Privacy

Privacy Statement

section icon
section icon

UPDATED: DECEMBER 20, 2023 | EFFECTIVE: JANUARY 1, 2024

Asana is a work management platform that provides teams with the tools to orchestrate their work.

At Asana, our mission is your mission. We’re committed to protecting your privacy rights, so you can focus on the work that matters most to your business — with peace of mind.

This Privacy Statement describes how Asana processes your information and explains the choices available to you with respect to your information. To learn more about Asana's commitment to your privacy, please read our Privacy Commitment.

If you have any questions or concerns about how Asana processes your information or about this Privacy Statement, you can email us any time at privacy@asana.com. Additionally, if you’re looking to exercise your privacy rights, you can do so here.

What’s Changing With This Update

We updated our Privacy Statement to include information about relevant privacy and data protection laws and our business practices.

It's important to us that you're able to clearly understand how we process your information and what rights you have under privacy and data protection laws. We welcome any questions, concerns, or feedback you may have about the updates to this Privacy Statement.

You can view the previous versions of this Privacy Statement in the section titled Previous Privacy Statements.

Table of Contents
Our Relationship With YouInformation We ProcessHow We Use Your InformationHow We Disclose Your InformationProtection, Storage, Transfer and Retention of Your InformationOther Important InformationYour Privacy RightsPrivacy Information for California ResidentsChanges To Our Privacy StatementContact Us and Privacy QuestionsPrevious Privacy Statements

Our Relationship with You

In situations where our users are subject to our Subscriber Agreement, Enterprise Master Services Agreement, or other Master Services Agreement to use Asana’s services, Asana is the processor/service provider (a provider that processes personal data on behalf of or at the direction of a controller, or other similar designation under the law) and our customer (usually a company or organization) is the controller/business (the entity that decides how and why information is processed) of the information provided to Asana via their use of Asana. In all other cases, Asana is the controller of the information.

For example, if you create an account with

  • your corporate email address, your company is the controller of your Asana domain and the information stored in it.

  • a free email domain (like gmail.com) or personal email account, Asana is the controller.

Asana can be used by companies or by individual users:

If you’re using Asana through your company, educational institution, or with your company email address, your company or educational institution’s own Asana administrator is responsible for the accounts associated with that company or institution and can: restrict, suspend, or terminate your access to or ability to use the services, access information about you, access or retain information stored with us (including your workspace content and log data about your use of Asana), and restrict your ability to edit, restrict, modify, or delete information associated with your use of our products and services.

Information We Process

Asana processes information we receive directly from you, automatically collected when you use Asana or visit one of our websites, and collected by Asana from third parties. However, please note that this Privacy Statement does not apply to the processing of your information by third parties through your use of any third-party integrations available via our services. Please visit those third-party websites directly for more information on their privacy and data protection practices.

Information Asana Receives Directly From You

Information needed to create an account

This includes information that is needed for Asana to create an account for you and manage your ability to log in and out of Asana:

  • Identifiers, including first and last name and email address

  • Your password for Asana (hashed) - unique, long, and strong, please

  • Information related to a third-party authentication identity provider, (e.g., Google Authenticator

If you upgrade your account to a paid account, Asana may collect:

  • Billing information, including name, address, and telephone number

  • Financial information, including as credit card information or bank account information collected by our payment processors on our behalf

  • Information about your chosen Asana plan

Information you provide to us through your use of Asana

  • Information you provide in goals, portfolios, projects, messages, tasks, and other features of AsanaInformation uploaded to Asana, such as attachments

  • Information from emails you forward to x@mail.asana.com

  • Profile photo and other information you provide to describe yourself, which we only collect if you do choose to provide it, such as your gender pronouns

  • Video and audio recordings, and transcripts of those recordings, if you use video messaging

  • Professional or employment information, which may include your title or role at your company if you elect to provide this information

  • Any other information you choose to provide while using Asana that identifies or can be reasonably associated with you

