Introducing Asana’s Fall 2024 Release. Discover what's new.Explore now
UPDATED: OCTOBER 27, 2023 | EFFECTIVE: OCTOBER 27, 2023
Asana is a work management platform that provides teams with the tools to orchestrate their work.
At Asana, our mission is your mission. We’re committed to protecting your privacy rights, so you can focus on the work that matters most to your business — with peace of mind.
This Privacy Statement describes how Asana processes your information and explains the choices available to you with respect to your information. To learn more about Asana's commitment to your privacy, please read our Privacy Commitment.
If you have any questions or concerns about how Asana processes your information or about this Privacy Statement, you can email us any time at privacy@asana.com. Additionally, if you’re looking to exercise your privacy rights, you can do so here.
It's important to us that you're able to clearly understand how we process your information and what rights you have under privacy and data protection laws. We have updated our Privacy Statement to include new disclosures regarding the EU-US Data Privacy Framework program, the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework.
We welcome any questions, concerns, or feedback you may have about the updates to this Privacy Statement. You can view the previous versions of this Privacy Statement in the section titled Previous Privacy Statements.
In situations where our users are subject to our Subscriber Agreement, Enterprise Master Services Agreement, or other Master Services Agreement to use Asana’s services, Asana is the processor/service provider (a provider that processes personal data on behalf of or at the direction of a controller, or other similar designation under the law) and our customer (usually a company or organization) is the controller/business (the entity that decides how and why information is processed) of the information provided to Asana via their use of Asana. In all other cases, Asana is the controller of the information.
For example, if you create an account with
your corporate email address, your company is the controller of that information.
a free email domain (like gmail.com) or personal email account, Asana is the controller.
Asana can be used by companies or by individual users:
If you’re using Asana through your company, educational institution, or with your company email address, your company or educational institution’s own Asana administrator is responsible for the accounts associated with that company or institution and can: restrict, suspend, or terminate your access to or ability to use the services, access information about you, access or retain information stored with us (including your workspace content and log data about your use of Asana), and restrict your ability to edit, restrict, modify, or delete information associated with your use of our products and services.
Asana processes information we receive directly from you, automatically collected when you use Asana or visit one of our websites, and collected by Asana from third parties. However, please note that this Privacy Statement does not apply to the processing of your information by third parties through your use of any third-party integrations available via our services. Please visit those third-party websites directly for more information on their privacy and data protection practices.
Information needed to create an account
This includes information that is needed for Asana to create an account for you and manage your ability to log in and out of Asana:
Identifiers, such as first and last name and email address
Your password for Asana (hashed) - unique, long, and strong, please
Information related to a third-party authentication identity provider, such as Google Authenticator
If you upgrade your account to a paid account, Asana may collect:
Billing information, such as name, address, and telephone number
Financial information, such as credit card information collected by our payment processors on our behalf
Information about your chosen Asana plan
Information you provide to us through your use of Asana
Information you provide in goals, portfolios, projects, and tasks
Information uploaded to Asana, such as attachments
Information from emails you forward to x@mail.asana.com
Profile photo and other information you provide to describe yourself, which we only collect if you do choose to provide it, such as your gender pronouns
Video and audio recordings, and transcripts of those recordings, if you use video messaging
Professional or employment information, such as your title or role at your company
Any other information you choose to provide while using Asana that identifies or can be reasonably associated with you
Other information you may provide to us when you interact with Asana in other ways
You may voluntarily provide us with information when you interact with us in other ways. If you directly interact with Asana staff, such as our sales, user research, or user operations groups, or if you become an Asana Ambassador, Asana may process:
Your requests, questions, and responses to us via forms or email
Information you provide in connection with Asana sweepstakes, contests, or research studies, if you choose to participate
Information to verify your identity
Geographic information, such as region and country
Social media information
Your date of birth
Your audio and video, if you participate in a sales call or user research study and do not opt out of call recording, which also involves the collection of biometric information associated with the call recordings
Information related to your use of Asana and our websites
We may also collect the following:
Metadata and inference information related to your use of Asana, our websites, and third-party integrations to better understand the way you work in Asana. We may log the actions you take as you use Asana, including but not limited, to the number of Asana workspaces you work in, the number of tasks you are assigned, when you delete a task or comment, the features and embedded content you interact with, the types of files you transmit, and what, if any, third-party integrations you use.
