Smartsheet User Agreement

Last Updated: March 7, 2019

THE INDIVIDUAL OR ENTITY EXECUTING OR INDICATING ACCEPTANCE OF AN ORDER ("Customer") THAT INCORPORATES THIS USER AGREEMENT (“Agreement”) AGREES THAT THE FOLLOWING TERMS AND CONDITIONS, UNLESS OTHERWISE STATED HEREIN, SHALL GOVERN THE PROVISION OF THE SERVICES BY SMARTSHEET INC. ("Smartsheet") TO CUSTOMER. CUSTOMER SHALL NOT ACCESS OR USE THE SERVICES WITHOUT PRIOR WRITTEN CONSENT OF SMARTSHEET IF CUSTOMER IS OR BECOMES A DIRECT COMPETITOR TO SMARTSHEET OR ITS AFFILIATES.  THIS AGREEMENT IS EFFECTIVE AS OF THE DATE OF THE EXECUTION OR ACCEPTANCE OF AN ORDER (“Effective Date”).

1.             Subscription Service

1.1    Right to Access and Use. Subject to the terms and conditions of this Agreement, and in consideration of the fees specified in any Order, Smartsheet hereby grants Customer a worldwide, non-exclusive, non-transferable right to access and use the Subscription Service during the Term for Customer's own business purposes and authorizes Customer to grant such limited access and use rights to Customer Users. 

1.2    Account Creation and Administration. The personal information used to create Customer User account profiles will be provided by Customer or Customer Users. Except for names and email addresses, Customer Users may elect not to display their other profile information within the Subscription Service. Each set of login credentials for the Subscription Service can be used only by a single, individual Customer User.

2.             Responsibilities and Restrictions.

2.1    Customer Responsibilities. Customer will access and use the Services only in accordance with this Agreement, Orders and SOWs, the Documentation, and applicable laws and regulations.  Customer will promptly notify Smartsheet of any unauthorized access or use which Customer becomes aware.  Customer will be responsible for the transfer or disclosure of Customer Content caused by Customer or Customer Users via the functionality of the Services and for all access to and use of the Services that occurs under Customer Users’ login credentials.

2.2    Use Restrictions. Customer’s use of the Services is subject to the limits, including Customer User quantities, set forth in each Order, as well as the storage and other limitations set forth in Smartsheet’s Limits Policy. The applicable use limits set forth in Smartsheet’s Limits Policy on the Term start date of a Service will apply throughout such Term.​​​  Customer will not, and will not permit Customer Users to, commercially sell, resell, license, sublicense, distribute, or frame the Services to a third party, or use the Services other than in compliance with Smartsheet’s Acceptable Use Policy.

3.             Security and Processing

3.1    Security Smartsheet has implemented and will maintain commercially reasonable information security policies and safeguards as described in Schedule 1 (Security Practices) to this Agreement, which include physical, organizational, and technical measures designed to preserve the security, integrity, and confidentiality of Customer Content and to protect against information security threats. Smartsheet may update such security policies and safeguards from time to time provided that any such update does not materially reduce the overall level of security or commitments provided to Customer as described in Schedule 1.

3.2    Processing. Customer represents and warrants that it has all rights, permissions, and consents necessary to: (a) submit all Customer Content to the Services; and (b) grant Smartsheet the limited rights to process Customer Content for the provision of the Services. Customer hereby grants Smartsheet a worldwide, non-exclusive, non-transferable, right to use and otherwise process Customer Content under this Agreement only: (x) as required by applicable law; (y) as requested by Customer in writing or as allowed by Customer via a Service’s access controls; and (z) as necessary to provide the Services and prevent or address technical problems with the Services or violations of this Agreement. Smartsheet’s limited right to process Customer Content hereunder will not excuse any obligation of Smartsheet relating to Customer Content under this Agreement. If Customer requires, in its sole discretion, specific terms for processing Customer Content which includes personal information, Customer may submit a form agreeing to the terms of the Data Processing Addendum ("DPA") at www.smartsheet.com/legal, and the DPA on the Site at the time of such submission will be incorporated into this Agreement on the date of such submission or the Effective Date, whichever is later.

3.3    Service Providers. Smartsheet may engage service providers to act on Smartsheet’s behalf in connection with Smartsheet’s provision of the Services, including processing Customer Content, provided that: (a) such service providers are subject to confidentiality and data security obligations that are substantially as protective of Customer Content as those set forth in this Agreement; and (b) Smartsheet is responsible for such service providers’ acts and omissions in relation to Smartsheet’s obligations under this Agreement.

4.             Intellectual Property and Proprietary Rights

4.1    Smartsheet. As between the parties, all right, title, and interest in and to Smartsheet Properties is owned by Smartsheet notwithstanding any other provision in this Agreement. Except as expressly set forth in this Agreement, Smartsheet does not convey any rights to Customer or any Customer User.

4.2    Customer. As between the parties, Customer retains all its right, title, and interest in and to Customer Content and Customer Confidential Information, including all intellectual property and proprietary rights therein. Except as expressly set forth in this Agreement, Smartsheet acquires no right, title, or interest from Customer under this Agreement in or to Customer Content.

4.3    Feedback. Customer grants Smartsheet a worldwide, irrevocable, perpetual, sublicensable, transferable, non-exclusive license to use and incorporate into Smartsheet’s products and services any feedback or suggestions for enhancement that Customer or a Customer User provides to Smartsheet, without any obligation of compensation.

5.             Other Products and Services

5.1    Professional Services. If Smartsheet provides Professional Services to Customer, Smartsheet hereby grants Customer a worldwide, non-exclusive, non-transferable right to access and use Customizations resulting from Professional Services during the Term for Customer’s own business purposes pursuant to the terms and conditions of this Agreement and the applicable Order or SOW and in consideration of the fees and scope specified therein. Subject to the terms and conditions of this Agreement, including any obligations of confidentiality, Smartsheet may perform (or assign any employees or subcontractors to perform) professional services similar to those performed for Customer for any third party or use any information incidentally retained in the unaided memories of Smartsheet personnel to perform such other professional services.

