Last Updated: August 15, 2016
Your trust is our most important asset. All customer data stored by Smartsheet.com, Inc. (“Smartsheet,” “we,” or “us”) is protected by rigorous infrastructure and administrative procedures. To achieve the high levels of physical and data protection that today’s businesses require, Smartsheet maintains a robust and comprehensive multi-level security environment as described herein. PLEASE NOTE THAT THIS SECURITY STATEMENT APPLIES TO THE SMARTSHEET INTERNET-DELIVERED WORK COLLABORATION SERVICE (“SUBSCRIPTION SERVICE”) AND IT DOES NOT APPLY TO ANY SUBSCRIPTION SERVICE ADD-ONS SUCH AS SMARTSHEET PREMIUM APPS, LABS APPS, OR THIRD PARTY APPLICATIONS. Capitalized terms not defined in this Security Statement shall have the meanings given to them in the agreement that governs your use of the Subscription Service.
The Subscription Service is hosted on dedicated servers in accordance with industry best practices in secure data centers in Ashburn, Virginia and Chicago, Illinois. The data centers provide 24-hour physical security which includes keycard and biometric access controls and continuous surveillance.
Smartsheet uses proven transport layer security (TLS) technology from the most trusted providers to encrypt all data transmissions between your device and our servers, commonly referred to as on-the-wire encryption. TLS technology is designed to protect your information by establishing trust of our servers through a trusted third party, and then creating a secure channel through which your data can pass to our servers protected from malicious actors. We also use AES 256 encryption before data is durably stored, commonly referred to as at-rest-encryption. A dedicated firewall provides a strong barrier of network security from the internet and we utilize Amazon’s S3 service to store and serve uploaded files.
We have implemented policies and procedures designed to ensure that your data is secure and backed up to multiple physical locations. Our team is continually evaluating new security threats and implementing updated countermeasures designed to prevent unauthorized access to or unplanned downtime of the Subscription Service. Access to all Smartsheet production systems and data is limited to authorized members of the Smartsheet Technical Operations team.
Audit and Assurance
Smartsheet maintains a policy of full event disclosure for security incidents that affect customer data. In the event of any security incident affecting your data, a notification will be sent to your account administrator (e.g., the primary account owner or your SysAdmin). Smartsheet additionally publishes information about the health of our service at http://status.smartsheet.com.
If you find a security issue with our products or if you are concerned or suspect that your Smartsheet account has been compromised, please contact us at firstname.lastname@example.org or call us directly at 425-283-1870.
We may update this Security Statement as we add new security capabilities and make security improvements to our services. If we make any material changes we will notify you by means of a notice on our Web Properties prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our security practices.