Other information you may provide to us when you interact with Asana in other ways

If you directly interact with Asana staff, such as our sales, user research, or user operations groups, or if you become an Asana Ambassador, or if you participate in research conducted by Asana’s Work Innovation Lab, Asana may process the following information voluntarily provided by you:

  • Your requests, questions, and responses to us via forms, or email, or other means

  • Information you provide in connection with Asana sweepstakes, contests, or research studies, if you choose to participate

  • Information to verify your identity

  • Geographic information, such as region and country

  • Social media information

  • Your date of birth

  • Biometric information associated with call recordings, with your consent in accordance with applicable law

Information automatically processed when you visit our websites or use our mobile or desktop app

Information related to your use of Asana and our websites

We may also collect the following:

  • Metadata and inference information related to your use of Asana, our websites, and third-party integrations to better understand the way you work in Asana. We may log the actions you take as you use Asana, including but not limited, to the number of Asana workspaces you work in, the number of tasks you are assigned, what tasks or other features you view, when you delete a task or comment, the features and embedded content you interact with, the types of files you transmit, and what, if any, third-party integrations you use.

  • Internet network activity, cookies, and similar tracking technologies, including data our servers automatically record, including your web request, IP address, browser type and settings, referring/exit pages and URLs, number of clicks, date and time stamp information, language preferences, and other such information. Please visit our Cookies Notice for more information about the types of information we collect via cookies, including information about advertising and analytics, and how we use it. To manage your cookies settings, you can adjust them in our Cookies Preference Center here: Cookie Settings

  • Information collected as a result of participation in beta testing, such as error reports or feedback provided by you

  • Information about how you interact with our marketing websites, like asana.com, such as where you click, how long you visit a page, your scrolling, mouse hovers, and other data to help us better understand your experience and provide you with the best user experience

  • Device information and activity when you use Asana via a mobile device, including the type of device you are using, device IDs, operating system version, and mobile network information to ensure that we are serving you the correct version of our application

  • Derived device geolocation information, including approximate geographic location inferred from an IP address

Information Asana Receives from Other Sources

Sometimes Asana receives your information from third parties (other individuals, marketing services, third-party integrations), which may include

  • Information processed from third-party integrations you set up with Asana. For example, a third-party integration may give us access to information stored in that third party that Asana will process to facilitate the integration

  • Name, email, and business contact information

  • Information about you provided to us from other individuals or users of Asana

How We Use Your Information

Asana uses your information to operate our products and services, communicate with you, process transactions when you change Asana plans, for security and fraud prevention, and to comply with the law. Specifically, we may process your information to:

Provide services to you and operate our business

  • Maintain, provide, and improve our products and services

  • Suggest Asana Help Center articles that may be relevant to you

  • Help us better understand user interests and needs, and customize Asana for you

  • Analyze and research how you interact with our websites and applications

  • Protect Asana and you, for example:

    • Securing our systems and products against fraud or unauthorized activity

    • Identifying, troubleshooting, and fixing bugs and errors

    • Complying with global laws and regulations

  • Investigate in good faith alleged violations of our User Terms of Service

  • Comply in good faith with a valid legal subpoena, request, or other lawful process that meets the requirements of our Law Enforcement Guidelines or that we otherwise determine is necessary to respond to

  • If you use Asana as part of an organization, company, or academic institution, Asana will process your information as required by our contract with your organization or academic institution. Those contractual terms may differ from, and, in the event of a conflict, take precedence over, the uses described in this Privacy Statement.

