The notice states that Smartsheet collects identifiers, contact details, account credentials, device and usage data, location-inferred data, payment information, and content data submitted through the platform from website visitors and registered users.
This analysis describes what Smartsheet's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the categories of personal data Smartsheet collects, which determines the scope of applicable data subject rights, retention obligations, and third-party sharing disclosures required under GDPR, CCPA, and other frameworks.
Interpretive note: The full list of collection categories is distributed across the main notice and multiple linked sub-notices; the complete scope cannot be assessed from the main notice text alone.
The updated privacy policy states that only Smartsheet's U.S.-based affiliates participate in the EU-U.S., UK Extension, and Swiss-U.S. Data Privacy Framework. Previously, the policy referenced participation by Smartsheet and its affiliates without geographic qualification. This narrowed scope may affect the data transfer mechanisms available for processing personal data from EU, UK, and Swiss users if non-U.S. affiliates are involved in data handling. The policy does not explicitly describe alternative transfer mechanisms for non-U.S. affiliates.
View change record →This addition introduces a new provision focused on categorizing personal data collection, though the excerpt provided is generic and lacks specific category details.
View full change record →The agreement establishes that Smartsheet collects a range of data categories including identifiers, device information, usage activity, inferred location, and payment information, which are subject to the data subject rights and sharing practices described in the notice and its linked sub-notices.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Smartsheet has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"The Smartsheet Privacy Notice ("Privacy Notice") consists of this page and the specific notices which describe how we collect, use, and share personal data and explain your related rights and choices.— Excerpt from Smartsheet's Smartsheet Privacy Policy
1. REGULATORY LANDSCAPE: Collection of identifiers, device data, and inferred location implicates GDPR Article 13 and 14 transparency obligations, CCPA categories of personal information disclosure requirements, and ePrivacy Directive requirements for cookie and tracking-related collection. The FTC and state attorneys general are relevant enforcement authorities for US-based collection practices. 2. GOVERNANCE EXPOSURE: Medium. The layered notice structure means the full scope of data collection categories may require review across multiple linked sub-notices. Teams should confirm that all collection categories disclosed in sub-notices are consistent with the main notice and with internal data inventories. 3. JURISDICTION FLAGS: California residents are entitled to disclosure of specific CCPA categories of personal information collected. EU and UK users are entitled to GDPR-compliant privacy information at point of collection. Payment information collection may engage additional obligations under PCI-DSS and applicable financial privacy regulations depending on how payment data is handled. 4. CONTRACT AND VENDOR IMPLICATIONS: Data maps and vendor assessments should reflect all collection categories disclosed in the notice and sub-notices. Third-party service provider agreements should restrict use of shared data to purposes disclosed in the notice. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should maintain a data inventory aligned with the categories disclosed in this notice and all linked sub-notices, conduct periodic reviews to ensure disclosed categories remain current, and verify that consent mechanisms are calibrated to the collection categories requiring consent under applicable law.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the categories of personal data Smartsheet collects, which determines the scope of applicable data subject rights, retention obligations, and third-party sharing disclosures required under GDPR, CCPA, and other frameworks.
The agreement establishes that Smartsheet collects a range of data categories including identifiers, device information, usage activity, inferred location, and payment information, which are subject to the data subject rights and sharing practices described in the notice and its linked sub-notices.
ConductAtlas has identified this type of provision across 3 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Smartsheet.