5.2    Online Training. If Smartsheet makes training content available to Customer via an online portal (“Training Resources”), Smartsheet hereby grants Customer a worldwide, non-exclusive, non-transferable right to access and use the Training Resources during the Term for Customer’s own business purposes. Training Resources are not part of the Subscription Service and the content of Training Resources is subject to change at Smartsheet’s sole discretion.

5.3    Smartsheet API. Smartsheet may make an application programming interface or other similar development tool available within an internet-delivered Service which establishes an interface with such Service (“Smartsheet API”). Unless Customer has entered into Smartsheet's separate developer agreement and Smartsheet has provided Customer with an application ID for authentication purposes, Customer shall not use or enable a third party to use any Smartsheet API: (a) in a manner that causes Customer to exceed the limits of its authorized use of the applicable Service as set forth in this Agreement or an applicable Order; or (b) to access data, applications, services, or a Smartsheet account belonging to a third party.

5.4    Free and Beta Services. Smartsheet may make a Service available to Customer free of charge by: (a) specifying the Service as free of charge on an Order; or (b) providing a clear and conspicuous written notice that the Service is free of charge (collectively (a) and (b), “Free Services”). Smartsheet may make a Service available to Customer: (x) labeled “Beta Service” on an Order; or (y) accompanied by a clear and conspicuous written notice that the Service is to be used at Customer’s own risk or provided as is (collectively (x) and (y), “Beta Service”). Notwithstanding any other provision of this Agreement, Customer acknowledges and agrees that: (i) Free Services and Beta Services are made available to Customer without any warranty, commitment to availability, security or accuracy, or other related obligation of any kind under this Agreement, unless otherwise required by applicable law; (ii) Free Services are made available to Customer without any support, maintenance, indemnification, or other related obligation of any kind under this Agreement, unless otherwise required by applicable law; (iii) Free Services may not include or allow access to all features and functionality available to paying customers; (iv) Smartsheet may terminate Customer’s access to or use of a Free Service at any time, unless otherwise specified in writing, and Smartsheet will not be liable for such termination; and (v) Customer Content submitted to a Free Service may be permanently lost, and Smartsheet will not be liable for such loss.

5.5    Third Party Products. At Customer’s discretion, Customer may procure services, applications, and online content from a third party for use with the Services (“Third Party Products”). Any such use is subject to the end user license or use agreement that Customer accepts from or establishes with the third party. Third Party Products are not Services and, as between the parties, Smartsheet has no liability with respect to Customer’s procurement or use of Third Party Products.

6.             Fees and Payment.

6.1    Fees. Customer will pay Service fees specified in each Order or SOW. All Service fees are nonrefundable once paid except as otherwise expressly provided in this Agreement or the applicable Order or SOW. Smartsheet may increase the unit price specified in an Order for any Renewal Term upon written notice to Customer (including via email) at least thirty (30) days prior to the start of the Renewal Term.  Unless otherwise agreed in an SOW, Customer will reimburse Smartsheet for reasonable, out-of-pocket expenses incurred by Smartsheet in the course of providing Professional Services in accordance with Smartsheet’s Travel and Expense Policy.  

6.2    Payment. Unless otherwise provided in the applicable Order or SOW, Smartsheet will invoice Customer for Subscription Service fees annually in advance and Professional Service fees on a time and materials basis monthly in arrears. All amounts due under this Agreement are payable in U.S. dollars net thirty (30) days from the date of the invoice. Customer agrees to promptly notify Smartsheet in writing of any changes to its billing information during any Term. Smartsheet reserves the right to correct any billing errors or mistakes that Smartsheet identifies in an invoice or after a payment is received. Smartsheet may accept payment in any amount without prejudice to Smartsheet’s right to recover the balance of the amount due under an Order or SOW or to pursue any other right or remedy. Amounts due to Smartsheet from Customer shall not be withheld or offset against amounts due or alleged to be due to Customer from Smartsheet. Except as prohibited by law, Smartsheet may charge a late fee of one and one-half percent (1.5%) per month on past due amounts. If Customer requires a purchase order, vendor registration form, or other documentation, such requirement will in no way relieve, affect or delay Customer’s obligation to pay any amounts due hereunder.

6.3    Taxes. Other than income taxes imposed on Smartsheet, Customer will bear all taxes, duties, VAT, and all other governmental charges (collectively, “Taxes”) resulting from this Agreement. If Customer is exempt from any applicable Taxes, Customer will provide evidence reasonably satisfactory to Smartsheet of Customer’s tax-exempt status and, after receipt of such evidence, Smartsheet will not charge Customer any Taxes from which it is exempt.  If Customer determines that payments due under this Agreement are subject to withholding Taxes, Customer shall notify Smartsheet prior to deducting any such Taxes.  Customer shall: (a) only withhold amounts required under law; (b) make timely payment to the proper taxing authority of such withheld amount; and (c) provide Smartsheet with proof of such payment within thirty (30) days following that payment.  

6.4    Affiliates. Customer’s Affiliates may purchase Services under this Agreement by executing an Order or SOW. Each Order or SOW is a separate contract between Smartsheet and the Affiliate that executes it, and such Affiliate will be deemed “Customer” as used in this Agreement with respect to such Order or SOW. 

6.5    Payment Processors and Resellers. Customer may elect to purchase certain Services through a reseller authorized by Smartsheet (“Reseller”) or elect to pay for the Services under this Agreement through a third party who processes Customer’s payments (“Payment Processor”). Customer’s obligation for payment to, and relationship with, any Reseller or Payment Processor is between Customer and such Reseller or Payment Processor provided, however, that Customer shall remain liable for the fees payable to Smartsheet for such Services.