Internet network activity, cookies, and similar tracking technologies, including data our servers automatically record, such as your web request, IP address, browser type and settings, referring/exit pages and URLs, number of clicks, date and time stamp information, language preferences, and other such information. Please visit our Cookies Notice for more information about the types of information we collect via cookies, including information about advertising and analytics, and how we use it. To manage your cookies settings, you can adjust them in our Cookies Preference Center here: Cookie Preference Center
Information collected as a result of participation in beta testing, such as error reports or feedback provided by you
Information about how you interact with our marketing websites, like asana.com, such as where you click, how long you visit a page, your scrolling, mouse hovers, and other data to help us better understand your experience and provide you with the best user experience
Device information and activity when you use Asana via a mobile device, such as the type of device you are using, device IDs, operating system version, and mobile network information to ensure that we are serving you the correct version of our application
Derived device geolocation information, such as approximate geographic location inferred from an IP address
Sometimes Asana receives your information from third parties (other individuals, marketing services, third-party integrations), which may include
Information processed from third-party integrations you set up with Asana. For example, a third-party integration may give us access to information stored in that third party that Asana will process to facilitate the integration
Name, email, and business contact information
Information about you provided to us from other individuals or users of Asana
Asana uses your information to operate our products and services, communicate with you, process transactions when you change Asana plans, for security and fraud prevention, and to comply with the law. Specifically, we may process your information to:
Provide services to you and operate our business
Maintain, provide, and improve our products and services
Help us better understand user interests and needs, and customize Asana for you
Analyze and research how you interact with our websites and applications
Protect Asana and you, for example:
Securing our systems and products against fraud or unauthorized activity
Identifying, troubleshooting, and fixing bugs and errors
Complying with global laws and regulations
Investigate in good faith alleged violations of our User Terms of Service
Comply in good faith with a valid legal subpoena, request, or other lawful process that meets the requirements of our Law Enforcement Guidelines or that we otherwise determine is necessary to respond to
If you use Asana as part of an organization, company, or academic institution, Asana will process your information as required by our contract with your organization or academic institution. Those contractual terms may differ from, and, in the event of a conflict, take precedence over, the uses described in this Privacy Statement.
In addition, we use information about your use of Asana, account information (such as your email address and name), and information related to third-party integrations to:
Communicate with you:
About Asana by phone, text, email, or chat
To provide important notices and updates, product changes, and other necessary notices such as security and fraud alerts
To advertise or market Asana services to you. You have the ability to unsubscribe from promotional communications at any time
Facilitate reporting and analyze performance of the Asana platform or features available in Asana
Provide webinars or public presentations
Demonstrate Asana or provide you access to a demo Asana instance
Process your information at your direction
Provide cross-device management of your account. For example, we may locate or try to locate the same unique users across multiple browsers or devices (such as smartphones or tablets), or work with service providers that do this, in order to save your preferences across devices and analyze usage of our products and services. If you wish to opt out of Google’s ability to locate you across devices in this way, you may install the Google Analytics Opt-out Browser Add-on by clicking here.
Provide you with support and get your feedback
Respond to your requests for information
Help identify and troubleshoot any issues with your account and answer your questions
Resolve support requests
Provide you with reports about usage
Survey your opinions through surveys, research studies, and questionnaires
Combined Information
Unless otherwise prohibited by law, we may combine the information that we collect through your use of our products and services with information that we receive from other sources, both online and offline, and use that combined information as set out above.
Aggregated and de-identified data
We may aggregate and/or de-identify information related to your use of Asana (such as how many tasks or projects you created) so that such information can no longer be linked to you or your device. We may use such aggregated and de-identified data for any purpose, including but not limited to, research and marketing purposes and may also disclose such data to any third parties, including advertisers, promotional partners, sponsors, event promoters, and/or others.
