Trust Center


At Smartsheet, we take a global approach to privacy that aligns with international standards and practices for data processing and recognized privacy principles. The information below explains how we collect, use, and share personal data, as well as your related rights or choices regarding how we manage that data. 

Read the Privacy FAQ

Privacy Notice

At Smartsheet, we value your privacy and respect your right to know how information about you is collected and used. Our privacy notice describes how Smartsheet collects, uses, and discloses personal and other information we gather through our websites, our mobile applications, and the Smartsheet work execution platform including Brandfolder, Resource Management and Bridge.

Privacy Notice ›

Privacy Practices

Smartsheet is committed to respecting privacy rights and treating personal data with the utmost care. Smartsheet takes a global approach to privacy that adheres to standard international practices for data handling and recognized privacy principles.

Review our Privacy FAQs ›
Learn more about Smartsheet Privacy Practices ›

ISO/IEC 27701:2019

Smartsheet operates an ISO/IEC 27701:2019 compliant privacy program. The requirements of this standard can be mapped to and help comply with data privacy laws and regulations like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Learn more about Smartsheet Certifications ›

General Data Protection Regulation

The General Data Protection Regulation (GDPR) is a European regulation that took effect on May 25, 2018, and sets out standards for the protection and processing of personal data. Learn more about Smartsheet and the GDPR, including how to request a Data Processing Agreement (DPA) with Smartsheet as a data processor.

Learn more about Smartsheet and the GDPR ›

International Data Transfers

On June 7, 2021, the European Commission (EC) published the final version of new Standard Contractual Clauses (SCCs) for the transfer of EU personal data to third countries, such as the United States. The new SCCs went into effect on September 27, 2021, and provide much-needed clarity for personal data transfers outside of the European Union following last year’s Court of Justice of the European Union’s (CJEU) decision in the Schrems II case. 

Learn more about International Data Transfers ›

Data Access and Transfers

Smartsheet is committed to transparency, especially as it relates to where data is hosted, where it may be transferred for our internal business purposes, and where it may be accessed (e.g., for Technical Support).

Learn more about Regional Hosting, Data Access and Transfers ›

Exercise Privacy Rights

You may have certain rights relating to your personal data under local data protection laws (e.g., the General Data Protection Regulation, the California Consumer Privacy Act, etc.) or based on your use of our Offerings. Our privacy notice includes more information about these rights. To exercise these rights please complete the form below.

Privacy Request Form ›

Smartsheet Subprocessors

Smartsheet engages third-party service providers that process the content customers choose to upload or submit to an online subscription service on our behalf in connection with the provision of our services to customers ("Subprocessors").

Learn more about Smartsheet Subprocessors ›

Privacy is fundamentally about ensuring our customers trust Smartsheet to process their data appropriately. Providing transparency in our privacy and data practices is key to building and maintaining that customer trust.

Holly Gion

Director, Legal Privacy, Smartsheet