SMART Notebook privacy policy

This Privacy Policy (“Policy”) is applicable to SMART Notebook® and SMART Notebook® Plus (collectively, “Notebook”). Starting with Version 22, the paid subscription features were renamed as “SMART Notebook Plus”. This privacy policy for Notebook software forms part of the Notebook Terms agreed upon between you and SMART Technologies (“SMART”).

This policy explains how SMART works with you to protect your information and privacy when using Notebook. By using Notebook, you are consenting to SMART's collection, retention, use and disclosure of certain information as necessary to provide Notebook to you. If you do not agree, you must not use Notebook.

Notebook can be used without signing-in, and users can choose to share their created content in several ways that do not require students to sign-in. User created content is not a student or educational record, transcript, gradebook, health or directory information. Notebook is not a learning management system (LMS).

SMART supports the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and numerous other laws including the Family Educational Rights and Privacy Act (FERPA). SMART is committed to helping our customers work under these and other stringent regulations and we continue to add in-region solutions. We currently offer American and European data storage for user created Content and we are satisfied our out-of-region user data processors provide appropriate safeguards for the data they handle.

SMART only receives information because you provide it; you are the data controller. In this way, customers and users are obligated to comply with their local laws and are responsible for any obligations they owe to their users with respect to their personally identifiable information.


DATA TYPES

It is important to remember that customers and users are two distinct groups:

  • Customers are typically an organization (e.g., district, school, company) and not a personally identifiable individual. The identifiable information we require is from the customer for transactional purposes. The customer shall not provide SMART with personally identifiable information unless permissible by law and the customers’ policies.
  • Users (e.g., teachers) are generally not the ones who purchased or set up the account (e.g., IT administrators) and only access Notebook because the customers’ administrator has granted them access. As such, SMART’s exposure to personally identifiable information only comes from how the customer operates when providing e-mail addresses and names of users to SMART and from user created Content. If you have a concern as a user about your PII you must demand the customer provide only non-identifiable information to SMART and you as a user must only create Content with no PII in it.

We collect two types of data, depending on your interaction with us:

“Non-Personal Data” means aggregated non-identifiable information, which may be made available or gathered via your access to and interactions with our services. We are not aware of the identity or other identifiers of the individual from which the Non-Personal Data is collected. The Non-Personal Data collected may include aggregated usage information (meta-data), as well as technical information transmitted by your device, such as the type of browser or device, type of operation system, device settings and technical software data, etc.

“Personal Data” or “personal information” means individually identifiable information, namely information that identifies a natural person (not a corporation) or may, with reasonable effort, be used to identify a natural person.

We do not knowingly collect or process any Personal Data constituting or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, or data concerning a person's health (“Special Categories of Personal Data”).

The Customer is responsible for obtaining consent and authorization for a student to use our products and services from their parent or guardian. Where a customer instructs us to collect personal information from children, we collect, use, process and retain such information solely to provide the educational services on behalf of the customer and for the purpose of providing Notebook.


INFORMATION WE COLLECT

We collect and use information to allow us to provide our products and services to you. We collect information from you when you sign up for an account or voluntarily provide additional information.

We also collect information about the navigation pages users visit within Notebook using cookies and third-party analytics tools. This information includes information about the device(s) you use to access the websites including unique device identifiers, IP address, operating system, browser, and cookies. Depending on your device settings, we may also collect information about your geographical location. A list of cookies is provided at the end of this policy.


USE OF YOUR PERSONAL DATA

We use the personally identifiable data we collect solely for the purpose of providing Notebook to you. We may share this data with third-party service providers to provide our services to you. All providers contracted by SMART are contractually bound to keep your personal data secure and use it only for necessary service delivery.

In addition to processing your personal data for the purposes of providing our services and facilitating correspondence, we may also process your data based on legitimate interests/lawful basis. These interests or basis include but are not limited to improving our services, managing our business operations and sending you information about our products, services, and offers that may be of interest to you, provided you have opted in or not opted out of receiving such communications.

We do not sell your data, and we do not share personal data with third parties without your informed consent, which is the purpose of this document. We share your information in accordance with this agreement and a list of the third parties we share data with to provide our services to you are detailed below. Data is not shared between sub-processors unless explicitly stated.