In addition, we use information about your use of Asana, account information (which may include your email address and name), and information related to third-party integrations to:

  • Communicate with you:

    • About Asana by phone, text, email, or chat

    • To provide important notices and updates, product changes, and other necessary notices such as security and fraud alerts

    • To market Asana services to you. via email, phone, and mail. You have the ability to unsubscribe from promotional marketing communications at any time

  • Advertise Asana to you

  • Facilitate reporting and analyze performance of the Asana platform or features available in Asana

  • Provide webinars or public presentations

  • Demonstrate Asana or provide you access to a demo Asana instance

  • Process your information at your direction

  • Provide cross-device management of your account. For example, we may locate or try to locate the same unique users across multiple browsers or devices (such as smartphones or tablets), or work with service providers that do this, in order to save your preferences across devices and analyze usage of our products and services. If you wish to opt out of Google’s ability to locate you across devices in this way, you may install the Google Analytics Opt-out Browser Add-on by clicking here.

Provide you with support and get your feedback

  • Respond to your requests for information

  • Help identify and troubleshoot any issues with your account and answer your questions

  • Resolve support requests

  • Provide you with reports about usage

  • Survey your opinions through surveys, research studies, and questionnaires

Combined Information

Unless otherwise prohibited by law, we may combine the information that we collect through your use of our products and services with information that we receive from other sources, both online and offline, and use that combined information as set out above.

Aggregated and de-identified data

We may aggregate and/or de-identify information related to your use of Asana (for example, how many tasks or projects you created) so that such information can no longer be linked to you or your device. We may use such aggregated and de-identified data for any purpose, including but not limited to, research and marketing purposes and may also disclose such data to any third parties, including advertisers, promotional partners, sponsors, event promoters, and/or others.

Artificial Intelligence and Machine Learning

Some features in Asana are powered by artificial intelligence (AI) and machine learning. Admins and super admins can adjust AI preferences for your domain at any time by visiting the admin console. 

When features powered by Asana AI are enabled in your domain, we use metadata related to your domain’s use of Asana to train machine learning models. Depending on the model and the feature, these machine learning models power features, both in your domain and other Asana domains. 

When features powered by AI Partners are enabled in your domain, we leverage third-party LLM service providers. Our third-party LLM service providers do not use customer data to train their models. 

For more information about AI in Asana, please review Asana AI features and admin controls

Asana may use AI technologies, including bots on our websites and in our product, to communicate with you, respond to your comments and questions, and provide information about our products and services. Learn more by visiting Asana’s Trust Center.

Legal bases for processing

For more information about the legal bases Asana relies on to process your information, please visit Other Important Information.

How We Disclose Your Information

We need to disclose the information we collect about you to make our products and services run smoothly and to operate our business under the following conditions:

  • Service providers and subprocessors. We may provide access or disclose your information to select third parties that use the information on our behalf to assist in providing Asana’s services, website, and features. These third parties provide a variety of services to us, including without limitation sales, marketing, provision of content and features, artificial intelligence enabled functionality, advertising, analytics, research, data storage, security, fraud prevention, and other services. You can find a list of our subprocessors here.

  • Advertising partners. We may also provide information collected when you visit an Asana website (which may include email addresses) to service providers, who may “match” this information in de-identified form to cookies (or mobile ad identifiers) and other proprietary IDs, in order to provide you with more relevant Asana ads when you visit other websites. Our advertising partners may also use cookies and similar technologies on our website to display more relevant advertising about Asana on other websites that you visit.  Please see our Cookies Notice for more information about how we use targeting cookies and your options for managing them.

  • Because you ask us to disclose. We may disclose your information to third parties when you ask us to do so. This includes when you connect Asana with other tools via our available integrations.

  • Consistent with your settings within our products and services. Please note that the information you submit through and post to Asana may be viewable by other users in your workspace, team, division, or organization, depending on the specific settings you have selected and if an organization has been created for your domain.

  • Affiliates and subsidiaries. We may disclose the information we collect within the Asana family of companies to provide Asana’s services to you. A list of our affiliates can be found here.

  • Business transfers. If the ownership of all or substantially all of our business changes, or all or some of our assets are sold as part of a bankruptcy or other proceeding, we may transfer your information to the new owner so that the services can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Privacy Statement until the acquiring party updates it. If such transfer is subject to additional mandatory restrictions under applicable laws or agreements, Asana will comply with those restrictions.

