and all intellectual property and proprietary rights therein. Except as expressly set forth in this Agreement, Smartsheet acquires no right, title, or interest from Customer under this Agreement in or to Customer Content.
- 3.3 Feedback. Customer grants Smartsheet a worldwide, irrevocable, perpetual, sublicensable, transferable, non-exclusive license to use and incorporate into Smartsheet’s products and services any feedback or suggestions for enhancement that Customer or a User provides to Smartsheet (“Feedback”), without any obligation of compensation. Feedback is provided by Customer “as-is,” without representations or warranties, either express or implied, including any warranties of merchantability or fitness for a particular purpose.
4. Ancillary Services; Third Party Products.
- 4.1 Professional Services. Smartsheet and Customer may enter into SOWs or Orders under this Agreement for the provision of Professional Services. If Smartsheet provides Professional Services to Customer, Customer’s rights to access and use Customizations resulting from such Professional Services are subject to the limitations and restrictions set forth in Section 1 (Services) of this Agreement.
- 4.2 Smartsheet API. Smartsheet may make an application programming interface or other similar development tools available within an online Service which establishes an interface with such Service (“Smartsheet API”). Unless Customer has entered into Smartsheet's separate developer agreement and Smartsheet has provided Customer with an application ID for authentication purposes, Customer shall not use or enable a third party to use any Smartsheet API: (a) in a manner that causes Customer to exceed the limits of its authorized use of the applicable Service as set forth in this Agreement or an applicable Order; or (b) to access a Smartsheet account not otherwise controlled by Customer.
- 4.3 Free Services. Smartsheet may make an online Service available with a clear and conspicuous written notice specifying that the Service is provided free of charge, on a trial basis and/or to be used at your own risk (“Free Services”). Notwithstanding any other provision of this Agreement, Customer acknowledges and agrees that: (a) Free Services are made available without any support, maintenance, warranty, commitment to availability, security, or accuracy, or other related obligation of any kind under this Agreement, unless otherwise required by applicable law; (b) Free Services may not include or allow access to all features and functionality available to paying customers; (c) Smartsheet may terminate the use of a Free Service at any time, unless otherwise specified in writing, and Smartsheet will not be liable for such termination; (d) data, information, and content submitted to a Free Service may be permanently lost, and Smartsheet will not be liable for such loss; and (e) if Customer has not provided a billing address to Smartsheet in connection with its access to and use of Free Services, all notices required under this Agreement will be sent via email.
- 4.4 Third Party Products. If Customer separately procures services, applications, or online content from a third party (“Third Party Products”) for use with the Services, any such use is subject to the end-user license or use agreement that Customer accepts from or establishes with the third party. Third Party Products are not Services and, as between the parties, Smartsheet has no liability with respect to Customer’s procurement or use of Third Party Products.
5. Fees and Payment.
- 5.1 Fees. Customer will pay Service fees specified in each Order or SOW. All Service fees are nonrefundable once paid except as otherwise expressly provided in this Agreement or the applicable Order or SOW. Smartsheet may increase the unit price specified in an Order for any Renewal Term upon written notice to Customer (including via email), provided that if the number of units purchased by Customer for such Renewal Term is equal or greater than the number of units up for renewal, then such notice must be provided at least forty-five (45) days prior to the start of the Renewal Term. Unless otherwise agreed in a SOW, Customer will reimburse Smartsheet for reasonable, out-of-pocket expenses incurred by Smartsheet in the course of providing Professional Services in accordance with Smartsheet’s Travel and Expense Policy.
- 5.2 Payment. Unless otherwise provided in the applicable Order or SOW, Smartsheet will charge Customer for Subscription Service fees on an annual basis in advance and Professional Service fees on a time and materials basis monthly in arrears, and all amounts due under this Agreement are payable in United States dollars net thirty (30) days from the date of the invoice. Customer agrees to promptly notify Smartsheet in writing of any changes to its billing information during any Term. Smartsheet reserves the right to correct any billing errors or mistakes that Smartsheet identifies in an invoice or after a payment is received. Smartsheet may accept payment in any amount without prejudice to Smartsheet’s right to recover the balance of the amount due under an Order or SOW or to pursue any other right or remedy. Amounts due to Smartsheet from Customer shall not be withheld or offset against amounts due or alleged to be due to Customer from Smartsheet. Except as prohibited by law, Smartsheet may charge a late fee of one and one-half percent (1.5%) per month on past due amounts. If Customer requires a purchase order, vendor registration form, or other documentation, such requirement will in no way relieve, affect, or delay Customer’s obligation to pay any amounts due hereunder.
- 5.3 Taxes. Other than income taxes imposed on Smartsheet, Customer will bear all taxes, duties, VAT, and all other governmental charges (collectively, “Taxes”) resulting from this Agreement. If Customer is exempt from any applicable Taxes, Customer will provide evidence reasonably satisfactory to Smartsheet of Customer’s tax-exempt status and, after receipt of such evidence, Smartsheet will not charge Customer any Taxes from which it is exempt. If it is determined that payments due under this Agreement are subject to withholding Taxes, Customer shall notify Smartsheet prior to deducting any such Taxes. Customer shall: (a) only withhold amounts required under law; (b) make timely payment to the proper taxing authority of such withheld amount; and (c) provide Smartsheet with proof of such payment within thirty (30) days following that payment.
