SMART Control - Privacy policy

Thank you for choosing SMART Control by SMART Technologies ULC.

ABOUT SMART CONTROL

SMART Control is a cloud-based software platform developed by SMART Technologies ULC ("SMART", "us," or "we") to support enhanced management and communication functionality across SMART interactive displays and appliances. It serves as an umbrella product encompassing multiple modules that support various use cases within education and business environments.

INTRODUCTION

The following information explains our privacy policy ("Policy") and practices of SMART regarding the collection, retention, use and disclosure of your personal information. This Policy makes clear what information we collect from you, how we use and disclose it, and how you can help manage it. SMART is devoted to making sure your privacy rights are respected, and personal data is collected and used in accordance with the current and applicable privacy and data protection laws.

SMART supports numerous privacy laws including the European Union's General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). SMART is committed to helping our customers work under these and other stringent regulations and we continue to add in-region solutions. We currently offer American and European data storage for user created Content and we are satisfied our out-of-region user data processors provide appropriate safeguards for the data they handle.

By using SMART Control, you agree to this Policy and consent to SMART's collection, retention, use, and disclosure of certain information as necessary to provide SMART Control to you. If you do not agree, you must not use SMART Control.

Data Types

We collect two types of data, depending on your interaction with us:

"Non-Personal Data" means aggregated non-identifiable information, which may be made available or gathered via your access to and interactions with our services. We are not aware of the identity or other identifiers of the individual from which the Non-Personal Data is collected. The Non-Personal Data collected may include aggregated usage information (meta-data), as well as technical information transmitted by your device, such as the type of browser or device, type of operation system, device settings and technical software data, etc.

"Personal Data" or "personal information" means individually identifiable information, namely information that identifies a natural person (not a corporation) or may, with reasonable effort, be used to identify a natural person. We do not knowingly collect or process any Personal Data constituting or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, or data concerning a person's health ("Special Categories of Personal Data").

It is important to remember that customers and users are two distinct groups:

Customers are typically an organization (e.g., district, school, company) and not a personally identifiable individual. The identifiable information we require is from the organizational purchaser for transactional purposes. The customer should not be providing SMART with personally identifiable information unless permissible by law and the customer's policies.

Users are generally not the ones who purchased or setup the account (i.e., IT administrators) and are only accessing SMART Control because the customer's administrator has granted them access. As such, SMART's exposure to personally identifiable information only comes from how the customer operates when providing e-mail addresses and names of users to SMART and from user-created Content. If you have a concern as a user about your PII you must demand the customer provide only non-identifiable information to SMART and you as a user must only create Content with no PII in it.

SMART Control Alerts

SMART Control Alerts is a feature of SMART Control that enables compatible SMART products to act as endpoints for receiving and displaying visual emergency alerts. The system integrates with third-party security software via the Common Alerting Protocol (CAP) to deliver emergency messages such as warnings, cautions, and emergency notifications directly to the display screens.

SMART is not affiliated with any third-party security or CAP alert provider. The customer is solely responsible for configuring and maintaining the third-party integration and for selecting a reliable provider. SMART does not guarantee the receipt or display of emergency alerts. Display failures may occur due to factors outside of SMART's control.

INFORMATION WE COLLECT

We collect information to support the operation, functionality, and improvement of SMART Control. This includes both information you provide directly, and data collected during your use of the product.

Information You Provide

We collect information when you:

  • Create or register a SMART Control account;
  • Configure product settings;
  • Submit data or feedback through the product; and
  • Voluntarily provide additional information while using SMART Control.

Log and Usage Data

Our servers collect log and usage data when you access or interact with SMART Control. This may include:

  • IP address;
  • Device type and operating system;
  • Browser type and settings (if applicable);
  • Activity within the product (e.g., features used, time and date stamps, pages or screens viewed, searches performed, and system interactions); and
  • Device event information (e.g., system errors, crash reports, hardware and software configurations).

Device Data

We collect information about the device(s) you use to access SMART Control. This may include:

  • Device identifiers;
  • IP address;
  • Operating system and version;
  • Device hardware model;
  • Application version.

Personal Information of Children Under the Age of 13

SMART Control is not designed for or targeted at children, and SMART does not knowingly collect, use or maintain information from children under the age of 13. If you are an administrator using SMART Control and become aware that a child has provided us with Personal Information, please contact us at privacy@smarttech.com so that we can delete it.