  • Compliance with legal obligations. To comply in good faith with a valid legal subpoena, request, or other lawful process that meets the requirements of our Law Enforcement Guidelines. We will notify individuals or customers of that request unless: we are prohibited from doing so by law or court order; or there are exceptional circumstances, such as an emergency involving the risk of bodily injury or death to a person or group of people or potential harm to minors.

  • Your company’s own Asana account administrator (if you have one). If you’re using Asana in connection with an organization, academic institution, or company domain, your company’s own Asana account administrator can export data associated with the domain they manage if they have a subscription plan that allows them to do so.

  • Public Forums. Our public forums, such as the Asana community forum, make it possible for you to upload and post comments or feedback publicly with other users. Any information that you submit through such public forums is not confidential and Asana may use it for any purpose (including in testimonials or other Asana marketing materials). Any information you post openly in these ways will be available to the public at large and potentially accessible through third-party search engines. Such information can be read, collected and/or used by other users and could be used to send you unsolicited messages. 

We use and disclose the categories of information we collect from and about you consistent with the various business purposes we discuss throughout this Privacy Statement. We do not disclose your information to third parties for their own direct marketing purposes. For more information, see our Privacy Commitment.

Protection, Storage, Transfer and Retention of Your Information

Security

Asana takes technical and organizational measures to protect your information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. However, no method of transmission over the Internet and no means of electronic or physical storage is absolutely secure, so we cannot ensure or warrant the security of that information. We are constantly updating and improving our safeguards and you can read up to date information about our security practices by visiting our Trust page.

Storage

When you use Asana, some information about you will be stored in the United States. For more information about our EU data storage options, please visit our Trust page.

Transfer of your information out of EEA, UK, Switzerland, and Japan

When you use our products and services, information about you will be transferred to the United States where the majority of Asana’s data processing occurs. We may also transfer information that we collect about you to third party processors across borders from your country or jurisdiction to other countries or jurisdictions around the world.

EU-US Data Privacy Framework program, the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework

Asana complies with the EU-US Data Privacy Framework program (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework program (Swiss-US DPF) as set forth by the US Department of Commerce. Asana has certified to the US Department of Commerce that it adheres to the EU-US Data Privacy Framework Principles (EU-US DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-US DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-US DPF. Asana has certified to the US Department of Commerce that it adheres to the Swiss-US Data Privacy Framework program Principles (Swiss-US DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-US DPF.

In compliance with the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF, Asana commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF to BBB National Programs, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit please visit the BBB National Programs Dispute Resolution Process web site at https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information or to file a complaint. The services of BBB National Programs are provided at no cost to you.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available as set forth in Annex I of the DPF Principles. Asana is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with respect to its compliance with the provisions of the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF.

Asana will take reasonable and appropriate steps necessary to ensure that any third party who is acting as a “data processor” under EU, UK, and Swiss terminology is processing the personal data we entrust to them in a manner that is consistent with the DPF Principles. Asana is potentially liable in cases of onward transfer to third parties of data of EU, UK, and Swiss individuals received pursuant to the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF, respectively.

If there is any conflict between the terms in this privacy statement and the EU-US DPF Principles and/or the Swiss-US DPF Principles, the Principles shall govern.

To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

If the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF do not apply, Asana relies on other data transfer mechanisms to transfer personal data outside the EEA, the UK, and Switzerland, such as Standard Contractual Clauses.

Data Retention

We will retain your information for the period necessary to fulfill the purposes outlined in this Privacy Statement, to make our products and services available to you, or as instructed by you, unless a longer retention period is required or permitted by law.

Other Important Information

Use by children under 16

If you are under the age of 16, you may not have an Asana account or use Asana’s products or services. We do not knowingly process any information from, or direct any of our products or services to, children under the age of 16.

