• Information and Communications Technology
  • Software


EU-U.S. Privacy Shield Framework: Active

Original Certification Date: 5/26/2018
Next Certification Due Date: 6/2/2020
Data Collected: NON-HR

Swiss-U.S. Privacy Shield Framework: Active

Original Certification Date: 5/26/2018
Next Certification Due Date: 6/2/2020
Data Collected: NON-HR

Purpose of Data Collection

Generally, we collect two kinds of data from clients and other individuals that may include personal data that has originated in the EU or Switzerland: Content (Smartsheet acts as a data processor) and other personal data (Smartsheet acts as a data controller). Personal data for which we act as a data controller includes login credentials, contact information, user’s name, company name, permissions, usage data, and similar user data or data gathered directly or automatically from website visitors, event attendees, and other non-users; this data is used to facilitate access to Content, for related customer service purposes, and for Smartsheet's legitimate business purposes including analytics and improvement and marketing. With respect to Content, the categories of personal data that may be processed within the Smartsheet services are determined and controlled by our customers (the data controllers) in their sole discretion. Smartsheet does not review, audit, block or otherwise control the Content that its customers upload, share, access, or otherwise process within Smartsheet’s services. Smartsheet does not access Content except to provide the services, to respond to customer support requests, to prevent fraud, abuse, and violations of our policies and agreements, or as otherwise required by law.

Privacy Policy

Non-HR Data


Smartsheet will have in place (i) an internal privacy policy applicable to all employees with access to personal data covered by this self-certification; and (ii) a public-facing privacy policy accessible via Smartsheet’s website that specifically addresses such data. Both policies have been created in accordance with the Privacy Shield Principles and relevant guidelines and include the applicable, required content. Our public facing privacy notice is comprised of the policy at the URL provided below and noticed linked from there. We have created a tiered notice to promote readability.

Effective Date: 5/17/2019

Verification Method


Dispute Resolution

Questions or Complaints?

If you have a question or complaint regarding the covered data, please contact Smartsheet Inc. at:

Amanda Mobrand
Corporate Counsel
Smartsheet Inc.
10500 NE 8th St #1300
Bellevue, Washington 98004

Privacy Shield organizations must respond within 45 days of receiving a complaint.

If you have not received a timely or satisfactory response from Smartsheet Inc. to your question or complaint, please contact the independent recourse mechanism listed below


Appropriate statutory body with jurisdiction to investigate any claims against Smartsheet Inc. regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy Federal Trade Commission