7.             Term and Termination.                     

7.1    Agreement Term; Renewal of Orders. This Agreement will remain in effect until terminated as set forth herein or by the parties’ mutual written agreement. Orders will remain in effect for the Term of the Services specified therein (“Initial Term”). After the Initial Term, ORDERS WILL AUTOMATICALLY RENEW FOR SUCCESSIVE ONE (1) YEAR RENEWAL TERMS (each a “Renewal Term”) UNLESS EITHER PARTY PROVIDES THE OTHER PARTY WRITTEN NOTICE OF NON-RENEWAL AT LEAST FIFTEEN (15) DAYS PRIOR TO THE END OF THE THEN-CURRENT TERM. Notwithstanding the foregoing, any purchases of non-recurring or one-time Services made via an Order will not automatically renew.

7.2    Term of SOWs. Each SOW remains in effect for the period specified therein. If no period is specified, the SOW will terminate once the Professional Services set forth in the SOW have been completed.

7.3    Termination for Cause. Either party may terminate a Service or this Agreement immediately upon written notice if the other party breaches any material provision of an Order, SOW, or this Agreement, and fails to cure the breach within thirty (30) days of such written notice from the non-breaching party.

7.4    Effect of Termination. Upon termination of this Agreement for any reason: (a) all Orders and SOWs under this Agreement will terminate; and (b) all rights and obligations of the parties hereunder will cease (except as set forth in Section 7.7 (Survival) below). If Customer terminates a Service or this Agreement for Smartsheet’s uncured breach pursuant to Section 7.3 (Termination for Cause), Smartsheet shall issue a refund of prepaid fees covering the terminated portion of each Services’ respective Term and, if applicable, Training Resources and Partner Apps. If Smartsheet terminates a Service or this Agreement for Customer’s uncured breach pursuant to Section 7.3, Customer shall pay all outstanding payable amounts (if any) under this Agreement for the Term applicable to any terminated Service and, if applicable, Training Resources and Partner Apps, regardless of the due dates specified in the Order or SOW. Customer will remain obligated to pay for Professional Services rendered through, or payable as of, the effective date such Professional Services are terminated.

7.5     Return of Customer Content. The Subscription Service includes a feature that permits Customer, at any time during the Term, to download a backup of Customer Content with: (a) Customer’s file attachments in their native file formats; and (b) all other Customer Content in an industry standard export format, including a Microsoft Excel file. Upon Customer’s written request prior to or contemporaneous with termination or expiration of any Term and at no additional cost to Customer, Smartsheet will allow a Customer’s SysAdmin to have read-only access to the Subscription Service for the sole purpose of retrieving Customer Content for thirty (30) days following such date of termination or expiration. Thereafter, Smartsheet has no obligation to retain, and will render unrecoverable, Customer Content in accordance with Schedule 1 (Security Practices). 

7.6    Suspension. Smartsheet may suspend Customer’s access to any Service immediately if: (a) Customer fails to make a payment for more than fifteen (15) days following its due date; or (b) Customer has, or Smartsheet reasonably suspects based on documented evidence that Customer has, breached Section 2.2 (Use Restrictions) or misappropriated or infringed Smartsheet’s intellectual property or proprietary rights. 

7.7    Survival. The following Sections will survive termination or expiration of this Agreement: 3.2 (Processing); 4 (Intellectual Property and Proprietary Rights); 5.4 (Free and Beta Services); 5.5 (Third Party Products); 6.1 (Fees); 6.2 (Payment); 7.5 (Return of Customer Content); 7.7 (Survival); 8 (Confidentiality); 10 (Limitations of Liability); 11 (Indemnification); and, to the extent necessary to effectuate the foregoing, 12 (General).

8.             Confidentiality

8.1    Confidential Information. “Confidential Information” means all non-public, proprietary, business, technical, legal, or financial information disclosed or learned in connection with this Agreement that the Disclosing Party has identified as confidential at the time of disclosure or that, based on the nature of the information or circumstances surrounding its disclosure, the Receiving Party would clearly understand it as confidential. With regard to Smartsheet, Confidential Information includes Smartsheet Properties. With regard to Customer, Confidential Information includes Customer Content. Confidential Information does not include: (a) information that was generally known to the public at the time disclosed to the Receiving Party; (b) information that becomes generally known to the public (other than through a breach of Section 8 (Confidentiality) by the Receiving Party) after disclosure to the Receiving Party; (c) information that was in the Receiving Party’s possession free of any obligation of confidentiality prior to disclosure by the Disclosing Party; (d) information that is rightfully received by the Receiving Party from a third party without any restriction on disclosure; or (e) information that was independently developed by the Receiving Party without reference to or use of Disclosing Party’s Confidential Information. ALL CONFIDENTIAL INFORMATION IS PROVIDED “AS IS.”  EXCEPT FOR THE WARRANTIES EXPRESSLY STATED IN THIS AGREEMENT, NEITHER PARTY MAKES ANY WARRANTIES, EXPRESSED OR IMPLIED, CONCERNING THE ACCURACY OR COMPLETENESS OF ITS CONFIDENTIAL INFORMATION.