Legal bases for processing
For more information about the legal bases Asana relies on to process your information, please visit Other Important Information.
We need to disclose the information we collect about you to make our products and services run smoothly and to operate our business under the following conditions:
Service providers and subprocessors. We may provide access or disclose your information to select third parties that use the information on our behalf to assist in providing Asana’s services, website, and features. These third parties provide a variety of services to us, including without limitation sales, marketing, provision of content and features, advertising, analytics, research, data storage, security, fraud prevention, and other services. You can find a list of our subprocessors here.
Advertising and marketing. We may provide information collected when you visit an Asana website (such as email addresses) to service providers, who may “match” this information in de-identified form to cookies (or mobile ad identifiers) and other proprietary IDs, in order to provide you with more relevant Asana ads when you visit other websites.
Because you ask us to disclose. We may disclose your information to third parties when you ask us to do so. This includes when you connect Asana with other tools via our available integrations.
Consistent with your settings within our products and services. Please note that the information you submit through and post to Asana may be viewable by other users in your workspace, team, division, or organization, depending on the specific settings you have selected and if an organization has been created for your domain.
Affiliates and subsidiaries. We may disclose the information we collect within the Asana family of companies to provide Asana’s services to you. A list of our affiliates can be found here.
Business transfers. If the ownership of all or substantially all of our business changes, or all or some of our assets are sold as part of a bankruptcy or other proceeding, we may transfer your information to the new owner so that the services can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Privacy Statement until the acquiring party updates it. If such transfer is subject to additional mandatory restrictions under applicable laws or agreements, Asana will comply with those restrictions.
Compliance with legal obligations. To comply in good faith with a valid legal subpoena, request, or other lawful process that meets the requirements of our Law Enforcement Guidelines. We will notify individuals or customers of that request unless: we are prohibited from doing so by law or court order; or there are exceptional circumstances, such as an emergency involving the risk of bodily injury or death to a person or group of people or potential harm to minors.
Your company’s own Asana account administrator (if you have one). If you’re using Asana in connection with an organization, academic institution, or company domain, your company’s own Asana account administrator can export data associated with the domain they manage if they have a subscription plan that allows them to do so.
Public Forums. Our public forums, such as the Asana community forum, make it possible for you to upload and post comments or feedback publicly with other users. Any information that you submit through such public forums is not confidential and Asana may use it for any purpose (including in testimonials or other Asana marketing materials). Any information you post openly in these ways will be available to the public at large and potentially accessible through third-party search engines. Such information can be read, collected and/or used by other users and could be used to send you unsolicited messages.
We use and disclose the categories of information we collect from and about you consistent with the various business purposes we discuss throughout this Privacy Statement. We do not disclose your information to third parties for their own direct marketing purposes. For more information, see our Privacy Commitment.
Security
Asana takes technical and organizational measures to protect your information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. However, no method of transmission over the Internet and no means of electronic or physical storage is absolutely secure, so we cannot ensure or warrant the security of that information. We are constantly updating and improving our safeguards and you can read up to date information about our security practices by visiting our Trust page.
Storage
When you use Asana, some information about you will be stored in the United States. For more information about our EU data storage options, please visit our Trust page.
Transfer of your information out of EEA, UK, Switzerland, and Japan
When you use our products and services, information about you will be transferred to the United States where the majority of Asana’s data processing occurs. We may also transfer information that we collect about you to third party processors across borders from your country or jurisdiction to other countries or jurisdictions around the world.
EU-US Data Privacy Framework program, the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework
Asana complies with the EU-US Data Privacy Framework program (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework program (Swiss-US DPF) as set forth by the US Department of Commerce. Asana has certified to the US Department of Commerce that it adheres to the EU-US Data Privacy Framework Principles (EU-US DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-US DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-US DPF. Asana has certified to the US Department of Commerce that it adheres to the Swiss-US Data Privacy Framework program Principles (Swiss-US DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-US DPF.