- 5.4 Affiliates. Customer’s Affiliates may purchase Services under this Agreement by executing an Order or SOW. Each Order or SOW is a separate contract between Smartsheet and the Affiliate that executes it, and such Affiliate will be deemed “Customer” as used in this Agreement with respect to such Order or SOW.
- 5.5 Resellers. Customer may elect to purchase certain Services through a reseller authorized by Smartsheet (“Reseller”). Customer’s obligation for payment to, and its relationship with, any Reseller is between Customer and such Reseller, and Customer must direct any claims for refunds owed hereunder to such Reseller.
- 6.1 Confidential Information. “Confidential Information” means all non-public, proprietary, business, technical, legal, or financial information disclosed or learned in connection with this Agreement that the Disclosing Party has identified as confidential at the time of disclosure or that, based on the nature of the information or circumstances surrounding its disclosure, the Receiving Party would clearly understand it as confidential. Confidential Information includes Smartsheet Properties with regard to Smartsheet and Customer Content with regard to Customer. Notwithstanding the foregoing definition, Confidential Information does not include: (a) information that was generally known to the public at the time disclosed to the Receiving Party; (b) information that becomes generally known to the public (other than through a breach of Section 6 (Confidentiality) by the Receiving Party) after disclosure to the Receiving Party; (c) information that was in the Receiving Party’s possession free of any obligation of confidentiality prior to disclosure by the Disclosing Party; (d) information that is rightfully received by the Receiving Party from a third party without any restriction on disclosure; or (e) information that was independently developed by the Receiving Party without reference to or use of Disclosing Party’s Confidential Information. ALL CONFIDENTIAL INFORMATION IS PROVIDED “AS IS.” EXCEPT FOR THE WARRANTIES EXPRESSLY STATED IN THIS AGREEMENT, NEITHER PARTY MAKES ANY WARRANTIES, EXPRESSED OR IMPLIED, CONCERNING THE ACCURACY OR COMPLETENESS OF ITS CONFIDENTIAL INFORMATION.
- 6.2 Use and Disclosure of Confidential Information. The Receiving Party: (a) will not use the Disclosing Party’s Confidential Information for any purpose except as permitted under this Agreement; (b) will not disclose, give access to, or distribute any of the Disclosing Party’s Confidential Information to any third party, except to the extent expressly authorized in this Agreement or a separate written agreement signed by the Disclosing Party; and (c) will take reasonable security precautions (which will be at least as protective as the precautions it takes to preserve its own Confidential Information of a similar nature) to safeguard the Disclosing Party’s Confidential Information. Notwithstanding the foregoing, the Receiving Party may disclose Confidential Information to those of its employees, directors, Affiliates, advisors, agents, contractors, and other representatives (“Representatives”) who need to know such information in order to exercise their respective rights and obligations hereunder, provided that each such Representative is bound to protect the Confidential Information by confidentiality obligations substantially as protective as those set forth in this Agreement. The Receiving Party will be responsible for its Representatives’ disclosure or use of the Disclosing Party’s Confidential Information in violation of Section 6 (Confidentiality). The Receiving Party will promptly notify the Disclosing Party in writing upon discovery of any unauthorized disclosure or use of the Disclosing Party’s Confidential Information, or any other breach of Section 6, by it or its Representatives. The Receiving Party’s obligations set forth in Section 6 will remain in effect during the Term and for three (3) years after termination of this Agreement. The disclosure of Confidential Information to the Receiving Party does not grant or convey any right of ownership of such Confidential Information.
- 6.3 Required Disclosures. The Receiving Party may disclose Confidential Information to the extent required by law or legal process, provided, however, the Receiving Party will (unless prohibited by law or legal process): (a) give the Disclosing Party prior written notice of such disclosure to afford the Disclosing Party a reasonable opportunity to appear, object, and obtain a protective order or other appropriate relief regarding such disclosure; (b) use diligent efforts to limit disclosure to that which is legally required; and (c) reasonably cooperate with the Disclosing Party, at the Disclosing Party’s expense, in its efforts to obtain a protective order or other legally available means of protection.
- 6.4 Return and Deletion. Upon written request by the Disclosing Party, the Receiving Party will, without undue delay: (a) either return or destroy all tangible documents and media in its possession or control that contain the Disclosing Party’s Confidential Information; (b) delete electronically stored Confidential Information of the Disclosing Party in its possession or control; and (c) certify its compliance with this Section 6.4 in writing. Notwithstanding the foregoing: (x) the Receiving Party will not be obligated to render unrecoverable Confidential Information of the Disclosing Party that is contained in an archived computer system backup made in accordance with the Receiving Party's legal and financial compliance obligations or security and disaster recovery procedure; and (y) Smartsheet shall return and delete Customer Content as set forth in Section 10.4 (Return and Deletion of Customer Content). Any such retained Confidential Information will remain subject to Section 6 (Confidentiality).