OPTING OUT OR REMOVING PERSONAL INFORMATION AND DATA RETENTION

SMART will only keep personal data for as long as required to provide the service, or to comply with statutory requirements. When the personal data collected is no longer required by us, we and our service providers will perform the necessary procedures for destroying, deleting, erasing, or converting it into an anonymous form as permitted or required under applicable laws.

You may request deletion of your SMART account at any time by e-mailing privacy@smarttech.com or contacting our support department. SMART will respond to customer requests to delete personal data within 30 days. Inactive unpaid accounts are deleted after two (2) years. All data stored locally on the Notebook can be deleted by you at any time by resetting it to factory settings.

If you would like to request that your personal information be provided to you for your review, be removed from our services, or be updated, please contact privacy@smarttech.com.


SECURITY

We use widely accepted technical and operational security measures to protect your personal data including 256-bit TLS encryption. Only authorized SMART personnel and third-party service providers listed below are allowed to access this data, and they are required to treat it as confidential.

We do not store your passwords as these are managed by our single-sign-on (SSO) providers and they encrypt all your credentials and separate them from your personally identifiable information.

However, no security measures can guarantee complete protection against loss, misuse, or alteration of personal information. SMART is not responsible for any damages or liabilities resulting from such security failures.


YOUR RIGHTS

Subject to applicable law, including exceptions, you have the following rights with regard to the personal data that we collect about you:

  • right to ask what personal data we have about you and how we use;
  • right to request a copy of the personal data that we hold about you;
  • right to request that we correct or amend your personal data;
  • right to request deletion of your personal data; and
  • right to ask us to stop or limit how we process your personal data.

To protect your privacy and security, we may need to verify your identity before acting on certain requests, to the extent permitted by law. If someone is making the request on your behalf (like an authorized agent) and they don’t provide proof of authority (such as a power of attorney), we may ask for additional evidence, like written authorization, or contact you directly to confirm the request.

If you would like to exercise your rights regarding your personal data, you can do so by:

  • emailing your request to us at: privacy@smarttech.com
  • contacting us by postal mail at:

    SMART Technologies ULC
    Attention: Legal Department
    Suite 600, 214-11 Ave SW
    Calgary, AB T2R 0K1
    CANADA

    +1.403.245.0333

NOTIFICATION OF BREACH

If we become aware of a personal data breach, we will without undue delay, and where feasible, no later than 72 hours after having become aware of it, notify you of said breach, unless the data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Our communication of a breach shall be in clear and plain language and contain a minimum of:

  • Contact details of the Data Protection Officer or other contact person;
  • A description of the nature of the breach;
  • Likely consequences of the breach;
  • Advice on steps data subjects can take to protect themselves; and
  • The measures SMART has taken or proposes to take to address the breach.

COOKIES

To enhance your experience, our web pages and Services use "cookies". Cookies are small text files that are placed on your computer or device. Most web browsers allow some control over cookies through the browser settings. You may accept cookies and then delete them at a later date or upon exiting your browser.

Additionally, some of our online recruitment activities are hosted by third parties. When you access sites operated by these third parties, they may to the extent permitted by applicable law, place their own Cookies or other tracking technologies on your device. We encourage you to read the Privacy Statements of these websites before transmitting any Personal Information to third parties.


CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes to our operations, or to meet new legal and regulatory requirements. The updated policy will be posted on our website SMART Tech Privacy Policies.


DATA COLLECTED AND PROCESSED

This section outlines what data is collected and processed from you and who handles the data.

SMART Notebook® Users (not signed-in; no online sharing)

The basic version is free software designed for use with a SMART Board® interactive display. It comes with many features that you can use to create and edit lessons. You can use it without an Internet connection. On older versions a watermark appears on each lesson page if the computer on which you are running the basic version is not connected to a SMART Board. Starting with Version 22 of SMART Notebook, the software may not operate with a non-SMART Board.

Sub-Processor Country Data is Processed/Stored Purpose Data
Mixpanel, Inc. USA

Required for product improvement and service monitoring. Mixpanel allows us to analyze how our anonymous basic free users interact with Notebook. It is designed to identify trends, understand common aggregated usage behavior, and helps us make better decisions on how to improve the usability and features of our product.