In compliance with the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF, Asana commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF to BBB National Programs, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit please visit the BBB National Programs Dispute Resolution Process web site at https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information or to file a complaint. The services of BBB National Programs are provided at no cost to you.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available as set forth in Annex I of the DPF Principles. Asana is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with respect to its compliance with the provisions of the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF.
Asana will take reasonable and appropriate steps necessary to ensure that any third party who is acting as a “data processor” under EU, UK, and Swiss terminology is processing the personal data we entrust to them in a manner that is consistent with the DPF Principles. Asana is potentially liable in cases of onward transfer to third parties of data of EU, UK, and Swiss individuals received pursuant to the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF, respectively.
If there is any conflict between the terms in this privacy statement and the EU-US DPF Principles and/or the Swiss-US DPF Principles, the Principles shall govern.
To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
If the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF do not apply, Asana relies on other data transfer mechanisms to transfer personal data outside the EEA, the UK, and Switzerland, such as Standard Contractual Clauses.
Data Retention
We will retain your information for the period necessary to fulfill the purposes outlined in this Privacy Statement, to make our products and services available to you, or as instructed by you, unless a longer retention period is required or permitted by law.
Use by children under 16
If you are under the age of 16, you may not have an Asana account or use Asana’s products or services. We do not knowingly process any information from, or direct any of our products or services to, children under the age of 16.
Marketing Practices and Choices
If you receive email from us, we may use certain analytics tools, such as clear GIFs, to capture data, such as when you open our message or click on any links or banners within our emails. This data allows us to gauge the effectiveness of our communications and marketing campaigns.
You may instruct us not to use your contact information to contact you by email, postal mail, or phone regarding products, services, promotions, and special events that might appeal to your interests by contacting us via the methods listed in the Contact Us and Privacy Questions section. In commercial email messages, you can also opt out by following the instructions located at the bottom of such emails.
Please note that, regardless of your request, we may still use and disclose certain information as permitted by this Privacy Statement or as required by applicable law. For example, you may not opt out of certain transactional, operational, or service-related emails, such as those reflecting our relationship or transactions with you.
Global Privacy Control and Do Not Track
Where required, Asana honors the Global Privacy Control (GPC) signal.
Do Not Track is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our websites for third party purposes, and that is why we provide the ability to opt out, if needed, and adjust your cookies preferences. We do not currently recognize or respond to browser-initiated DNT signals. To learn more about Do Not Track, you can do so here.
Please note that Do Not Track is a different functionality from the browser-based Global Privacy Control signal, which Asana does honor. For more information about how Asana uses cookies and similar tracking technologies, visit our Cookies Notice.
Legal Bases for Processing Your Information
The laws in some jurisdictions require us to inform you of our legal bases for processing your information. Our legal bases for collecting and using your information described above will depend on the particular type of information and the specific context in which we collect it. However, some examples of legal bases for processing that we rely on:
Where use of your information is necessary to perform our obligations under a contract with you (for example, to comply with the User Terms of Service which you accept by using Asana’s services or to fulfill the terms of a contract signed with companies)
Where use of your information is necessary for our legitimate interests or the legitimate interests of others (for example, to provide security, operate our products and services, prevent fraud, analyze use of and improve our products and services, and for similar purposes)
Where use of your information is necessary to comply with a legal obligation (for example, to comply with our legal obligations to collect and store tax or invoice information for a certain period of time)
Where we have your consent to process data in a certain way
Your Privacy Rights
Asana users from around the world use our products to bring clarity to their work. Regardless of what country you’re located in, we respect your ability to know, access, correct, export, restrict the processing of, and delete your information, and have extended those rights globally. We will not discriminate against you for exercising your privacy rights.