- 6.5 Remedies. The Receiving Party acknowledges that any actual or threatened breach of Section 6 (Confidentiality) may cause irreparable, non-monetary injury to the Disclosing Party, the extent of which may be difficult to ascertain. Accordingly, the Disclosing Party is entitled to (but not required to) seek injunctive relief to prevent or mitigate any breaches of Section 6 with respect to the Disclosing Party’s Confidential Information or any damages that may otherwise result from those breaches.
7. Representations and Warranties.
- 7.1 Authority and Compliance Warranty. Smartsheet represents and warrants that it has the necessary authority to enter into this Agreement and that Smartsheet shall comply with any United States laws and regulations to the extent such laws and regulations apply to Smartsheet’s provision of the Services under this Agreement. For the avoidance of doubt, Smartsheet shall not be responsible for Customer’s compliance with any laws and regulations applicable to Customer and its industry.
- 7.2 Limited Warranty for Online Services. Smartsheet represents and warrants that the online Services will operate during the applicable Term substantially as described in the applicable Documentation. Upon receipt of Customer’s written notice of any alleged failure to comply with this warranty, Smartsheet will use commercially reasonable efforts to cure or correct the failure. If Smartsheet has not cured or corrected the failure within thirty (30) days following its receipt of such notice, then Customer may terminate the applicable Order and Smartsheet shall issue a refund of prepaid fees covering the terminated portion of the Subscription Services. Notwithstanding the foregoing, this warranty will not apply to any failure due to a defect in or modification of a Subscription Service that is caused or made by Customer, any User, or any person acting at Customer’s direction. This Section 7.2 sets forth Customer’s exclusive rights and remedies and Smartsheet’s sole liability in connection with this warranty.
- 7.3 Limited Warranty for Professional Services. Smartsheet represents and warrants that the Professional Services will be provided in a competent and workmanlike manner in accordance with the Order or SOW, as applicable. Customer must notify Smartsheet in writing of any alleged failure to comply with this warranty within thirty (30) days following delivery of the Professional Services. Upon receipt of such notice, Smartsheet will either: (a) use commercially reasonable efforts to cure or correct the failure; or (b) terminate the Professional Services and issue a refund of prepaid fees covering the terminated portion of the Professional Services. This Section 7.3 sets forth Customer’s exclusive rights and remedies and Smartsheet’s sole liability in connection with this warranty.
- 7.4 Disclaimer. EXCEPT FOR THE REPRESENTATIONS AND WARRANTIES EXPRESSLY STATED IN THIS AGREEMENT, SMARTSHEET MAKES NO REPRESENTATIONS AND DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, SMARTSHEET SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, COMPLIANCE WITH LAWS, NON-INFRINGEMENT, AND ACCURACY, AND SMARTSHEET DOES NOT WARRANT THAT THE SERVICES OR THIRD-PARTY APPLICATIONS AND SERVICES WILL BE ERROR-FREE OR OPERATE WITHOUT INTERRUPTIONS OR DOWNTIME.
- 8.1 By Smartsheet. Smartsheet will defend Customer and its respective officers, directors, and employees (“Customer Indemnified Parties”) from and against any claims, demands, proceedings, investigations, or suits brought by a third party alleging that Customer’s use of the Services or Customizations in accordance with this Agreement infringes any third party intellectual property rights (each, a “Claim Against Customer”). Smartsheet will indemnify Customer Indemnified Parties for any finally awarded damages or settlement amount approved by Smartsheet in writing to the extent arising from a Claim Against Customer, and any reasonable attorneys’ fees of Customer associated with initially responding to a Claim Against Customer. Notwithstanding the foregoing, Smartsheet will have no obligation under this Section 8.1 to the extent any Claim Against Customer arises from: (a) Customer’s use of the Services or Customizations in combination with technology or services not provided by Smartsheet, if the Services or Customizations or use thereof would not infringe without such combination; (b) Customer Content; (c) Smartsheet’s compliance with designs, specifications, or instructions provided in writing by Customer if such infringement would not have occurred but for such designs, specifications, or instructions; or (d) use of the Services or Customizations by Customer after notice by Smartsheet to discontinue use. If Customer is enjoined or otherwise prohibited from using any of the Services or Customizations or a portion thereof based on a Claim Against Customer, then Smartsheet will, at Smartsheet’s sole expense and option, either: (x) obtain for Customer the right to use the allegedly infringing portions of the Service or Customizations; (y) modify the allegedly infringing portion of the Service or Customizations so as to render it non-infringing without substantially diminishing or impairing its functionality; or (z) replace the allegedly infringing portions of the Service or Customizations with non-infringing items of substantially similar functionality. If Smartsheet determines that the foregoing remedies are not commercially reasonable or possible, then Smartsheet will terminate the applicable Order or SOW and issue a refund of prepaid fees covering the terminated portion of the applicable Service.
