Smartsheet Regions gives you control over where your content is hosted, enabling you to meet regional privacy and governance requirements. If you operate in a regulated industry such as finance, government, or healthcare, data residency options help you remain compliant.
USM Content
A data region is the geographic location where the Smartsheet service operates and customer content is physically hosted. You can choose data residency in the United States, the European Union, or Australia, as follows:
Data region | Data region backup |
|---|---|
United States | United States |
European Union (Germany) | European Union (Ireland) |
Australia | Australia |
The United States data region is the default hosting location for customers of the Smartsheet and Smartsheet Gov instances. The European Union data region is the default hosting location for customers of the Smartsheet Regions EU instance, and the Australia data region is the default hosting location for all customers of the Smartsheet Regions AU instance.
Learn more about Smartsheet Regions.
Determine your data region
Your region is determined at account creation. You can now your region by looking at the address you use to log in to Smartsheet:
- smartsheet.com for US
- smartsheet.eu for the European Union
- smartsheet.au for Australia
What's hosted in your data region
Data, images, files, and other content that you (through your users) upload or submit to the Smartsheet service is processed by Smartsheet on your behalf.
This content—referred to as Customer Content in the Smartsheet User Agreement—is physically hosted in your selected data region.
Access to customer content from outside a data region
Smartsheet engages personnel and systems located worldwide, but primarily in the United States, to provision your Smartsheet services. Smartsheet may need to access your customer content from a location outside your selected data region to provide, secure, support, or optimize your services. Smartsheet performs these activities only to the extent allowed under your agreement with Smartsheet allows.
For example, Smartsheet may perform ancillary and limited processing activities on customer content hosted in Australia or the European Union from the United States, or other Smartsheet locations as disclosed on the Subprocessor Webpage, in response to your request for support or to prevent or address technical problems with your service.
Smartsheet Gov. For government plans, all administrative data access is performed by US persons in accordance with Department of Defense (DoD) requirements.
Smartsheet uses valid data transfer mechanisms to safeguard any personal data accessed from or transferred to a data region different from the host region. For more information, please see Smartsheet’s International Data Transfers data sheet.
To further assist you with your data privacy and governance obligations, Smartsheet also offers a Data Processing Addendum to customers requiring specific terms for the processing of personal data included in customer content.
Usage data and account information
Smartsheet collects technical, statistical, learned, or other usage data that doesn’t reveal the actual contents of customer content (referred to as usage data) along with payment, billing, profile, or other account information (referred to as account information) about your purchase and use of the services.
Smartsheet acts as the data processor of customer content on your behalf(meaning Smartsheet handles your content only per your instructions). For usage data and account information, Smartsheet acts as the data controller (meaning Smartsheet manages this data for its own operational purposes).
As a data controller, Smartsheet transfers usage data and account information to its primary business functions in the United States from other data regions. These functions include the majority of finance, marketing, sales, and support operations, all of which rely on usage data and account information to provide, secure, support, and optimize the Smartsheet service. Consolidating this data enables efficient, high-performing functions and reduces the data footprint and threat vectors. Accordingly, Smartsheet doesn't offer data residency options regarding usage data and account information.
Smartsheet Gov. Metadata is processed in accordance with the Smartsheet FedRAMP Authorization to Operate (ATO) and the Defense Information Systems Agency (DISA) provisional authorization.
For more information on Smartsheet’s data collection practices related to personal data included in usage data and account information, and the purposes for which such data is used, see Smartsheet’s Privacy Notice.