If Smartsheet is sold, merged, or undergoes a major business transaction, your personal data may be transferred to the acquiring company as part of that deal.
This analysis describes what Smartsheet's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
In the event of a corporate transaction, your personal data could be transferred to a new company with different privacy practices, and you may have limited ability to prevent that transfer.
The updated privacy policy states that only Smartsheet's U.S.-based affiliates participate in the EU-U.S., UK Extension, and Swiss-U.S. Data Privacy Framework. Previously, the policy referenced participation by Smartsheet and its affiliates without geographic qualification. This narrowed scope may affect the data transfer mechanisms available for processing personal data from EU, UK, and Swiss users if non-U.S. affiliates are involved in data handling. The policy does not explicitly describe alternative transfer mechanisms for non-U.S. affiliates.
View change record →Removal of explicit business transfer notice eliminates disclosure about circumstances under which personal data may be transferred to new entities, which affects user rights in M&A scenarios.
View full change record →Your personal data including contact details, usage history, and account information could be transferred to a new corporate owner if Smartsheet is acquired or merged, potentially subjecting your data to a different company's privacy practices.
How other platforms handle this
We may share your personal information with our affiliates, meaning entities that control, are controlled by, or are under common control with Consensys. We also share information with service providers who assist in operating our services, subject to confidentiality obligations.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Loyalty and partner program companies. We share information with our loyalty and partner program companies, like Ulta Beauty and Marriott.
Monitoring
Smartsheet has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may disclose or transfer your personal data in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.— Excerpt from Smartsheet's Smartsheet Privacy Policy
(1) REGULATORY LANDSCAPE: Business transfer data disclosures are standard in US privacy policies and are generally permitted under CCPA as part of an asset sale, subject to requirements that the recipient honor the original privacy commitments. GDPR requires that data transfers in M&A contexts are conducted with appropriate legal basis and that data subjects are notified of material changes in controller identity. The FTC has taken action in cases where acquirers materially changed privacy practices without adequate notice. (2) GOVERNANCE EXPOSURE: Low to Medium. The provision is standard industry language, but enterprise customers should be aware that a Smartsheet acquisition could result in their service data being accessible to a new corporate entity, which may affect their own vendor risk posture and data processing agreement validity. (3) JURISDICTION FLAGS: EU and UK organizations should note that a transfer of controller identity in an M&A context may require GDPR notification obligations. California residents retain CCPA rights against the acquiring entity if it receives their data. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should review whether their DPA with Smartsheet survives a corporate transaction and whether it requires Smartsheet to notify them of ownership changes that affect data processing. Standard enterprise agreements may or may not include such protections. (5) COMPLIANCE CONSIDERATIONS: Legal teams should include change-of-control notification requirements in their Smartsheet service agreements and monitor Smartsheet's corporate status as part of ongoing vendor management.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
In the event of a corporate transaction, your personal data could be transferred to a new company with different privacy practices, and you may have limited ability to prevent that transfer.
Your personal data including contact details, usage history, and account information could be transferred to a new corporate owner if Smartsheet is acquired or merged, potentially subjecting your data to a different company's privacy practices.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Smartsheet.