HOW WE USE YOUR INFORMATION

We use the personally identifiable data we collect solely for the purpose of providing SMART Control to you. We may share this data with the third-party service providers described in this Policy to provide our services to you. All processors contracted by SMART are contractually bound to keep your personal data secure and use it only for necessary service delivery.

In addition to processing your personal data for the purposes of providing our services and facilitating correspondence, we may also process your data based on legitimate interests/lawful basis. These interests or basis include but are not limited to improving our services, managing our business operations and sending you information about our products, services, and offers that may be of interest to you, provided you have opted in or not opted out of receiving such communications.

We do not sell your data, and we do not share personal data with third parties without your informed consent, which is the purpose of this document. We share your information in accordance with this agreement and a list of the third parties we share data with to provide our services are detailed below. Data is not shared between sub-processors unless explicitly stated.

YOUR RIGHTS

Subject to applicable law, including exceptions, you have the following rights with regard to the personal data that we collect about you:

  1. right to ask what personal data we have about you and how we use;
  2. right to request a copy of the personal data that we hold about you;
  3. right to request that we correct or amend your personal data;
  4. right to request deletion of your personal data; and
  5. right to ask us to stop or limit how we process your personal data.

If you would like to exercise your rights regarding your personal data, you can do so by:

emailing your request to us at: privacy@smarttech.com
contacting us by postal mail at:
SMART Technologies ULC
Attention: Legal Department
Suite 600, 214-11 Ave SW
Calgary, AB T2R 0K1
CANADA
+1.403.245.0333

DATA RETENTION AND DELETION

SMART will only keep personal data for as long as required to provide the service or as required for tax and legal reasons. SMART adheres to an internal document retention policy to ensure this. SMART will respond to customer requests to delete personal data within 30 days. Users must contact their school (i.e., our customer) to make this request to SMART on their behalf.

All user created content stored can be deleted by the user without contacting SMART. Customers (not users) may request deletion of their SMART account at any time by contacting our support department. Non-paying SMART accounts are deleted after two (2) years of inactivity.

In some cases, we may not be able to remove the information or continue to provide services following removal of such information, in which case we will let you know why.

RIGHT OF NOTIFICATION

If SMART becomes aware of a personal data breach, it shall without undue delay, and where feasible, no later than 72 hours after having become aware of it, notify the affected customer and the supervisory authority (if it was for data where SMART was the Data Controller) in accordance with Article 33 of the GDPR, unless the data breach is unlikely to result in a risk to the rights and freedoms of natural persons. SMART' communication of a breach shall be in clear and plain language and contain a minimum of:

  1. Contact details of the Data Protection Officer or other contact person,
  2. A description of the nature of the breach,
  3. Likely consequences of the breach,
  4. Advice on steps data subjects can take to protect themselves, and
  5. The measures SMART has taken or proposes to take to address the breach.

SECURITY

We use widely accepted technical and operational security measures to protect your personal data. Only authorized SMART personnel and third-party service providers listed below are allowed to access this data, and they are required to treat it as confidential.

However, no security measures can guarantee complete protection against loss, misuse, or alteration of personal information. SMART is not responsible for any damages or liabilities resulting from such security failures. By using our services, you acknowledge that data and communications, including emails and other electronic communications, may be accessed by unauthorized third parties when transmitted over the Internet. This disclaimer does not affect any liabilities that cannot be excluded or limited under law.

UPDATES

Our ability to make timely changes is fundamental to delivering superior software to you. Sometimes, material updates will require us to change our Terms, and we will notify you at least thirty (30) days in advance. For minor changes, we may proceed without prior notice and by continuing to use our software, you agree to these changes.

CHANGES TO THIS POLICY

We may update this Policy from time to time to reflect changes to our products and services, our operations, or to meet new legal and regulatory requirements. Any material amendments will be communicated to customers 30 days in advance and become binding once posted online.

PRODUCT USER DATA COLLECTED AND PROCESSED

This section outlines what data is collected and processed from our customers and users (account administrator signed-in via the SMART admin portal)

Remember, SMART only receives information because you provide it; you are the data controller. In this way, customers and users are obligated to comply with their local laws and customers are responsible for any obligations they owe to their users with respect to their personally identifiable information.