Mixpanel Privacy
Mixpanel GDPR

Anonymous
Google, LLC Global

Required for product improvement and service monitoring. Google Analytics allows us to analyze how our anonymous basic free users interact with Notebook. It is designed to identify trends, understand common aggregated usage behavior, and helps us make better decisions on how to improve the usability and features of our product.

Google Privacy
Google GDPR

Anonymous

SIGNED-IN SMART NOTEBOOK PLUS USERS

A subscription to SMART Learning Suite gives you access to SMART Notebook Plus features. Without a subscription, you can still get access to the basic version of SMART Notebook (see above).

Sub-Processor Country Data is Processed/Stored Purpose Data
Microsoft, Inc. Global

Required if you use Microsoft as your single-sign-on (SSO) provider to access Notebook. Microsoft provides SMART with required account details.

Microsoft SSO
Microsoft Privacy
Microsoft GDPR

Identifiable
Google LLC Global

Required if you use Google as your single-sign-on (SSO) provider to access Notebook. Microsoft provides SMART with required account details.

Google SSO
Google Privacy
Google GDPR

Identifiable
Amazon Web Services, Inc. USA
Germany

Required for storage. We offer both an American and European data storage option.

AWS Privacy
AWS GDPR

Identifiable
Firebase, Google LLC USA
Germany
Belgium

Required for basic functionality (Firebase is a Backend-as-a-Service (BaaS) cloud-computing solution we use for real time (temporary) automated computer processing. The processing is done regionally through either Google’s American or European centres.

Firebase Privacy
Firebase GDPR

Identifiable
Mixpanel, Inc. USA

Required for product improvement and service monitoring. Mixpanel allows us to analyze how our de-identified users interact with Notebook. It is designed to identify trends, understand common aggregated usage behavior, and helps us make better decisions on how to improve the usability and features of our product. This data is also used to track how long it takes our servers to complete actions like open files, which helps us measure service health and up/downtime.

Mixpanel Privacy
Mixpanel GDPR

Pseudonymized
Google, LLC Global

Required for product improvement and service monitoring. Google Analytics allows us to analyze how our anonymous basic free users interact with Notebook. It is designed to identify trends, understand common aggregated usage behavior, and helps us make better decisions on how to improve the usability and features of our product.

Google Privacy
Google GDPR

Pseudonymized
Third-party content and activity providers Global

Optional content or activity a teacher may add to a lesson such as YouTube or other embedded content a user voluntarily adds. We cannot control what data a third party directly collects via the content when a teacher or student decides to include it in a lesson. For premium content that SMART provides however, we only report anonymous usage to the third-party publisher.

By using YouTube videos or other YouTube API Clients (uses YouTube API Services), you are agreeing to be bound by YouTube’s Terms of Service and Privacy Policy.

Identifiable

CUSTOMER DATA COLLECTED AND PROCESSED

This section outlines what data is collected, processed, and disclosed from customers (purchasers, prospects, and SMART’s authorized channel partners). You can request, through our Customer Support, data and account deletion at any time, but we must retain all data relevant to purchases and financial transactions until it is no longer required by applicable law. The term “identifiable” used in the below chart does not necessarily mean personally identifiable information.

Sub-Processor Country Data is Processed/Stored Purpose Data
Reseller & SMART’s Regional Office Global

Required contact information: organization name, e-mail, title, phone, address. Required order information: product, quantity, price and tax, delivery. Ask your local regional reseller about their privacy policies.

Identifiable
Blue Ocean Contact Centers, Inc. Canada

Optional. Blue Ocean is a subcontractor providing live (telephone, e-mail, and web) support. Information collected includes organization name, caller name (can use company title only if preferred for GDPR reasons), e-mail (can provide non-PII version to comply with GDPR), title, phone, address and a description of the issue and any shared details to help solve the problem. Calls are recorded.

Blue Ocean Privacy
GDPR - EC Adequacy Decision

Identifiable
Call Miner Canada

Optional for telephone interactions (option to opt out of call recordings), required for email. Call Miner is a subprocessor providing omnichannel interaction analytics powered by AI and machine learning. Call Miner analyzes customer support interactions, including recorded calls and emails, which are temporarily stored in CallMiner. The metadata is retained in CallMiner for analysis of the customer experience and trending information regarding the interactions between agent and customer.

