If Smartsheet is sold, merged, or undergoes a major business transaction, your personal data may be transferred to the acquiring company as part of that deal.
This analysis describes what Smartsheet's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
In the event of a corporate transaction, your personal data could be transferred to a new company with different privacy practices, and you may have limited ability to prevent that transfer.
Your personal data including contact details, usage history, and account information could be transferred to a new corporate owner if Smartsheet is acquired or merged, potentially subjecting your data to a different company's privacy practices.
How other platforms handle this
In connection with any reorganization, restructuring, merger or sale, or other transfer of assets, we will transfer information, including personal information, provided that the receiving party agrees to respect your personal information in a manner that is consistent with our Privacy Policy.
We may share your information with third-party advertising partners to provide you with targeted advertising. We also work with third-party analytics providers who help us understand how users interact with our Services. These third parties may use cookies, web beacons, and similar tracking technolo...
We process personal data you provide to Oura to enable third party integrations, services, features, and offerings. For example, with your permission, our Services may integrate with third-party services like Google Health Connect and Apple HealthKit, or those of our partners. Oura takes measures to...
Monitoring
Smartsheet has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may disclose or transfer your personal data in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.— Excerpt from Smartsheet's Smartsheet Privacy Policy
(1) REGULATORY LANDSCAPE: Business transfer data disclosures are standard in US privacy policies and are generally permitted under CCPA as part of an asset sale, subject to requirements that the recipient honor the original privacy commitments. GDPR requires that data transfers in M&A contexts are conducted with appropriate legal basis and that data subjects are notified of material changes in controller identity. The FTC has taken action in cases where acquirers materially changed privacy practices without adequate notice. (2) GOVERNANCE EXPOSURE: Low to Medium. The provision is standard industry language, but enterprise customers should be aware that a Smartsheet acquisition could result in their service data being accessible to a new corporate entity, which may affect their own vendor risk posture and data processing agreement validity. (3) JURISDICTION FLAGS: EU and UK organizations should note that a transfer of controller identity in an M&A context may require GDPR notification obligations. California residents retain CCPA rights against the acquiring entity if it receives their data. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should review whether their DPA with Smartsheet survives a corporate transaction and whether it requires Smartsheet to notify them of ownership changes that affect data processing. Standard enterprise agreements may or may not include such protections. (5) COMPLIANCE CONSIDERATIONS: Legal teams should include change-of-control notification requirements in their Smartsheet service agreements and monitor Smartsheet's corporate status as part of ongoing vendor management.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
In the event of a corporate transaction, your personal data could be transferred to a new company with different privacy practices, and you may have limited ability to prevent that transfer.
Your personal data including contact details, usage history, and account information could be transferred to a new corporate owner if Smartsheet is acquired or merged, potentially subjecting your data to a different company's privacy practices.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Smartsheet.