Marketing Practices and Choices

If you receive email from us, we may use certain analytics tools, such as clear GIFs that capture data about your interaction with the email, which may include the date and time when you opened our email and whether you clicked on any links or banners within our emails. This data allows us to gauge the effectiveness of our communications and marketing campaigns.

You may instruct us not to use your contact information to contact you by email, postal mail, or phone regarding products, services, promotions, and special events that might appeal to your interests by contacting us via the methods listed in the Contact Us and Privacy Questions section. In promotional marketing commercial email messages, you can also opt out by following the instructions located at the bottom of such emails or contact us at privacy@asana.com.

Please note that, regardless of your request, we may still use and disclose certain information as permitted by this Privacy Statement or as required by applicable law. For example, you may not opt out of certain transactional, operational, or service-related emails, including those reflecting our relationship or transactions with you.

Global Privacy Control and Do Not Track

Where required, Asana honors the Global Privacy Control (GPC) signal.

Do Not Track is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our websites for third party purposes, and that is why we provide the ability to opt out, if needed, and adjust your cookies preferences. We do not currently recognize or respond to browser-initiated DNT signals. To learn more about Do Not Track, you can do so here.

Please note that Do Not Track is a different functionality from the browser-based Global Privacy Control signal, which Asana does honor. For more information about how Asana uses cookies and similar tracking technologies, visit our Cookies Notice.

Legal Bases for Processing Your Information

The laws in some jurisdictions require us to inform you of our legal bases for processing your information. Our legal bases for collecting and using your information described above will depend on the particular type of information and the specific context in which we collect it. However, some examples of legal bases for processing that we rely on:

  • Where use of your information is necessary to perform our obligations under a contract with you (for example, to comply with the User Terms of Service which you accept by using Asana’s services or to fulfill the terms of a contract signed with companies)

  • Where use of your information is necessary for our legitimate interests or the legitimate interests of others (for example, to provide security, operate our products and services, prevent fraud, analyze use of and improve our products and services, and for similar purposes)

  • Where use of your information is necessary to comply with a legal obligation (for example, to comply with our legal obligations to collect and store tax or invoice information for a certain period of time)

  • Where we have your consent to process data in a certain way

Your Privacy Rights

Your Privacy Rights

Asana users from around the world use our products to bring clarity to their work. Regardless of what country you’re located in, we respect your ability to know, access, correct, export, restrict the processing of, and delete your information, and have extended those rights globally. We will not discriminate against you for exercising your privacy rights.

Information about your rights

Upon your request, and subject to applicable legal exceptions, we will:

  • provide access to and/or a copy of certain information we hold about you

  • provide you with information about categories of information we collect or disclose about you, the categories of sources of such information, the business or commercial purpose for collecting your information, and the categories of third parties to which we disclose your information. For your convenience and so you don’t have to request it, we’ve included that information in this Privacy Statement.

  • prevent the processing of your information for promotional purposes (including any direct marketing processing based on profiling)

  • update information which is out of date or incorrect

  • delete certain information which we have about you

  • restrict the way that we process and disclose some of your information

  • transfer your information to a third party provider of services

  • revoke your consent for the processing of your information

If you request these rights, we will need to verify your identity and may need to verify your relationship with Asana (for example, if you’re an administrator of an Asana organization, division, or workspace and you’re making a request on behalf of another individual) for security and to prevent fraud.  You may be able to designate an authorized agent to make requests on your behalf. In order for an authorized agent to be verified, the authorized agent must present signed, written permission to make such requests or a power of attorney. We may also contact you to verify your identity before processing the authorized agent’s request.

We may take additional steps to verify that you are authorized to make the request. If you are an end user of Asana’s services and not a direct customer of Asana (for example, your company uses Asana and you’re an employee or authorized representative of that company), you should direct requests relating to your information to the administrator of your company’s Asana account. We will redirect you to your administrator or notify the administrator directly. To exercise your privacy rights, please make a request by filling out this form.

