When you use Smartsheet, you own and control your data
General Data Protection Regulation
The European Union will start to enforce the General Data Protection Regulation (GDPR) on May 25, 2018. Smartsheet is currently updating its policies and practices to ensure compliance with the GDPR standards on the enforcement date. Learn more about our GDPR compliance, including how to request a Data Processing Agreement (DPA) with Smartsheet as a data processor.
Privacy Shield Framework
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. Smartsheet self-certifies to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.
When governments or law enforcement entities make lawful requests for customer data from Smartsheet, we are committed to complying while carefully limiting what we disclose. Because we believe that customers should have control over their own data, we will release only the information that we must to comply with the lawful request.
Smartsheet will use your data only for the purposes stated. We will retain your information and content while your account is active, and after as otherwise necessary for our legitimate business purposes such as record keeping, accounting, fraud prevention, and other business administrative purposes, or where required by law.