This analysis describes what Smartsheet's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
EU and UK users' data being transferred to the US means it falls under US surveillance laws (e.g., FISA Section 702), and while SCCs provide a legal transfer mechanism, they do not eliminate the underlying risk of US government access.
Smartsheet collects a broad range of personal data including contact details, usage behavior, device identifiers, and location data, and shares it with advertising and analytics partners, which may affect users who prefer limited third-party data exposure. For business users, data submitted into the Smartsheet platform is treated as processor data governed by a separate customer agreement, meaning individual employees may not be able to exercise privacy rights directly with Smartsheet and must go through their employer. You can submit a privacy rights request, including deletion and access requests, through Smartsheet's online privacy request portal at https://www.smartsheet.com/legal/privacy-request.
How other platforms handle this
You will provide personal information directly to our website in the United States. We may also transfer personal information to our partners and service providers in the United States and other jurisdictions. Please note that such jurisdictions may not provide the same protections as the data prote...
Notion is based in the United States and the information we collect is governed by U.S. law. If you are accessing our Services from outside of the United States, please be aware that information collected through the Services may be transferred to, processed, stored, and used in the United States an...
Your personal information may be transferred to and processed in countries other than your country of residence, including Canada and the United States, where our servers are located and our central database is operated. These countries may have data protection laws that are different from those in ...
Monitoring
Smartsheet has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Smartsheet is based in the United States and the personal data we collect is governed by U.S. law. If you are accessing our Site or services from outside of the United States, please be aware that your personal data may be transferred to, stored, and processed in the United States or other countries where our servers are located and our central database is operated. We rely on appropriate safeguards for cross-border transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission, and other transfer mechanisms as permitted by applicable law.— Excerpt from Smartsheet's Smartsheet Privacy Policy
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
EU and UK users' data being transferred to the US means it falls under US surveillance laws (e.g., FISA Section 702), and while SCCs provide a legal transfer mechanism, they do not eliminate the underlying risk of US government access.
ConductAtlas has identified this type of provision across 79 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Smartsheet.