Smartsheet updated its privacy policy to replace the term 'Offerings' with 'Services' throughout the document, and added a single sentence directing readers to a Glossary for definitions of capitalized terms. The term 'Online Services' was also capitalized in one instance. These changes are primarily terminological and organizational, with no material shifts in the substantive privacy practices, data collection authority, or user rights described in the policy.
The updated privacy policy replaces the term 'Offerings' with 'Services' throughout and adds a reference to a Glossary for capitalized term definitions. These are terminological and organizational changes that do not alter the substantive privacy practices, data collection methods, or user rights previously described in the policy. No new obligations or restrictions are introduced by this change.
The updated policy clarifies terminology by consistently using 'Services' instead of 'Offerings' and directs users to a Glossary for term definitions. These organizational improvements support reading comprehension but do not alter the substantive privacy commitments or data practices previously stated.
Added explicit direction to review Glossary for definitions of capitalized terms used throughout the privacy notice.
Replaced 'Offerings' with 'Services' in multiple locations for consistency, with no change to what products or services are covered.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
This change is a terminology and organizational update with no substantive impact on privacy governance, regulatory obligations, or data processing practices. The replacement of 'Offerings' with 'Services' is a stylistic choice that does not affect the scope of what data is collected, how it is processed, or what rights users retain. The addition of a Glossary reference is a standard transparency practice. No compliance action is required.
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002246.
This addition introduces a new provision focused on categorizing personal data collection, though the excerpt provided is generic and lacks specific category details.
This new provision explicitly acknowledges a layered privacy notice structure with product-specific sub-notices, potentially deferring detailed privacy disclosures to separate documents rather than consolidating them in the main policy.
Removal of explicit AI training disclosure eliminates transparent notice about a significant data use practice, potentially leaving users unaware that their data may be used for AI model development.
Removal of explicit international data transfer disclosure eliminates important notice about cross-border data flows and differences in data protection standards, which is particularly significant for non-U.S. users.
Removal of detailed data retention explanation eliminates transparency about how long personal data is kept and the specific criteria used for retention decisions, reducing user understanding of data lifecycle management.
Removal of explicit business transfer notice eliminates disclosure about circumstances under which personal data may be transferred to new entities, which affects user rights in M&A scenarios.
Removal of children's data protection provision eliminates explicit commitment to comply with child data protection requirements under GDPR and COPPA, potentially creating legal and ethical concerns.
The provision was substantially rewritten from a specific explanation of processor/controller roles to a general introductory statement defining Smartsheet's identity and the layered structure of the privacy notice, and severity increased from medium to high.
The specific details about sharing with advertising partners and the mechanisms (cookies, pixel tags) were removed and replaced with a generic reference to the layered privacy notice structure.
Detailed CCPA/CPRA and GDPR rights provisions were consolidated and replaced with a generic reference to the layered privacy notice structure that purportedly describes these rights separately.
Specific cookie management instructions and functionality implications were removed and replaced with a generic reference to layered notices.
Cross-platform context
See how other platforms handle similar provisions across the ConductAtlas archive.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorSmartsheet updated its privacy policy on June 9, 2026 to clarify corporate structure and Data Privacy Framework participation. The policy …
Smartsheet modified a single sentence in its Privacy Policy on June 5, 2026 describing which entities participate in the EU-U.S. …
We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and lia…
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 352+ platforms every Sunday.