8.2    Use and Disclosure of Confidential Information. The Receiving Party: (a) will not use the Disclosing Party’s Confidential Information for any purpose except as permitted under this Agreement; (b) will not disclose, give access to, or distribute any of the Disclosing Party’s Confidential Information to any third party, except to the extent expressly authorized in this Agreement or a separate written agreement signed by the Disclosing Party; and (c) will take reasonable security precautions (which will be at least as protective as the precautions it takes to preserve its own Confidential Information of a similar nature) to safeguard the Disclosing Party’s Confidential Information. Notwithstanding the foregoing, the Receiving Party may disclose Confidential Information to those of its employees, directors, Affiliates, advisors, agents, contractors, and other representatives (“Representatives”) who need to know such information in order to exercise their respective rights and obligations hereunder, provided that each such Representative is bound to protect the Confidential Information by confidentiality obligations substantially as protective as those set forth in this Agreement. The Receiving Party will be responsible for its Representatives’ disclosure or use of the Disclosing Party’s Confidential Information in violation of Section 8 (Confidentiality).  The Receiving Party will promptly notify in writing the Disclosing Party upon discovery of any unauthorized disclosure or use of the Disclosing Party’s Confidential Information, or any other breach of Section 8, by it or its Representatives. The Receiving Party’s obligations set forth in Section 8 will remain in effect during the Term and three (3) years after termination of this Agreement. The disclosure of Confidential Information to the Receiving Party does not grant or convey any right of ownership of such Confidential Information. 

8.3    Required Disclosures. The Receiving Party may disclose Confidential Information to the extent required by law or legal process. In such cases, however, the Receiving Party will (except to the extent prohibited by law or legal process): (a) give the Disclosing Party prior written notice of such disclosure so as to afford the Disclosing Party a reasonable opportunity to appear, object, and obtain a protective order or other appropriate relief regarding such disclosure; (b) use diligent efforts to limit disclosure to that which is legally required; and (c) reasonably cooperate with the Disclosing Party, at the Disclosing Party’s expense, in its efforts to obtain a protective order or other legally available means of protection.

8.4    Payment Processor or Reseller Disclosures. If Customer elects to utilize a Payment Processor or Reseller to pay for or procure Services, Smartsheet is permitted to disclose Confidential Information (including this Agreement and any Orders and SOWs) to such Payment Processor or Reseller that is necessary to effectuate such transaction.

8.5    Return of Materials. Upon written request by the Disclosing Party, the Receiving Party will, without undue delay: (a) either return or destroy all tangible documents and media in its possession or control that contain the Disclosing Party’s Confidential Information; (b) render unrecoverable electronically stored Confidential Information of the Disclosing Party in its possession or control; and (c) certify its compliance with this Section 8.5 in writing. Notwithstanding the foregoing: (x) the Receiving Party will not be obligated to render unrecoverable Confidential Information of the Disclosing Party that is contained in an archived computer system backup made in accordance with the Receiving Party's legal and financial compliance obligations or security and disaster recovery procedure; and (y) Smartsheet shall return or render unrecoverable Customer Content as set forth in Section 7.5 (Return of Customer Content). Any such retained Confidential Information will remain subject to Section 8 (Confidentiality). 

8.6    Remedies. The Receiving Party acknowledges that any actual or threatened breach of Section 8 (Confidentiality) may cause irreparable, non-monetary injury to the Disclosing Party, the extent of which may be difficult to ascertain. Accordingly, the Disclosing Party is entitled to (but not required to) seek injunctive relief to prevent or mitigate any breaches of Section 8 with respect to the Disclosing Party’s Confidential Information or any damages that may otherwise result from those breaches. 

9.            Representations and Warranties; Disclaimer

9.1     Authority and Compliance Warranty. Smartsheet represents and warrants that it has the necessary authority to enter into this Agreement and that Smartsheet shall comply with any United States laws, statutes, and regulations and the European Union General Data Protection Regulation to the extent such laws, statutes and regulations apply to Smartsheet’s provision of the Services under this Agreement. For the avoidance of doubt, Smartsheet shall not be responsible for Customer’s compliance with any laws, statutes and regulations applicable to Customer and its industry. 

9.2    Limited Warranty for Subscription Service. Smartsheet represents and warrants that the Subscription Service will operate during the applicable Term substantially as described in the applicable plan feature overview and release notes made available by Smartsheet on the Site. Upon receipt of Customer’s written notice of any alleged failure to comply with this warranty, Smartsheet will use commercially reasonable efforts to cure or correct the failure. If Smartsheet has not cured or corrected the failure within thirty (30) days following its receipt of such notice, then Customer may terminate the applicable Order and Smartsheet shall issue a refund of prepaid fees covering the terminated portion of the Subscription Services. Notwithstanding the foregoing, this warranty will not apply to any failure due to a defect in or modification of the Subscription Service that is caused or made by Customer, any Customer User, or a person acting at Customer’s direction. This Section 9.2 sets forth Customer’s exclusive rights and remedies and Smartsheet’s sole liability in connection with this warranty. 

9.3    Limited Warranty for Professional Services. Smartsheet represents and warrants that the Professional Services will be provided in a competent and workmanlike manner in accordance with the Order or SOW, as applicable. Customer must notify Smartsheet in writing of any alleged failure to comply with this warranty within thirty (30) days following delivery of the Professional Services. Upon receipt of such notice, Smartsheet will either: (a) use commercially reasonable efforts to cure or correct the failure; or (b) terminate the Professional Services and issue a refund of prepaid fees covering the terminated portion of the Professional Services. This Section 9.3 sets forth Customer’s exclusive rights and remedies and Smartsheet’s sole liability in connection with this warranty. 

9.4    Disclaimer. EXCEPT FOR THE REPRESENTATIONS AND WARRANTIES EXPRESSLY STATED IN THIS AGREEMENT, SMARTSHEET MAKES NO REPRESENTATIONS AND DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, SMARTSHEET SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ACCURACY, AND SMARTSHEET DOES NOT WARRANT THAT THE SERVICES OR THIRD-PARTY APPLICATIONS AND SERVICES WILL BE ERROR-FREE OR OPERATE WITHOUT INTERRUPTIONS OR DOWNTIME.