- 8.2 By Customer. To the extent permitted by applicable law, Customer will defend Smartsheet and Smartsheet’s Affiliates providing the Services, and their respective officers, directors, and employees (“Smartsheet Indemnified Parties”) from and against any claims, demands, proceedings, investigations, or suits brought by a third party arising out of Customer Content or Customer’s use of the Services or Customizations in violation of applicable law (each, a “Claim Against Smartsheet”). Customer will indemnify Smartsheet Indemnified Parties for any finally awarded damages or settlement amount approved by Customer in writing to the extent arising from a Claim Against Smartsheet, and any reasonable attorneys’ fees of Smartsheet associated with initially responding to a Claim Against Smartsheet.
- 8.3 Conditions. The indemnifying party’s obligations under Section 8 (Indemnification) are contingent on the indemnified party: (a) promptly providing written notice of the claim to the indemnifying party, provided that the indemnifying party shall not be excused from its indemnity obligations for the indemnified party’s failure to provide prompt notice except to the extent that the indemnifying party is materially prejudiced thereby; (b) giving the indemnifying party sole control of the defense and settlement of the claim, provided that any settlement unconditionally releases the indemnified party of all liability and does not make any admissions on behalf of the indemnified party or include payment of any amounts by the indemnified party; and (c) providing the indemnifying party, at the indemnifying party’s expense, all reasonable assistance in connection with such claim. The indemnified party may participate in the defense of the claim at its sole cost and expense. Section 8 sets forth the indemnifying party’s sole liability to, and the indemnified party’s exclusive remedy for, any type of claim or action described in Section 8.
9. Limitations of Liability.
TO THE EXTENT PERMITTED BY LAW, NEITHER PARTY WILL BE LIABLE FOR ANY LOST PROFITS, GOODWILL, OR REVENUES OR FOR ANY INCIDENTAL, CONSEQUENTIAL, SPECIAL, INDIRECT, COVER, BUSINESS INTERRUPTION, OR PUNITIVE DAMAGES IN CONNECTION WITH ANY CLAIM OF ANY NATURE, WHETHER IN CONTRACT, TORT, OR UNDER ANY THEORY OF LIABILITY, ARISING UNDER THIS AGREEMENT, EVEN IF A PARTY HAS BEEN GIVEN ADVANCE NOTICE OF SUCH POSSIBLE DAMAGES OR IF A PARTY’S REMEDY OTHERWISE FAILS OF ITS ESSENTIAL PURPOSE.
TO THE EXTENT PERMITTED BY LAW, EACH PARTY’S ENTIRE LIABILITY UNDER THIS AGREEMENT WILL NOT EXCEED THE FEES PAID BY CUSTOMER TO SMARTSHEET UNDER THIS AGREEMENT FOR THE SERVICES GIVING RISE TO THE LIABILITY DURING THE TWELVE (12) MONTHS PRIOR TO THE DATE ON WHICH THE LIABILITY AROSE. THE EXISTENCE OF MORE THAN ONE CLAIM WILL NOT ENLARGE THIS LIMIT.
THE FOREGOING EXCLUSIONS AND LIABILITY LIMITS IN THIS SECTION 9 SHALL NOT APPLY TO DAMAGES OR LIABILITY RESULTING FROM CLAIMS OR OBLIGATIONS ARISING UNDER SECTIONS 1.2 (RESTRICTIONS) OR 8 (INDEMNIFICATION), INFRINGEMENT OR MISAPPROPRIATION BY A PARTY OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR CUSTOMER’S OBLIGATION TO PAY FOR SERVICES OR TAXES UNDER THIS AGREEMENT.
10. Term and Termination.
- 10.1 Term. This Agreement will remain in effect until terminated as set forth herein or by the parties’ mutual written agreement. Orders will remain in effect for the Term of the Services specified in such Order. EACH SERVICE WITH A SUBSCRIPTION-BASED TERM ON AN ORDER WILL AUTOMATICALLY RENEW FOR SUCCESSIVE ONE (1) YEAR RENEWAL TERMS (each, a “Renewal Term”) UNLESS THE PARTIES AGREE OTHERWISE IN THE ORDER OR A PARTY PROVIDES THE OTHER PARTY WRITTEN NOTICE (INCLUDING VIA EMAIL) OF NON-RENEWAL AT LEAST THIRTY (30) DAYS PRIOR TO THE END OF THE THEN-CURRENT TERM. For the avoidance of doubt, any purchases of non-subscription or one-time Services made via an Order will not automatically renew. Each SOW will remain in effect for the period specified therein. If no period is specified, the SOW will terminate once the Professional Services set forth in the SOW have been completed.
- 10.2 Termination for Cause. Either party may terminate a Service or this Agreement immediately upon written notice if the other party breaches any material provision of an Order, SOW, or this Agreement, and fails to cure the breach within thirty (30) days of such written notice from the non-breaching party.
