Data residency
You have control over where certain content is hosted with Smartsheet through Smartsheet Regions, which offers data residency options to enable compliance with privacy and governance requirements. Such requirements are prevalent for customers operating in regulated industries like finance, government, or healthcare; you are empowered with Smartsheet Regions to meet these obligations.
A data region is the geographic location where the service is operating and customer content is physically hosted and resident. Specifically, you can choose data residency in either the United States or the European Union data regions with backup regions as follows:
| Data region | Data region backup |
|---|---|
|
United States |
United States |
|
European Union (Germany) |
European Union (Ireland) |
The United States data region is the default location for all customers of the Smartsheet commercial and Smartsheet Gov platforms; the European Union data region is the default location for all customers of the Smartsheet EU platform. Regardless of which data region you select, Smartsheet will process your content according to industry-leading security measures described in detail in the Smartsheet Trust Center.
Learn more about Smartsheet Regions.
Data hosted in the data region
Data, images, files, or other content uploaded or submitted by you (via your users) to the Smartsheet service is processed by Smartsheet on your behalf. This content is referred to as “Customer Content” in Smartsheet’s User Agreement and is the content that is physically hosted in your selected data region. The data residency of customer content is therefore your selected data region.
Access to customer content from outside a data region
Smartsheet engages personnel and systems located throughout the world, but primarily based in the United States, to provision your Smartsheet services. By extension, Smartsheet may need to access your customer content from a location outside your selected data region to provide, secure, support, or optimize your services. Smartsheet performs these activities only to the extent allowed under your agreement with Smartsheet governing your services.
For example, Smartsheet may perform ancillary and limited processing activities on customer content hosted in the European Union from the United States in response to your request for support or to prevent or address technical problems with your service.
Smartsheet uses valid data transfer mechanisms to safeguard any personal data accessed from or transferred to a data region different from the host region. For more information, please see Smartsheet’s International Data Transfers data sheet.
To further assist you with your data privacy and governance obligations, Smartsheet also offers a Data Processing Addendum to customers requiring specific terms for the processing of personal data included in customer content.
Usage data and account information
Smartsheet collects technical, statistical, learned, or other usage data that does not reveal the actual contents of customer content (referred to as “usage data”) along with payment, billing, profile, or other account information (referred to as “account information”) in relation to your purchase and use of the services. Whereas Smartsheet acts as the data processor of customer content on your behalf, it acts as data controller of usage data and account information to carry out its own business purposes.
In its role as a data controller, Smartsheet transfers usage data and account information to its primary business functions in the United States from other data regions. These functions include the majority of our finance, marketing, sales, and support, all of which rely on usage data and account information to provide, secure, support, and optimize Smartsheet’s service for our customers. By consolidating such data and information, Smartsheet creates efficient and high performing functions and limits the data footprint and threat vectors. Accordingly, Smartsheet does not offer data residency options regarding usage data and account information.
For more information on Smartsheet’s data collection practices related to personal data included in usage data and account information, and the purposes for which such data is used, please see Smartsheet’s Privacy Notice.