10.          Limitations of Liability.

10.1    Exclusion of Damages; Liability Cap.

TO THE EXTENT PERMITTED BY LAW, NEITHER PARTY WILL BE LIABLE FOR ANY LOST PROFITS, GOODWILL, OR REVENUES OR FOR ANY INCIDENTAL, CONSEQUENTIAL, SPECIAL, INDIRECT, COVER, BUSINESS INTERRUPTION, OR PUNITIVE DAMAGES IN CONNECTION WITH ANY CLAIM OF ANY NATURE, WHETHER IN CONTRACT, TORT, OR UNDER ANY THEORY OF LIABILITY, ARISING UNDER THIS AGREEMENT, EVEN IF IT HAS BEEN GIVEN ADVANCE NOTICE OF SUCH POSSIBLE DAMAGES.

TO THE EXTENT PERMITTED BY LAW, EACH PARTY’S ENTIRE LIABILITY UNDER THIS AGREEMENT WILL NOT EXCEED THE FEES PAID BY CUSTOMER TO SMARTSHEET UNDER THIS AGREEMENT FOR THE SERVICES GIVING RISE TO THE LIABILITY DURING THE TWELVE (12) MONTHS PRIOR TO THE DATE ON WHICH THE LIABILITY AROSE. THE EXISTENCE OF MORE THAN ONE CLAIM WILL NOT ENLARGE THIS LIMIT.  

THE FOREGOING EXCLUSIONS AND LIABILITY LIMITS IN THIS SECTION 10.1 SHALL NOT APPLY TO DAMAGES OR LIABILITY RESULTING FROM CLAIMS OR OBLIGATIONS ARISING UNDER SECTIONS 2.2 (USE RESTRICTIONS), 6.1 (FEES), 6.2 (PAYMENT), OR 11 (INDEMNIFICATION), OR INFRINGEMENT OR MISAPPROPRIATION BY A PARTY OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS. 

10.2    General. The parties acknowledge and agree that the limitations of liability, disclaimer of warranties, and any exclusion of damages included in this Agreement represent an allocation of risk between the parties (including the risk that a remedy may fail of its essential purpose and cause consequential loss) which is reflected by the fees paid.

11.          Indemnification

11.1    By Smartsheet. Smartsheet will defend Customer and its respective officers, directors, and employees (“Customer Indemnified Parties”) from and against any claims, demands, proceedings, investigations, or suits, brought by a third party alleging that Customer’s use of the Services or Customizations in accordance with this Agreement infringes any third party intellectual property rights (each, a “Claim Against Customer”). Smartsheet will indemnify Customer Indemnified Parties for any finally awarded damages or settlement amount approved by Smartsheet in writing to the extent arising from a Claim Against Customer, and any reasonable attorneys’ fees of Customer associated with initially responding to a Claim Against Customer. Notwithstanding the foregoing, Smartsheet will have no obligation under this Section 11.1 to the extent any Claim Against Customer arises from: (a) Customer’s use of the Services or Customizations in combination with technology or services not provided by Smartsheet, if the Services or Customizations or use thereof would not infringe without such combination; (b) Customer Content; (c) Smartsheet’s compliance with designs, specifications, or instructions provided in writing by Customer if such infringement would not have occurred but for such designs, specifications, or instructions; or (d) use of the Services or Customizations by Customer after notice by Smartsheet to discontinue use. If Customer is enjoined or otherwise prohibited from using any of the Services or Customizations or a portion thereof based on a Claim Against Customer, then Smartsheet will, at Smartsheet’s sole expense and option, either: (x) obtain for Customer the right to use the allegedly infringing portions of the Service or Customizations; (y) modify the allegedly infringing portion of the Service or Customizations so as to render it non-infringing without substantially diminishing or impairing its functionality; or (z) replace the allegedly infringing portions of the Service or Customizations with non-infringing items of substantially similar functionality. If Smartsheet determines that the foregoing remedies are not commercially reasonable or possible, then Smartsheet will terminate the applicable Order or SOW and issue a refund of prepaid fees covering the terminated portion of the applicable Service. 

11.2    By Customer. To the extent permitted by applicable law, Customer will defend Smartsheet and Smartsheet’s Affiliates providing the Services, and their respective officers, directors, and employees (“Smartsheet Indemnified Parties”) from and against any claims, demands, proceedings, investigations, or suits, brought by a third party arising out of Customer Content or Customer’s use of the Services or Customizations in violation of applicable law (each, a “Claim Against Smartsheet”). Customer will indemnify Smartsheet Indemnified Parties for any finally awarded damages or settlement amount approved by Customer in writing to the extent arising from a Claim Against Smartsheet, and any reasonable attorneys’ fees of Smartsheet associated with initially responding to a Claim Against Smartsheet.  

11.3    Conditions. The indemnifying party’s obligations under Section 11 (Indemnification) are contingent on the indemnified party: (a) promptly providing written notice of the claim to the indemnifying party (provided that indemnifying party shall not be excused from its indemnity obligations for indemnified party’s failure to provide prompt notice except and then solely to the extent that the indemnifying party is materially prejudiced thereby); (b) giving the indemnifying party sole control of the defense and settlement of the claim (provided that any settlement unconditionally releases the indemnified party of all liability and does not make any admissions on behalf of the indemnified party or include payment of any amounts by the indemnified party); and (c) providing the indemnifying party, at the indemnifying party’s expense, all reasonable assistance in connection with such claim. The indemnified party may participate in the defense of the claim at its sole cost and expense. Section 11 sets forth the indemnifying party’s sole liability to, and the indemnified party’s exclusive remedy for, any type of claim or action described in Section 11. 

12.          General.               

12.1    Insurance. Smartsheet will, at its expense, procure and maintain commercially reasonable insurance coverage during the Term, evidenced by Smartsheet’s certificate of insurance, which is available on the Site.

12.2    Publicity. Unless Customer has specifically notified Smartsheet to the contrary in writing (including via email), Smartsheet may disclose Customer as a customer of Smartsheet, and may use Customer’s name and logo on the Site and in Smartsheet’s promotional materials. Smartsheet will request Customer’s prior written consent for any other uses.