Sub-processor Country Data is Processed/Stored Purpose Data
Amazon Web Services, Inc., Amazon Web Services EMEA SARL USA or Germany Required for content storage. We offer both an American and European data storage option.

AWS Privacy
AWS GDPR		 User (identifiable)
  • account information
    • display name
    • user type/role
    • school name
    • country or region
    • marketing opt-in/out
  • first and last name
  • e-mail
  • created content
  • SMART user ID
  • organization ID
  • aggregate activity of Users
Crashlytics (Google LLC) USA Optional Crash data.

Reports can be turned off within product.		 All Users (possibly identifiable if user agrees to be contacted and enters e-mail address. Can be turned off):
  • Operating system
  • System platform
  • Browser
  • Browser language
  • Referrer (if from a search engine or another site)
  • Screen resolution
  • Whether cookies are enabled
  • Whether java is enabled
  • Last page on SMART site seen (handles navigation)
  • E-mail address (optional)
Google LLC, Google Germany GmbH USA or Germany Google Cloud Datastore: Required for login and account administration for SSO login with Google, Microsoft, and Salesforce.

Google Privacy		 Users (identifiable)
  • account information
    • display name
    • user type/role
    • school name
    • country or region
    • marketing opt-in/out
  • first and last name
  • e-mail
  • profile picture (if set)
  • SMART user ID
  • external user ID
Administrator (identifiable)
  • Admin e-mail
  • SMART User ID
MongoDB, Inc., MongoDB Deutsche GmbH USA or Germany Required. We use MongoDB Atlas for SMART ID mappings

MongoDB Privacy
MongoDB GDPR 		Administrator Account (identifiable)
  • Admin e-mail
  • User e-mail
  • SMART User ID
Redis Ltd., Redis EMEA Ltd. USA or Germany Required short term shared cache required for content management.

Redis Privacy
Redis GDPR		 Users (identifiable)
  • SMART user ID
  • content ID (unique ID of file)
Salesforce Inc. USA Required for the Account Administrator of the customer to access the SMART Admin Portal.

Salesforce Privacy
Salesforce GDPR		 Administrator Account (identifiable)
  • first and last name
  • e-mail
  • Salesforce user ID
  • account information
    • display name
    • user type/role
    • school name
    • country or region
    • marketing opt-in/out
  • first and last name
  • e-mail
  • created content
  • SMART user ID
  • organization ID
  • aggregate activity of Users
Sentry.io (Functional Software, Inc.) USA Required for automatic error reporting. If a SMART application encounters an issue, the application automatically sends anonymous information to Sentry.io and also Slack (see below).

Optional self-error reporting: after automatic error reporting is complete, users are given the option to provide their name, e-mail address, and additional information about the error. Users are also asked if they wish SMART to follow up with them. This optional personal information is stored in Salesforce (located in the United States) and shared with our customer support team.

Sentry Privacy
Sentry GDPR		 Users
Automatic Error Reporting (anonymous)
  • lesson ID (no PII)
  • user ID and Session IDs (hashed and salted to maintain anonymity)
  • request header (application and version, platform, operating system, browser, language, date and time)
  • bread crumbs (last pages visited and links clicked)
All Users
Optional User Error Reporting (identifiable):
  • name, e-mail address, and additional information about the error
Slack Technologies LLC USA Required for error reporting. If a SMART application encounters an issue, the application automatically sends anonymous information to Sentry.io (see above) and Slack.

Optional self-error reporting: after automatic error reporting is complete, users are given the option to provide their name, e-mail address, and additional information about the error. Users are also asked if they wish SMART to follow up with them. This optional personal information is stored in Salesforce (located in the United States) and shared with our customer support and development teams via Sentry and Slack.

Slack Privacy
Slack GDPR		 Users
Automatic Error Reporting (anonymous)
  • content ID (no PII)
  • user ID(hashed and salted to maintain anonymity)
  • request header (application and version, platform, operating system, browser, language, date and time)
  • bread crumbs (last pages visited and links clicked)
All Users
Optional User Error Reporting (identifiable):
  • name, e-mail address, and additional information about the error
Splunk Inc. USA Required metadata including system logs and performance.