- 10.3 Effect of Termination. Upon termination of this Agreement for any reason: (a) all Orders and SOWs under this Agreement will terminate; and (b) all rights and obligations of the parties hereunder will cease (except as set forth in Section 10.6 (Survival)). If Customer terminates a Service or this Agreement for Smartsheet’s uncured breach pursuant to Section 10.2 (Termination for Cause), Smartsheet shall issue a refund of prepaid fees covering the terminated portion of each Services’ respective Term and, if applicable, Partner Apps. If Smartsheet terminates a Service or this Agreement for Customer’s uncured breach pursuant to Section 10.2, Customer shall pay any outstanding amounts payable under this Agreement for the Term applicable to any terminated Service and, if applicable, Partner Apps. Customer will remain obligated to pay for Professional Services rendered through, or payable as of, the effective date such Professional Services are terminated.
- 10.4 Return and Deletion of Customer Content. At any time during the Term, Customer may download a backup copy of Customer Content (with file attachments in their native formats and all other Customer Content in an industry standard export format) from an online Service by using a self-service feature, or may request such backup copy by written notice to Smartsheet if such feature is not available. Upon Customer’s written request at the time of termination or expiration of any Term, Customer’s SysAdmin will be allowed read-only access to an online Service for thirty (30) days following such date of termination or expiration for the sole purpose of downloading a backup copy of Customer Content. Within one hundred eighty (180) days following termination or expiration of any Term, Smartsheet will delete and render Customer Content unrecoverable and, upon Customer’s written request, certify such process in writing. Notwithstanding the foregoing, Smartsheet may retain copies of Customer Content as part of records, documents, or broader data sets in accordance with Smartsheet’s legal and financial compliance obligations, provided that Smartsheet continues to comply with all the requirements of the Agreement in relation to any such retained Customer Content.
- 10.5 Suspension. Smartsheet may suspend Customer’s access to any Service immediately if: (a) Customer fails to make a payment for more than fifteen (15) days following its due date; or (b) Customer has, or Smartsheet reasonably suspects based on documented evidence that Customer has, breached Section 1.2 (Restrictions) or misappropriated or infringed Smartsheet’s intellectual property or proprietary rights.
- 10.6 Survival. The following Sections will survive termination or expiration of this Agreement: 2.2 (Processing); 3 (Intellectual Property and Proprietary Rights); 4.3 (Free Services); 5.1 (Fees); 5.2 (Payment); 6 (Confidentiality); 8 (Indemnification); 9 (Limitations of Liability); 10.4 (Return and Deletion of Customer Content); 10.6 (Survival); and, to the extent necessary to effectuate the foregoing, 11 (General).
- 11.1 Insurance. Smartsheet will procure and maintain at its expense commercially reasonable insurance coverage during the Term, evidenced by Smartsheet’s certificate of insurance, which is available on the Site.
- 11.2 Publicity. Unless Customer has notified Smartsheet to the contrary in writing (including via email), Smartsheet may disclose Customer as a customer of Smartsheet, and may use Customer’s name and logo on the Site and in Smartsheet’s promotional materials. Smartsheet will request Customer’s prior written consent for any other uses.
- 11.3 United States Government End-Users. The Services provided by Smartsheet are “commercial items” consisting in part of “commercial computer software” and “computer software documentation,” as such terms are used in the Federal Acquisition Regulation (FAR) and the Defense Federal Acquisition Regulation Supplement (DFARS). In accordance with FAR 12.211 (Technical data) and FAR 12.212 (Computer software), and DFARS 227.7102 (Commercial items, components, or processes) and DFARS 227.7202 (Commercial computer software and commercial computer software documentation), as applicable, the rights of the United States government to use, modify, reproduce, release, perform, display, or disclose computer software, computer software documentation, and technical data furnished in connection with the Services will be pursuant to the terms of this Agreement. This United States government rights clause is in lieu of, and supersedes, any other FAR, DFARS, or other clause or provision that addresses government rights in computer software, computer software documentation, or technical data.
- 11.4 Export Compliance. Each party shall comply with United States export control laws and regulations. Without limiting the foregoing: (a) Customer acknowledges that the Services, Documentation, and Customizations may be subject to United States Export Administration Regulations; (b) Customer will not permit Users to access or use any Service, Documentation, or Customization in a United States embargoed country; and (c) Customer is responsible for complying with any local laws and regulations which may impact Customer’s right to import, export, access, or use the Services, Documentation, and Customizations.
- 11.5 Notices. Except where this Agreement permits notice via email, all notices provided under this Agreement must be in writing and sent via internationally recognized delivery service or certified United States mail. Notices sent via email will be deemed given one (1) business day after being sent, and notices sent via any other authorized delivery method will be deemed given five (5) business days after being sent. Notices must be addressed as follows: if to Smartsheet, Attn: Legal, 10500 NE 8th Street, Suite 1300, Bellevue, WA 98004, and for notices permitted to be sent via email, to [email protected]; and, if to Customer, Attn: Legal at the billing address on record with Smartsheet that was provided by Customer, and for notices permitted to be sent via email, to the then-current SysAdmin(s) email address. Customer may request notification of changes to the Policies and Privacy Notice via www.smartsheet.com/notification-requests.