12.3    United States Government End-Users. The Services provided by Smartsheet are “commercial items” consisting in part of “commercial computer software” and “computer software documentation,” as such terms are used in the Federal Acquisition Regulation (FAR) and the Defense Federal Acquisition Regulation Supplement (DFARS). In accordance with FAR 12.211 (Technical data) and FAR 12.212 (Computer software), and DFARS 227.7102 (Commercial items, components, or processes) and DFARS 227.7202 (Commercial computer software and commercial computer software documentation), as applicable, the rights of the United States government to use, modify, reproduce, release, perform, display, or disclose computer software, computer software documentation, and technical data furnished in connection with the Services will be pursuant to the terms of this Agreement. This United States government rights clause is in lieu of, and supersedes, any other FAR, DFARS, or other clause or provision that addresses government rights in computer software, computer software documentation, or technical data.

12.4    Export Compliance. Each party shall comply with United States and foreign export control laws and regulations. Without limiting the foregoing: (a) Customer acknowledges that the Services, Documentation, and Customizations are subject to the U.S. Export Administration Regulations; and (b) Customer is responsible for complying with any local laws which may impact Customer’s right to import, export, or use the Services, Documentation, and Customizations.

12.5    Notices. Except where this Agreement permits notice via email, all notices provided under this Agreement must be in writing and sent via internationally recognized delivery service or certified U.S. mail. Notices sent via email will be deemed given one (1) business day after being sent; and notices sent via any other authorized delivery method will be deemed given five (5) business days after being sent. Notices must be addressed as follows: if to Smartsheet, Attn: Legal, 10500 NE 8th Street, Suite 1300, Bellevue WA 98004, and for notices permitted to be sent via email, to [email protected]; and, if to Customer, Attn: Legal at the billing address set forth on the initial Order, and for notices permitted to be sent via email, to the SysAdmin email address set forth on the initial Order. Customer may request notification of changes to the Policies and Privacy Notice and revisions to this Agreement via www.smartsheet.com/notification-requests

12.6    Assignment. Either party may assign this Agreement and any Orders or SOWs in connection with a merger or similar transaction or to a company acquiring substantially all of its assets, equity, or business, without any requirement to obtain permission for such assignment; otherwise, neither party may assign this Agreement or any Orders or SOWs to a third party without the advance written consent of the other party. Subject to the foregoing and notwithstanding any prohibitions on transferability under this Agreement, the assigning party shall notice the non-assigning party of any permitted assignment and this Agreement and any Orders or SOWs will bind and inure to the benefit of the parties, their successors, and their permitted assigns. 

12.7    Force Majeure. Neither party is liable for delay or default under this Agreement if caused by conditions beyond its reasonable control. The party suffering from any such conditions shall use reasonable efforts to mitigate against the effects of such conditions.

12.8    Amendment; Waiver. Unless otherwise expressly stated herein, this Agreement and any Orders or SOWs may be modified only by a written amendment or agreement executed by an authorized representative of each party.  The waiver of any breach of any provision of this Agreement or of any Order or SOW will be effective only if in writing, and no such waiver will operate or be construed as a waiver of any subsequent breach. 

12.9    Enforceability. If any provision of this Agreement or any Order or SOW is held to be unenforceable, then that provision is to be construed either by modifying it to the minimum extent necessary to make it enforceable (if permitted by law) or disregarding it (if not permitted by law), and the rest of this Agreement or the relevant Order or SOW is to remain in effect as written. Notwithstanding the foregoing, if modifying or disregarding the unenforceable provision would result in failure of an essential purpose of this Agreement or any Order or SOW, the entire Agreement or the relevant Order or SOW will be considered null and void.

12.10    Governing Law. This Agreement and any Orders and SOWs are governed by the laws of the State of Washington, without regard to its conflicts of law rules, and each party hereby consents to exclusive jurisdiction and venue in the state and federal courts located in Seattle, Washington for any dispute arising out of this Agreement or any Orders or SOWs.

12.11    Entire Agreement; Conflict. This Agreement, together with the Policies, Schedule 1 attached hereto, and, if applicable, the DPA, and any Orders and SOWs represent the entire agreement between Smartsheet and Customer with respect to the Services. Downloadable Smartsheet applications or products expressly governed by a separate end-user license agreement presented at the time of download or use are not governed by this Agreement. During the electronic provisioning of the Subscription Service or Training Resources, Customer Users will be required to individually acknowledge that certain information collected about them is used as described in Smartsheet’s Privacy Notice, which is available on the Site. In the event of any conflict between this Agreement and any Order or SOW, this Agreement will govern and control unless the Order or SOW expressly and specifically overrides terms or conditions of this Agreement. With respect to any Services, terms and conditions included in the following items, whether submitted or executed before or after the Term start date, are null and void: (a) a Customer purchase order or similar document; (b) a Customer vendor registration form or online portal; and (c) any other contemporaneous or prior agreements or commitments regarding the Services or the other subject matter of this Agreement.

12.12    Revisions. Smartsheet reserves the right to revise this Agreement by posting a revised version on the Site, which will be effective fifteen (15) days after posting. Continued use of the Services after the effective date of revision will constitute Customer’s acceptance of the revised Agreement. If Customer objects to the revisions, Customer may terminate any Orders governed by this Agreement by providing written notice to Smartsheet prior to the effective date of revision, provided that Customer will remain obligated to pay amounts due to Smartsheet under such Orders and will not receive a refund of prepaid fees. Customer's termination will be effective upon Smartsheet's written acknowledgement of such termination, and in no event later than thirty (30) days from Smartsheet's receipt of Customer's termination notice.

13.          Definitions. Capitalized terms used but not otherwise defined in this Agreement have the following meanings:

Affiliate” means any person or entity that owns or controls, is owned or controlled by, or is under common control or ownership with, a party to this Agreement, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract, or otherwise.