Splunk Privacy
Splunk GDPR		 All Users (anonymous)
  • SMART user ID
  • mapping of IP address to city and country (full IP address not captured)

CUSTOMER DATA COLLECTED AND PROCESSED

This section outlines what data is collected, processed, and disclosed from customers (purchasers, prospects, and SMART's authorized channel partners). Customer data is almost always non-personally identifiable business contact information. You can request data and account deletion at any time through our Customer Support team. However, we retain all data relevant to purchases and financial transactions until it is no longer required by applicable law. The term "identifiable" used in the below chart does not necessarily mean personally identifiable information.

Sub-processor Country Data is Processed/Stored Role Purpose Customer Data
Amazon Web Services, Inc. USA Processing, Back-Office Required cloud hosting provider. Data contained in user account information.

AWS Privacy
AWS GDPR		 Identifiable account information
BigCommerce, Inc. USA Ordering Optional. Only used when a customer purchases through our e-commerce store:

BigCommerce Privacy
BigCommerce GDPR
Blue Ocean Contact Centers, Inc. Canada Support Optional. Blue Ocean is a subcontractor providing live (telephone, e-mail, and web) support. Information collected includes organization name, caller name (can use company title only if preferred for GDPR reasons), e-mail (can provide non-PII version to comply with GDPR), title, phone, address and a description of the issue and any shared details to help solve the problem. Calls are recorded.

Blue Ocean Privacy
GDPR - EC Adequacy Decision		 Identifiable
  • customer name (organization)
  • caller name (can use company title only if preferred for GDPR reasons)
  • e-mail (can provide non-PII version to comply with GDPR)
  • title
  • phone
  • address
  • description of the issue and any shared details to help solve the problem
Call Miner Canada Support Optional. Processing for telephone interactions (option to opt-out of call recordings), required for e-mail. Call Miner is a sub-processor providing omnichannel interaction analytics powered by AI and machine learning. Call Miner analyzes customer support interactions, including recorded calls and e-mails, which are temporarily stored in CallMiner. The metadata is retained in CallMiner for analysis of the customer experience and trending information regarding the interactions between agent and customer.

Call Miner Privacy and Security		 Identifiable
  • customer name
  • caller name (can use company title only if preferred for GDPR reasons)
  • e-mail (can provide non-PII version to comply with GDPR)
  • title
  • phone
  • address
  • description of the issue and any shared details to help solve the problem
Digital River USA or Europe Ordering Optional. Online (e-commerce) order taking. Only used when purchases are made through our e-commerce store. SMART does not have access to credit card information, only Digital River.

Digital River Privacy
Digital River GDPR		 Identifiable
  • customer name
  • title
  • e-mail address
  • phone
  • address
  • credit card details
  • purchase details
Fivetran Inc. Canada Processing, Back-Office Required data connector service. Moves data from system applications into Snowflake.

Fivetran Privacy
Fivetran Security		 Identifiable account and purchase information
Gainsight, Inc. USA Customer Communications Required if you opt-in to receive marketing communications. Applicable only to North American Customers. We use Gainsight, which is a customer relationship management (CRM) tool, for e-mail (name, e-mail address, company information) marketing to individuals and organizations.

Gainsight Privacy		 Identifiable account and purchase information
Google, LLC USA Marketing & Support Required if you opt-in to receive marketing communications. Used to create a lookalike audience who may be interested in SMART because they are similar to individuals that have already expressly opted in to receive certain communications, such as marketing, SMART solutions, events and special offers.

Required if you use the optional method of on-line customer support via Google Forms. Only used for processing of support forms. Google Forms are also used when a purchaser is engaged with our Field Services (i.e., onsite support).

Google Privacy
Google GDPR		 Identifiable contact information
HubSpot Germany GmbH Germany Required customer communications Required. We use HubSpot, which is a customer relationship management (CRM), for certain communications, such as customer transactional e-mails, outreach, and training.

Hubspot Privacy
Hubspot GDPR		 Identifiable account and purchase information
Kluster Enterprises Limited UK Sales Forecasting Required to provide analytics on our sales data.

Kluster Privacy
Kluster GDPR		 Identifiable account and purchase information
LinkedIn USA Marketing Required if you opt-in to receive marketing communications.

Used to create a lookalike audience who may be interested in SMART because they are similar to individuals that have already expressly opted in to receive certain communications, such as marketing, SMART solutions, events and special offers.