- 11.6 Assignment. Either party may assign this Agreement and any Orders or SOWs in connection with a merger or similar transaction or to a company acquiring substantially all of its assets, equity, or business, without any requirement to obtain permission for such assignment; otherwise, neither party may assign this Agreement or any Orders or SOWs to a third party without the advance written consent of the other party. Subject to the foregoing and notwithstanding any prohibitions on transferability under this Agreement, the assigning party shall notice the non-assigning party of any permitted assignment and this Agreement and any Orders or SOWs will bind and inure to the benefit of the parties, their successors, and their permitted assigns.
- 11.7 Force Majeure. Neither party is liable for delay or default under this Agreement if caused by conditions beyond its reasonable control. The party suffering from any such conditions shall use reasonable efforts to mitigate against the effects of such conditions.
- 11.8 Amendment; Waiver. Unless otherwise expressly stated herein, this Agreement and any Orders or SOWs may be modified only by a written amendment or agreement executed by an authorized representative of each party. The waiver of any breach of any provision of this Agreement or of any Order or SOW will be effective only if in writing, and no such waiver will operate or be construed as a waiver of any subsequent breach.
- 11.9 Enforceability. If any provision of this Agreement or any Order or SOW is held to be unenforceable, then that provision is to be construed either by modifying it to the minimum extent necessary to make it enforceable (if permitted by law) or disregarding it (if not permitted by law), and the rest of this Agreement or the relevant Order or SOW is to remain in effect as written. Notwithstanding the foregoing, if modifying or disregarding the unenforceable provision would result in failure of an essential purpose of this Agreement or any Order or SOW, the entire Agreement or the relevant Order or SOW will be considered null and void.
- 11.10 Governing Law. This Agreement and any Orders and SOWs are governed by the laws of the State of Washington, without regard to its conflicts of law rules, and each party hereby consents to exclusive jurisdiction and venue in the state and federal courts located in Seattle, Washington for any dispute arising out of this Agreement or any Orders or SOWs.
- 11.11 Entire Agreement; Conflict. This Agreement, together with the Policies, Schedule(s) attached hereto, and, if applicable, the DPA or the Smartsheet Agreement Supplement, and any Orders and SOWs represent the entire agreement between Smartsheet and Customer with respect to the Services. Downloadable Smartsheet software expressly governed by a separate end-user license agreement presented at the time of download or use are not governed by this Agreement. During the electronic provisioning of the online Services, Users will be required to individually acknowledge that certain information collected about them is used as described in such Service’s Privacy Notice, which is available on the Site. In the event of any conflict between this Agreement and any Order or SOW, this Agreement will govern and control unless the Order or SOW expressly and specifically overrides terms or conditions of this Agreement. With respect to any Services, terms and conditions included in the following items, whether submitted or executed before or after the Term start date, are null and void: (a) a Customer purchase order or similar document; (b) a Customer vendor registration form or online portal; and (c) any other contemporaneous or prior agreements or commitments regarding the Services or the other subject matter of this Agreement.
- 11.12 Revisions. Smartsheet reserves the right to revise this Agreement by posting a revised version on the Site, which will be effective five (5) days after posting. Continued use of the Services after the effective date of revision will constitute Customer’s acceptance of the revised Agreement. If Customer objects to the revisions, Customer may terminate any Orders governed by this Agreement by providing written notice to Smartsheet prior to the effective date of revision, provided that Customer will remain obligated to pay amounts due to Smartsheet under such Orders and will not receive a refund of prepaid fees. Customer's termination will be effective upon Smartsheet's written acknowledgement of such termination, and in no event later than thirty (30) days from Smartsheet's receipt of Customer's termination notice.
12. Definitions. Capitalized terms used but not otherwise defined in this Agreement have the following meanings:
- “Affiliate” means any person or entity that owns or controls, is owned or controlled by, or is under common control or ownership with, a party to this Agreement, where “control” is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract, or otherwise.
- “Customer Content” means any data, file attachments, text, images, reports, personal information, or other content that is uploaded or submitted to the online Services by Customer or Users and is processed by Smartsheet on behalf of Customer. For the avoidance of doubt, Customer Content does not include usage, statistical, or technical information that does not reveal the actual contents of Customer Content.
- “Customizations” means all software, code, materials, ideas, deliverables, and items that are conceived, made, discovered, written, or created by Smartsheet’s personnel in connection with providing Professional Services.
- “Disclosing Party” means the party disclosing Confidential Information to the Receiving Party.
- “Documentation” means documentation provided by Smartsheet on the Site that is uniformly available and applicable to all Smartsheet customers and relates to the operation and use of the Services, including user manuals, operating instructions, and release notes, each as updated by Smartsheet from time to time.