Customer Content” means any data, file attachments, text, images, reports, personal information, or other content that is uploaded or submitted to the internet-delivered Services by Customer or Customer Users and is processed by Smartsheet on behalf of Customer.  For the avoidance of doubt, Customer Content does not include usage, statistical, or technical information that does not reveal the actual contents of Customer Content. 

Customer User” means any individual authorized or invited by Customer or a Customer User to access and use the Services received by Customer from Smartsheet under the terms of this Agreement. 

Customizations” means all software, code, materials, ideas, deliverables, and items that are conceived, made, discovered, written, or created by Smartsheet’s personnel in connection with providing Professional Services.  

Disclosing Party” means the party disclosing Confidential Information to the Receiving Party.

Documentation” means documentation provided by Smartsheet on the Site that is uniformly available and applicable to all Smartsheet customers and relates to the operation and use of the Services, including user manuals, operating instructions, and release notes, each as updated by Smartsheet from time to time.

Order” means an executed ordering document or online order issued or otherwise approved in writing by Smartsheet that sets forth the commercial details of products and services made available to Customer and incorporates this Agreement by reference.

Partner App” means a service or application developed and owned by a third party for which Customer purchases a license from Smartsheet under an Order and is made available to Customer exclusively in accordance with the terms and conditions of the end user license agreements accompanying them, except that the payment provisions of this Agreement will apply.

Policies” means the Limits Policy, Acceptable Use Policy, and Travel and Expense Policy, each as found on the Site at www.smartsheet.com/legal and updated by Smartsheet from time to time.

Professional Services” means implementation, configuration, integration, training, advisory, and other professional services related to the Services that are specified in an Order or SOW.

Receiving Party” means the party receiving or accessing Confidential Information of the Disclosing Party.  

Services” means Professional Services, the Subscription Service, and any other internet-delivered service or application provided by Smartsheet that Customer uses with the Subscription Service. 

Site” means Smartsheet’s website at www.smartsheet.com and any website linked from such website that is owned or controlled by Smartsheet.

Smartsheet Properties” means Service, Documentation and Customizations, and all Smartsheet technology, software, data, methodologies, improvements, and documentation, used to provide or made available in connection with Services, Documentation, and Customizations, and all intellectual property and proprietary rights in and to the foregoing.

SOW” means a statement of work or similar document that describes and scopes Professional Services, establishes the fees for the Professional Services, and incorporates this Agreement by reference.

"Subscription Service" means Smartsheet's subscription internet-delivered work collaboration services and application that are purchased by Customer.

SysAdmin” means a Customer User with certain administrative control rights over Customer’s Subscription Service. 

Term” means the period of authorized access and use of a Service as set forth in an Order.

 


 

SCHEDULE 1

SECURITY PRACTICES

1.             Security Protocols.

1.1          Information Security Program. Smartsheet shall maintain a comprehensive written information security program, including policies, standards, procedures, and related documents that establish criteria, means, methods, and measures governing the processing and security of Customer Content and the Smartsheet systems or networks used to process or secure Customer Content in connection with providing the Subscription Service (“Smartsheet Information Systems”).

​1.2          Security Controls. In accordance with its information security program, Smartsheet shall implement appropriate physical, organizational, and technical controls designed to: (a) ensure the security, integrity, and confidentiality of Customer Content accessed, collected, used, stored, or transmitted to or by Smartsheet; and (b) protect Customer Content from known or reasonably anticipated threats or hazards to its security, integrity, accidental loss, alteration, disclosure, and other unlawful forms of processing. Without limitation, Smartsheet will, as appropriate, utilize the following controls:

1.2.1    Firewalls. Smartsheet will install and maintain firewall(s) to protect data accessible via the Internet.

1.2.2    Updates. Smartsheet will maintain programs and routines to keep the Smartsheet Information Systems up-to-date with the latest upgrades, updates, bug fixes, new versions, and other modifications.

1.2.3    Anti-malware. Smartsheet will deploy and use anti-malware software and will keep the anti-malware software up to date. Smartsheet will use such software to mitigate threats from all viruses, spyware, and other malicious code that are or should reasonably be detected.

1.2.4    Testing. Smartsheet will regularly test its security systems, processes, and controls to ensure they meet the requirements of these Security Practices.

1.2.5    Access Controls. Smartsheet will secure data in production Smartsheet Information Systems by complying with the following:

a. Smartsheet will assign a unique ID to each individual with access to systems processing Customer Content.

b. Smartsheet will restrict access to systems with Customer Content to only those individuals necessary to perform a specified obligation as permitted by this Agreement.

c. Smartsheet will regularly review (at a minimum once every ninety (90) days) the list of individuals and services with access to systems processing Customer Content, and remove accounts that no longer require access.

d. Smartsheet will not use manufacturer supplied defaults for system passwords, on any operating systems, software, or other systems and will mandate the use of system-enforced “strong passwords” in accordance with or exceeding the best practices (described below) on all systems processing Customer Content and will require that all passwords and access credentials are kept confidential and not shared among Smartsheet personnel.

e. At a minimum, Smartsheet production passwords will: (i) contain at least 8 characters; (ii) not match previous passwords, the user’s login, or common name; (iii) be changed whenever an account compromise is suspected or assumed; and (iv) be regularly replaced.

f. Smartsheet will enforce account lockout by disabling accounts with access to Customer Content when an account exceeds a designated number of incorrect password attempts in a certain period.

g. Smartsheet will maintain log data for all use of accounts or credentials used by Smartsheet personnel for access to systems processing Customer Content, and will regularly review access logs for signs of malicious behavior or unauthorized access.

1.2.6    Policies. Smartsheet will maintain and enforce appropriate information security, confidentiality, and acceptable use policies for employees, subcontractors, agents, and suppliers that meet the standards set forth in these Security Practices, including methods to detect and log policy violations.

1.2.7    Development. Development and testing environments for Smartsheet Information Systems will be separate from production environments.

