Asana, like most technology companies, occasionally receives requests from law enforcement agencies in the United States and elsewhere seeking information about our customers. These requests may take the form of a subpoena, court order, search warrant, National Security Letter, and orders issued under the Foreign Intelligence Surveillance Act.

While Asana will comply with legally valid governmental requests, we care deeply about maintaining the trust of our customers. One way to maintain that trust is to inform our customers and the public about law enforcement requests that we receive through publishing and maintaining this transparency report.

In line with our Law Enforcement Guidelines (available at https://asana.com/terms/law-enforcement-guidelines), our policy is to notify users of requests for their information, which includes a copy of the request, prior to disclosure so that they may have an opportunity to challenge the request unless: (a) we are prohibited from doing so by law or court order; (b) there are exceptional circumstances, such as an emergency involving the risk of bodily injury or death to a person or group of people or potential harm to minors; or (c) prior notice would be counterproductive (for example, if we believe that the account in question has been hijacked).

This transparency report provides information relating to law enforcement requests for user data that we have processed during the Reporting Period. Going forward, we will provide updated reports on at least an annual basis.

Requests from United States Law Enforcement

National Security Process

Requests from Non-United States Law Enforcement

Although Asana is headquartered in the United States, we have a corporate presence in several other countries. When we receive requests from non-US governments we work with our external counsel to determine the validity of the request and our ability to respond under United States and other applicable laws.

Definitions

• Content Data: Includes the contents of communications generated or stored by end users, for example, content stored in Asana projects and tasks.

• Non-Content Data: All data that is not “content data.” It can include basic subscriber information (name, contact information, billing information, length of service, types of services utilized, IP information, and account login information) in response to a U.S. law enforcement subpoena and, if we receive a court order from U.S. law enforcement, non-content metadata (such as the date, time, and IP addresses of related to end users communications with an account).

• Subpoena: A compulsory demand issued by a governmental entity for the production of documents in a criminal case (such as grand jury subpoenas).

• Court Order: An order issued by a judge upon a finding that there are reasonable grounds to believe that the information sought is relevant and material to an ongoing criminal investigation.

• Search Warrant: An order issued by a judge upon a finding of probable cause by law enforcement. A search warrant is required to obtain Content Data.

• MLAT: Stands for “mutual legal assistance treaty.” Asana requires that non-U.S. government entities use appropriate international law processes, such as through an MLAT if the requesting country has entered into one with the United States, to obtain customer data.

• National Security Letters (NSL): A national security letter issued under 18 U.S.C. § 2709.

• FISA Orders: An order or directive issued in the United States under the Foreign Intelligence Surveillance Act for user information.

• National Security Process: all FISA orders, FISA directives and National Security Letters (NSL) received.