- “Order” means an executed ordering document or online order issued or otherwise approved in writing by Smartsheet that incorporates this Agreement by reference and sets forth the commercial details of the Services made available to Customer.
- “Partner App” means a service or application developed and owned by a third party for which Customer purchases a license from Smartsheet under an Order and is made available to Customer exclusively in accordance with the terms and conditions of the end-user license agreements accompanying them, except that the payment provisions of this Agreement will apply.
- “Policies” means the Limits Policy, Acceptable Use Policy, and Travel and Expense Policy, each as found on the Site at www.smartsheet.com/legal and updated by Smartsheet from time to time.
- “Professional Services” means implementation, configuration, integration, training, advisory, and other professional services related to the Services that are specified in an Order or SOW.
- “Receiving Party” means the party receiving or accessing Confidential Information of the Disclosing Party.
- “Services” means the Subscription Services, Professional Services, and any other online service or application provided or controlled by Smartsheet for use with the Subscription Services.
- “Site” means Smartsheet’s website at www.smartsheet.com and any website linked from such website that is owned or controlled by Smartsheet.
- “Smartsheet Properties” means Services, Documentation, and Customizations, and all Smartsheet technology, software, data, methodologies, improvements, and documentation used to provide or made available in connection with Services, Documentation, and Customizations, and all intellectual property and proprietary rights in and to the foregoing.
- “SOW” means a statement of work or similar document that describes and scopes Professional Services, establishes the fees for the Professional Services, and incorporates this Agreement by reference.
- “Subscription Services” means the subscription-based online work collaboration services and applications that are provided by Smartsheet and purchased by Customer.
- “SysAdmin” means a User with certain administrative control rights over Customer’s Service.
- “Term” means the period of authorized access and use of a Service as set forth in an Order.
- “User” means any individual authorized or invited by Customer or another User to access and use the online Services received by Customer from Smartsheet under the terms of this Agreement.
Capitalized terms used but not defined in this Schedule 1 have the meanings ascribed to them in the Agreement.
1. Security Protocols.
- 1.1 Information Security Program. Smartsheet shall maintain a comprehensive written information security program, including policies, standards, procedures, and related documents that establish criteria, means, methods, and measures governing the processing and security of Customer Content and the Smartsheet systems or networks used to process or secure Customer Content in connection with providing the Services (“Smartsheet Information Systems”). Subcontractors engaged by Smartsheet in accordance with the Agreement will maintain (at a minimum) substantially similar levels of security as applicable and required by these Security Practices.
- 1.2 Security Controls. In accordance with its information security program, Smartsheet shall implement appropriate physical, organizational, and technical controls designed to: (a) ensure the security, integrity, and confidentiality of Customer Content accessed, collected, used, stored, or transmitted to or by Smartsheet; and (b) protect Customer Content from known or reasonably anticipated threats or hazards to its security, integrity, accidental loss, alteration, disclosure, and other unlawful forms of processing. Without limiting the foregoing, Smartsheet will, as appropriate, utilize the following controls:
- 1.2.1 Firewalls. Smartsheet will install and maintain firewall(s) to protect data accessible via the Internet.
- 1.2.2 Updates. Smartsheet will maintain programs and routines to keep the Smartsheet Information Systems up to date with the latest upgrades, updates, bug fixes, new versions, and other modifications.
- 1.2.3 Anti-malware. Smartsheet will deploy and use anti-malware software and will keep the anti-malware software up to date. Smartsheet will use such software to mitigate threats from all viruses, spyware, and other malicious code that are or should reasonably be detected.
- 1.2.4 Testing. Smartsheet will regularly test its security systems, processes, and controls to ensure they meet the requirements of these Security Practices.
- 1.2.5 Access Controls. Smartsheet will secure data in production Smartsheet Information Systems by complying with the following:
- a. Smartsheet will assign a unique ID to each individual with access to systems processing Customer Content.
- b. Smartsheet will restrict access to systems with Customer Content to only those individuals necessary to perform a specified obligation as permitted by this Agreement.
- c. Smartsheet will regularly review (at a minimum once every ninety (90) days) the list of individuals and services with access to systems processing Customer Content and remove accounts that no longer require access.
- d. Smartsheet will not use manufacturer supplied defaults for system passwords on any operating systems, software, or other systems, and will mandate the use of system-enforced “strong passwords” in accordance with or exceeding the best practices (described below) on all systems processing Customer Content, and will require that all passwords and access credentials be kept confidential and not shared among Smartsheet personnel.
- e. At a minimum, Smartsheet production passwords will: (i) contain at least eight (8) characters; (ii) not match previous passwords, the user’s login, or common name; (iii) be changed whenever an account compromise is suspected or assumed; and (iv) be regularly replaced.
- f. Smartsheet will enforce account lockout by disabling accounts with access to Customer Content when an account exceeds a designated number of incorrect password attempts in a certain period.
- g. Smartsheet will maintain log data for all use of accounts or credentials by Smartsheet personnel for access to systems processing Customer Content and will regularly review access logs for signs of malicious behavior or unauthorized access.