1.2.8    Deletion. Smartsheet will utilize procedures that at a minimum are in accordance with National Institute of Standards and Technology (NIST) SP 800-88 Revision 1 recommendations (or a successor standard widely used in the industry) to render Customer Content unrecoverable prior to disposal of media. 

1.2.9    Encryption. Smartsheet will utilize cryptographic standards mandating authorized algorithms, key length requirements, and key management processes that are consistent with or exceed then-current industry standards, including NIST recommendations, and utilize hardening and configuration requirements consistent in approach with then-current industry standards, including SANS Institute, NIST, or Center for Internet Security (CIS) recommendations. Pursuant to such standards, Smartsheet will encrypt Customer Content at rest within the Subscription Service and shall only allow encrypted connections to the Subscription Service for the transfer of Customer Content.

1.2.10   Remote Access. Smartsheet will ensure that any access from outside of its protected corporate or production environments to systems processing Customer Content or to Smartsheet’s corporate or development workstation networks will require appropriate connection controls, such as VPN or multi-factor authentication.

2.             System Availability.

Smartsheet will maintain (or, with respect to systems controlled by its service providers, ensure that such service providers maintain) a disaster recovery (“DR”) program designed to recover the Subscription Service availability following a disaster. At a minimum, such DR program will include the following elements: (a) routinely validated procedures to regularly and programmatically create retention copies of Customer Content for the purpose of recovering lost or corrupted data; (b) inventories, updated at minimum annually, that list all critical Smartsheet Information Systems; (c) annual review and update of the DR program; and (d) annual testing of the DR program designed to validate the DR procedures and recoverability of the service detailed therein.

3.             Security Incidents.

3.1        Procedure. If Smartsheet becomes aware of confirmed unauthorized or unlawful access to any Customer Content processed by Smartsheet Information Systems (a “Security Incident”), Smartsheet will promptly: (a) notify Customer of the Security Incident; and (b) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident.

3.2         Unsuccessful Attempts. An unsuccessful attack or intrusion is not a Security Incident subject to this Section 3. An “unsuccessful attack or intrusion” is one that does not result in unauthorized or unlawful access to Customer Content and may include, without limitation, pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, packet sniffing (or other unauthorized access to traffic data that does not result in access beyond IP addresses or TCP/UDP headers), or similar incidents.

3.3         Customer User Involvement. Unauthorized or unlawful access to Customer Content that results from the compromise of a Customer User’s login credentials or from the intentional or inadvertent disclosure of Customer Content by a Customer User is not a Security Incident.

3.4        Notifications. Notification(s) of Security Incidents, if any, will be delivered to one or more of Customer’s SysAdmin users by any reasonable means Smartsheet selects, including email. Customer is solely responsible for maintaining accurate contact information in the Subscription Service at all times.

3.5         Disclaimer. Smartsheet’s obligation to report or respond to a Security Incident under this Section 3 is not an acknowledgement by Smartsheet of any fault or liability of Smartsheet with respect to the Security Incident.

4.             Auditing and Reporting.

4.1          Monitoring. Smartsheet monitors the effectiveness of its information security program on an ongoing basis by conducting various audits, risk assessments, and other monitoring activities to ensure the effectiveness of its security measures and controls.

4.2          Audit Reports. Smartsheet uses external auditors to verify the adequacy of its security measures and controls for certain Services, including the Subscription Service. The resulting audit will: (a) include testing of the entire measurement period since the previous measurement period ended; (b) be performed according to AICPA SOC2 standards or such other alternative standards that are substantially equivalent to AICPA SOC2; (c) be performed by independent third party security professionals at Smartsheet's selection and expense; and (d) result in the generation of a SOC 2 report (“Audit Report”), which will be Smartsheet's Confidential Information. The Audit Report will be made available to Customer upon written request no more than annually subject to the confidentiality obligations of the Agreement or a mutually-agreed non-disclosure agreement covering the Audit Report. For the avoidance of doubt, each Audit Report will only discuss Services in existence at the time the Audit Report was issued; subsequently released Services, if covered by the Audit Report, will be in the next annual iteration of the Audit Report.  

4.3          Penetration Testing. Smartsheet uses external security experts to conduct penetration testing of certain Services, including the Subscription Service. Such testing will: (a) be performed at least annually; (b) be performed by independent third party security professionals at Smartsheet’s selection and expense; and (c) result in the generation of a penetration test report (“Pen Test Report”), which will be Smartsheet’s Confidential Information. Pen Test Reports will be made available to Customer upon written request no more than annually subject to the confidentiality obligations of the Agreement or a mutually-agreed non-disclosure agreement covering the Pen Test Report. 

5.             Post-Termination Practices.

5.1          Treatment of Customer Content. Subject to Section 5.2 below, Smartsheet will, within one hundred eighty (180) days following termination of the Agreement, render unrecoverable all Customer Content from Smartsheet Information Systems and, upon written request, certify such process in writing.  

5.2         Retention of Customer Content. Customer acknowledges that Smartsheet may, pursuant to its standard retention copy creation procedures or as a requirement of certain laws or regulations to which Smartsheet is subject, maintain copies or backups of Customer Content (including as part of records, documents, or broader data sets) beyond the period described in Section 5.1. In such cases, notwithstanding the requirements of Section 5.1, Smartsheet may continue to retain such Customer Content in copies or backups beyond the period prescribed in Section 5.1 provided that: (a) Smartsheet notifies Customer on termination of its need to retain such copies and/or backups; and (b) Smartsheet will continue to comply with all the requirements of the Agreement in relation to any such retained Customer Content.

6.            Service Providers.

Smartsheet will use diligent efforts to evaluate and select suppliers and subcontractors that provide (at a minimum) substantially similar levels of security as required by these Security Practices in connection with the Subscription Service. 

7.             Definitions.

Capitalized terms used but not defined in this Schedule have the meanings ascribed to them in the Agreement.