Please note, however, that certain information may be exempt from such requests in some circumstances (for example, if we need to keep processing your information for our legitimate interests or to comply with a legal obligation). Depending on applicable law, you may have the right to appeal our decision to deny your request. If we deny your request, we will provide you with information on how to appeal the decision, if applicable, in our communications with you.

Right to manage cookies preferences and opt out of targeted advertising

As explained in detail in our Cookies Notice, we provide information about your device and online browsing activities to third-party advertising providers for targeted online advertising purposes, so that we can provide you with more relevant and tailored ads regarding our services.

If you would like to opt out of our online disclosure of your information through cookie and pixel technology, please click here: Cookie Settings or enable Global Privacy Control within your browser.

Privacy Information for California Residents

Categories of information collected and disclosed

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA), and we want to provide you with the following additional information about the purpose for which we use each category of personal information we collect (as defined by CCPA), the categories of third parties to which we disclose personal information for a business purpose or for cross-context behavioral advertising, which includes our use of third-party analytics services and online advertising services. These are described in detail in our Cookies Notice and may result in the disclosure of online identifiers (e.g., cookie data, IP addresses, device identifiers, and usage information).

Specifically, your contact information (including email) or internet network and device information (including cookie data and IP address) may be disclosed to online advertising and analytics partners.

For more information about each category of personal information, purpose of use, and third parties to which we disclose personal information, please see the Information We ProcessHow We Use Your Information, and How We Disclose Your Information sections of our Privacy Statement.

Your choices regarding online advertising and related activities

You have the right to opt out of the disclosure of your personal information for purposes of online cross-context behavioral advertising and related activities and can do so by clicking here: Cookie Settings or enabling Global Privacy Control within your browser.

Other CCPA rights

We do not offer any financial incentives in exchange for your personal information.  If we ever do, we will provide you with additional disclosures regarding those incentives at the time they are offered.

The CCPA also allows you to limit the use or disclosure of your sensitive personal information (as defined in the CCPA) if your sensitive personal information is used for certain purposes. Please note that we do not use or disclose sensitive personal information other than for business purposes for which you cannot opt out under the CCPA.

Please see the Your Privacy Rights section of our Privacy Statement above for information about the additional rights you have with respect to your personal information under California law and how to exercise them.

Retention of your personal information

Please see information under Data Retention in the Protection, Storage, Transfer and Retention of Your Information section of our Privacy Statement.

California “Shine the Light” disclosure

The California “Shine the Light” law gives residents of California the right under certain circumstances to opt out of the disclosure of certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes, or in the alternative, that we provide a cost-free means for consumers to opt out of any such disclosure. We do not currently disclose your personal information to third parties for their own direct marketing purposes.

Nevada rights

Under Nevada law, certain Nevada consumers may opt out of the sale of information about you. We do not sell your data in accordance with Nevada Senate Bill 220. However, if you are a Nevada resident you may submit a request to opt out of any potential future sales under Nevada law by completing Asana’s Nevada Opt-Out Form. Please note, if needed, we may take reasonable steps to verify your identity and the authenticity of the request.

Changes To Our Privacy Statement

We will update this Privacy Statement to make sure it accurately reflects our data collection and use practices, our amazing features, advances in technology, or as applicable laws require. We will comply with applicable legal requirements regarding providing you with notice and/or consent when we make such changes, depending on the type of change made. We also provide information about how our Privacy Statement has changed over time below.

Contact Us and Privacy Questions

Asana is located at 633 Folsom Street, Suite 100, San Francisco, CA, 94107-3600. If you wish to contact us or if you have any questions about or complaints in relation to this notice, please contact us at privacy@asana.com. To contact our Data Protection Officer, please email dpo@asana.com.

Previous Privacy Statements

January 1, 2020

December 15, 2021

January 1, 2023

October 11, 2023

October 27, 2023