Privacy Policy | Call Miner

Identifiable
Microsoft, Inc. Global

Required for our enterprise resource planning (ERP) system, which is software to manage the day-to-day business activities such as accounting, procurement, project management and supply chain operations, as well as our e-mail, PowerBI® (data visitation) and SharePoint® (document management), as well as all the other standard Microsoft Office software titles, like Word, Excel, etc.

Microsoft Privacy
Microsoft GDPR

Identifiable
Google, LLC. Global

Optional. Only used for processing of support forms. Google Forms are used when a purchaser is engaged with our Field Services (i.e., onsite support).

Privacy Policy – Google
GDPR - Google Cloud

Identifiable
BigCommerce, Inc. USA

Optional. Only used when a customer purchases through our e-commerce store: customer name, e-mail, title, phone, address, product, or service purchased and whether payment is received.

BigCommerce Privacy
BigCommerce - General Data Protection Regulation

Identifiable
Amazon Web Services, Inc. USA

Required for product infrastructure including the hosting of support call recordings.

Data Privacy - Amazon Web Services (AWS)
GDPR - Amazon Web Services (AWS)

Identifiable
Stripe, Inc. and Stripe Payments Europe, Ltd. USA

Optional. Only used when a customer purchases through our e-commerce store using a credit card: customer name, e-mail, title, phone, address, product, or service purchased, credit card details. Residents of the European Economic Area (EEA), the UK and Switzerland. The entity responsible for the collection and processing of credit card personal data for residents of the EEA, the UK and Switzerland is Stripe Payments Europe, Ltd., a company incorporated in Ireland and with offices at 1 Grand Canal Street Lower, Grand Canal Dock, Dublin. To exercise your rights, the Data Protection Officer may be contacted via dpo@stripe.com.

Stripe Privacy
Stripe GDPR

Identifiable
Salesforce.com, Inc USA

Required order information (product, quantity, price and tax, delivery). Required for our customer relationship management (CRM). Required to allow our authorized distributors and resellers to work together with SMART. Basic customer and purchase information is shared between SMART and its authorized distributors and resellers.

Salesforce Privacy
Salesforce GDPR

Identifiable
HubSpot, Inc Germany

We use HubSpot, which is a customer relationship management (CRM), for certain communications, such as marketing, training, news, and offers from us.

Hubspot Privacy
Hubspot GDPR

Identifiable
Mixpanel, Inc. USA

Required for product improvement and service monitoring. Mixpanel allows us to analyze how our de-identified users interact with Notebook. It is designed to identify trends, understand common aggregated usage behavior, and helps us make better decisions on how to improve the usability and features of our product. This data is also used to track how long it takes our servers to complete actions like open files, which helps us measure service health and up/downtime.

Mixpanel Privacy
Mixpanel GDPR

Pseudonymized
Gainsight, Inc. USA

Applicable only to North American Customers. We use Gainsight, which is a customer relationship management (CRM) tool, for e-mail (name, e-mail address, company information) marketing to individuals and organizations.

Gainsight Privacy

Identifiable

THIRD PARTIES

To the extent functionality is not directly provided or managed by SMART, such as single-sign-on (SSO) via Google and Microsoft, or videos on YouTube®, etc., you agree it is your responsibility to review and accept these third-party service providers’ terms and privacy policies.


COOKIES

SMART and some of its processors use cookies to provide Notebook to you. Cookies are small files that are placed on your computer or device. Most web browsers allow some control over cookies through the browser settings. Blocking all cookies will, however, have a negative impact upon the usability of Notebook. Thus, you may prefer to accept cookies and then delete them later or upon exiting your session.