LinkedIN Privacy
LinkedIN GDPR		 Identifiable contact information
Meta Platforms, Inc. USA Marketing Required if you opt-in to receive marketing communications.

Used to create a lookalike audience who may be interested in SMART because they are similar to individuals that have already expressly opted in to receive certain communications, such as marketing, SMART solutions, events and special offers.

Meta Platforms Privacy		 Identifiable contact information
Microsoft, Inc. Canada Processing, Back-Office Required for our enterprise resource planning (ERP) system, which is software to manage the day-to-day business activities such as accounting, procurement, project management and supply chain operations, as well as our e-mail (Outlook), Confluence, PowerBI® (data visitation), Azure DevOps, and SharePoint® (document management), as well as all the other standard Microsoft Office software titles, like Word, Excel, and PowerPoint.

Microsoft Privacy
Microsoft GDPR		 Identifiable account and purchase information
Mixpanel, Inc. USA Monitoring Required for product improvement and service monitoring. Mixpanel allows us to analyze how our de-identified users interact with . It is designed to identify trends, understand common aggregated usage behavior, and helps us make better decisions on how to improve the usability and features of our product. This data is also used to track how long it takes our servers to complete actions like open files, which helps us measure service health and up/downtime.

Mixpanel Privacy
Mixpanel GDPR
Outreach Corporation USA Marketing Required if you opt-in to receive marketing communications.

Outreach is used to contact our customers in North America that have expressly opted in to receive certain communications, such as marketing, training, news, and offers from us. Outreach also provides analytics.

Outreach Privacy
Outreach Security		 Identifiable account and purchase information
Salesforce.com, Inc USA Ordering, Marketing, Channel Support Required order information (product, quantity, price and tax, delivery). Required for our customer relationship management (CRM). Required to allow our authorized distributors and resellers to work together with SMART. Basic customer and purchase information is shared between SMART and its authorized distributors and resellers.

Salesforce Privacy
Salesforce GDPR		 Identifiable account and purchase information
Sigma Computing, Inc. USA Processing, Back-Office Required for web application that presents Snowflake data (see below) to internal users.

Sigma Privacy		 Non-identifiable account information
SMART Authorized Distributors, Resellers and SMART’s Regional Office(s) Global Ordering and Support Required contact and order processing. Identifiable account information
  • customer name
  • e-mail
  • title
  • phone
  • address
Order information
  • product
  • quantity
  • price and tax
  • delivery address and phone.
Snowflake, Inc. Canada Processing, Back-Office Required. Snowflake aggregates and centralizes SMART’s customer data from multiple sources (Salesforce, Microsoft Dynamics, HubSpot, Oracle/OBIEE, Pivotal). Required for processing and back-office.

Snowflake Privacy
Snowflake Security		 Identifiable account and purchase information

THIRD PARTY CODE IN OUR SOFTWARE

Portions of SMART Control use third-party open-source code. To find out more information about third-party code in and its licenses visit our Third-Party Code page.

COOKIES

SMART and some of its processors use cookies to provide SMART Control to you. Cookies are small files that are placed on your computer or device. Most web browsers allow some control over cookies through the browser settings. Blocking all cookies will, however, have a negative impact upon the usability of SMART Control. Thus, you may prefer to accept cookies and then delete them later or upon exiting your session. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.

Who Cookie Purpose
SMART id.smarttech-prod.com
_ids
_ids_legacy
_ssos
_ssos_legacy		 Required for providing navigation, log-in status, and user identification for the purpose of providing to the user, including the proper linking of user created Content.
SMART Id .smarttech.com
SMARTId
SMARTIdState
SMARTIdReturnUrl		 Required. These cookies are written to your browser when you sign-in to SMART ID. Signing out of your SMART ID deletes this cookie. These cookies store encrypted authentication information that only our servers can decrypt. This cookie is persistent and lasts for several hours.

If you have any questions or concerns related to this Privacy Policy or the processing of your Personal Data, you may contact our privacy team as follows:

By e-mail to our Data Protection Officer: privacy@smarttech.com

By Mail:
SMART Technologies ULC
Attention: Legal Department
Suite 600, 214-11 Ave SW
Calgary, AB T2R 0K1
CANADA
+1.403.245.0333

Last Updated: November 12, 2025