- 1.2.6 Policies. Smartsheet will maintain and enforce appropriate information security, confidentiality, and acceptable use policies for employees, subcontractors, agents, and suppliers that meet the standards set forth in these Security Practices, including methods to detect and log policy violations.
- 1.2.7 Development. Development and testing environments for Smartsheet Information Systems will be separate from production environments.
- 1.2.8 Deletion. Smartsheet will utilize procedures that are at a minimum in accordance with National Institute of Standards and Technology (NIST) SP 800-88 Revision 1 recommendations (or a successor standard widely used in the industry) to render Customer Content unrecoverable prior to disposal of media.
- 1.2.9 Encryption. Smartsheet will utilize cryptographic standards mandating authorized algorithms, key length requirements, and key management processes that are consistent with or exceed then-current industry standards, including NIST recommendations, and utilize hardening and configuration requirements consistent in approach with then-current industry standards, including SANS Institute, NIST, or Center for Internet Security (CIS) recommendations. Pursuant to such standards, Smartsheet will encrypt Customer Content at rest within the online Services and will only allow encrypted connections to the online Service for the transfer of Customer Content.
- 1.2.10 Remote Access. Smartsheet will ensure that any access from outside of its protected corporate or production environments to systems processing Customer Content or to Smartsheet’s corporate or development workstation networks will require appropriate connection controls, such as VPN or multi-factor authentication.
2. System Availability. Smartsheet will maintain (or, with respect to systems controlled by its subcontractors, ensure that such subcontractors maintain) a disaster recovery (“DR”) program designed to recover the Subscription Service’s availability following a disaster. At a minimum, such DR program will include the following elements: (a) routine validation of procedures to regularly and programmatically create retention copies of Customer Content for the purpose of recovering lost or corrupted data; (b) inventories, updated at minimum annually, that list all critical Smartsheet Information Systems; (c) annual review and update of the DR program; and (d) annual testing of the DR program designed to validate the DR procedures and recoverability of the service detailed therein.
3. Security Incidents.
- 3.1 Procedure. If Smartsheet becomes aware of confirmed unauthorized or unlawful access to any Customer Content processed by Smartsheet Information Systems (a “Security Incident”), Smartsheet will promptly: (a) notify Customer of the Security Incident; and (b) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident.
- 3.2 Unsuccessful Attempts. An unsuccessful attack or intrusion is not a Security Incident subject to this Section 3. An “unsuccessful attack or intrusion” is one that does not result in unauthorized or unlawful access to Customer Content and may include, without limitation, pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, packet sniffing (or other unauthorized access to traffic data that does not result in access beyond IP addresses or TCP/UDP headers), or similar incidents.
- 3.3 User Involvement. Unauthorized or unlawful access to Customer Content that results from the compromise of a User’s login credentials or from the intentional or inadvertent disclosure of Customer Content by a User is not a Security Incident.
- 3.4 Notifications. Notification(s) of Security Incidents, if any, will be delivered to one or more of Customer’s SysAdmin users by any reasonable means Smartsheet selects, including email. Customer is solely responsible for maintaining accurate contact information in the online Service at all times.
- 3.5 Disclaimer. Smartsheet’s obligation to report or respond to a Security Incident under this Section 3 is not an acknowledgement by Smartsheet of any fault or liability of Smartsheet with respect to the Security Incident.
4. Auditing and Reporting.
- 4.1 Monitoring. Smartsheet monitors the effectiveness of its information security program on an ongoing basis by conducting various audits, risk assessments, and other monitoring activities to ensure the effectiveness of its security measures and controls.
- 4.2 Audit Reports. Smartsheet uses external auditors to verify the adequacy of its security measures and controls for certain Services, including the Subscription Services. The resulting audit will: (a) include testing of the entire measurement period since the previous measurement period ended; (b) be performed according to AICPA SOC2 standards or such other alternative standards that are substantially equivalent to AICPA SOC2; (c) be performed by independent third party security professionals at Smartsheet's selection and expense; and (d) result in the generation of a SOC2 report (“Audit Report”), which will be Smartsheet's Confidential Information. The Audit Report will be made available to Customer upon written request no more than annually, subject to the confidentiality obligations of the Agreement or a mutually-agreed non-disclosure agreement. For the avoidance of doubt, each Audit Report will only discuss Services in existence at the time the Audit Report was issued; subsequently released Services, if within the scope of the Audit Report, will be in the next annual iteration of the Audit Report.
- 4.3 Penetration Testing. Smartsheet uses external security experts to conduct penetration testing of certain online Services, including the Subscription Services. Such testing will: (a) be performed at least annually; (b) be performed by independent third party security professionals at Smartsheet’s selection and expense; and (c) result in the generation of a penetration test report (“Pen Test Report”), which will be Smartsheet’s Confidential Information. Pen Test Reports will be made available to Customer upon written request no more than annually subject to the confidentiality obligations of the Agreement or a mutually-agreed non-disclosure agreement.
Last Updated: February 24, 2020