Who Cookie Purpose
SMART id.smarttech-prod.com
_ga
_gid
_ids
_ids_legacy
_ssos
_ssos_legacy
Required for providing navigation, log-in status, and user identification for the purpose of providing Notebook software to the user, including the proper linking of user created Content.
Microsoft login.microsoftonline.com
AADSSO
CCState
ESTSAUTH
ESTSAUTHLIGHT
ESTSAUTHPERSISTENT
ESTSSC
SignInStateCookie
brcap
buid
ch
clrc
esctx
fpc
stsservicecookie
x-ms-gateway-slice
login.live.com
MSPRequ
uaid
Required for providing single-sign-on functionality and identification of the user for the purpose of providing Notebook software to the user. These cookies are installed by Microsoft and SMART has no control over what Microsoft does with the information. Click here for additional information on Microsoft’s cookies.
Google LLC accounts.google.com
ACCOUNT_CHOOSER
LSID
__Host-3PLSID
__Host-GAPS
user_id
google.ca
APISID
HSID
NID
SAPISID
SID
SSID
__Secure-3PAPISID
__Secure-3PSID
google.com
APISID
HSID
NID
SAPISID
SID
SIDCC
SSID
__Secure-3PAPISID
__Secure-3PSID
__Secure-3PSIDCC
youtube.com
APISID
HSID
SAPISID
SID
SSID
__Secure-3PAPISID
__Secure-3PSID
Required for providing single-sign-on functionality and identification of the user for the purpose of providing Notebook software to the user. YouTube cookies are installed during sign-on and support additional functionality (adding videos) within Notebook software. These cookies are installed by Google and SMART has no control over what Google does with the information. Click here for additional information on Google’s cookies.
Google LLC _utma This cookie is typically written to your browser upon the first visit to www.smarttech.com and our admin portal site. If the cookie has been deleted by the browser operator, and the browser subsequently visits our site, a new __utma cookie is written with a different unique ID. This cookie is used to determine unique visitors to our site and it is updated with each page view. Additionally, this cookie is provided with a unique ID that Google Analytics uses to ensure both the validity and accessibility of the cookie as an extra security measure. This cookie is a persistent cookie with a lifespan of 2 years from set/update.
Google LLC _utmb This cookie is used to establish and continue a visitor session with our admin portal site. When a visitor views a page on our site, the Google Analytics code attempts to update this cookie. If it does not find the cookie, a new one is written and a new session is established. Each time a visitor visits a different page on our site this cookie is updated and will expire in 30 minutes, thus, continuing a single session for as long as visitor activity continues within 30-minute intervals. This cookie is a session cookie with a lifespan of 30 minutes from set/update.
Google LLC _utmc Historically, this cookie operated in conjunction with the __utmb cookie to determine whether to establish a new session for the visitor. For backwards compatibility purposes with sites still using the urchin.js tracking code, this cookie will continue to be written and will expire when the user exits the browser. This cookie may or may not be set and is a session cookie with a lifespan of the browser session.
Google LLC _utmz This cookie stores the type of referral used by the visitor to reach our site, whether via a direct method, a referring link, a website search, or a campaign such as an ad or an email link. It is used to calculate search engine traffic, ad campaigns and page navigation within our site. The cookie is updated with each page view to our site. This cookie is a persistent cookie with a lifespan of 6 months from set/update.
Identity Client library software_portal When administrator signs in from SMART’s admin portal, this cookie is set to remember the authorization information for the current signed in session. The cookie will be refreshed automatically to keep the session alive. This cookie is set by SMART and is a persistent cookie with a lifespan of 365 days. The content of the cookie is the encrypted id access token and id refresh token
Language Cookie smart_lang, [website]#lang

Stores context language of the current Sitecore website.

Sample valies: www#lang, support#lang

Sitecore SC_ANALYTICS_GLOBAL_COOKIE This cookie is associated with our Sitecore content management system and is used for web analytics to identify repeat visits by unique users.
Smart ID SMARTId, SMARTIdState, SMARTIdReturnUrl These cookies are written to your browser when you sign-in to SMART ID. Signing out of your SMART ID deletes this cookie. These cookies store encrypted authentication information that only our servers can decrypt. This cookie is persistent and lasts for several hours.

CONTACT US

If you have any questions about this Policy or if you would like to communicate with our Privacy Team, please contact us at privacy@smarttech.com

SMART Technologies ULC
Attention: Legal Department
Suite 600, 214-11 Ave SW
Calgary, AB T2R 0K1
CANADA

+1.403.245.0333

Last Updated: July 30, 2025