Information about your rights
Upon your request, and subject to applicable legal exceptions, we will:
provide access to and/or a copy of certain information we hold about you
provide you with information about categories of information we collect or disclose about you, the categories of sources of such information, the business or commercial purpose for collecting your information, and the categories of third parties to which we disclose your information. For your convenience and so you don’t have to request it, we’ve included that information in this Privacy Statement.
prevent the processing of your information for promotional purposes (including any direct marketing processing based on profiling)
update information which is out of date or incorrect
delete certain information which we have about you
restrict the way that we process and disclose some of your information
transfer your information to a third party provider of services
revoke your consent for the processing of your information
If you request these rights, we will need to verify your identity and may need to verify your relationship with Asana (for example, if you’re an administrator of an Asana organization, division, or workspace and you’re making a request on behalf of another individual) for security and to prevent fraud.
We may take additional steps to verify that you are authorized to make the request. If you are an end user of Asana’s services and not a direct customer of Asana (for example, your company uses Asana and you’re an employee or authorized representative of that company), you should direct requests relating to your information to the administrator of your company’s Asana account. We will redirect you to your administrator or notify the administrator directly. To exercise your privacy rights, please make a request by filling out this form.
Please note, however, that certain information may be exempt from such requests in some circumstances (for example, if we need to keep processing your information for our legitimate interests or to comply with a legal obligation). Depending on applicable law, you may have the right to appeal our decision to deny your request. If we deny your request, we will provide you with information on how to appeal the decision, if applicable, in our communications with you.
Right to manage cookies preferences and opt out of targeted advertising
As explained in detail in our Cookies Notice, we provide information about your device and online browsing activities to third-party advertising providers for targeted online advertising purposes, so that we can provide you with more relevant and tailored ads regarding our services.
If you would like to opt out of our online disclosure of your information through cookie and pixel technology, please click here: Cookie Preference Center or enable Global Privacy Control within your browser.
Categories of information collected and disclosed
If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA), and we want to provide you with the following additional information about the purpose for which we use each category of personal information we collect (as defined by CCPA), the categories of third parties to which we disclose personal information for a business purpose or for cross-context behavioral advertising, which includes our use of third-party analytics services and online advertising services. These are described in detail in our Cookies Notice and may result in the disclosure of online identifiers (e.g., cookie data, IP addresses, device identifiers, and usage information).
Specifically, your contact information (such as email) or internet network and device information (such as cookie data and IP address) may be disclosed to online advertising and analytics partners.
For more information about each category of personal information, purpose of use, and third parties to which we disclose personal information, please see the Information We Process, How We Use Your Information, and How We Disclose Your Information sections of our Privacy Statement.
Your choices regarding online advertising and related activities
You have the right to opt out of the disclosure of your personal information for purposes of online advertising and related activities and can do so by clicking here: Cookies Preference Center or enabling Global Privacy Control within your browser.
Other CCPA rights
We do not offer any financial incentives in exchange for your personal information.
The CCPA also allows you to limit the use or disclosure of your sensitive personal information (as defined in the CCPA) if your sensitive personal information is used for certain purposes. Please note that we do not use or disclose sensitive personal information other than for business purposes for which you cannot opt out under the CCPA.
Please see the Your Privacy Rights section of our Privacy Statement above for information about the additional rights you have with respect to your personal information under California law and how to exercise them.
Retention of your personal information
Please see information under Data Retention in the Protection, Storage, Transfer and Retention of Your Information section of our Privacy Statement.
California “Shine the Light” disclosure
The California “Shine the Light” law gives residents of California the right under certain circumstances to opt out of the disclosure of certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes, or in the alternative, that we provide a cost-free means for consumers to opt out of any such disclosure. We do not currently disclose your personal information to third parties for their own direct marketing purposes.
Nevada rights
Under Nevada law, certain Nevada consumers may opt out of the sale of information about you. We do not sell your data in accordance with Nevada Senate Bill 220. However, if you are a Nevada resident you may submit a request to opt out of any potential future sales under Nevada law by completing Asana’s Nevada Opt-Out Form. Please note, if needed, we may take reasonable steps to verify your identity and the authenticity of the request.
We will update this Privacy Statement to make sure it accurately reflects our data collection and use practices, our amazing features, advances in technology, or as applicable laws require. We will comply with applicable legal requirements regarding providing you with notice and/or consent when we make such changes, depending on the type of change made. We also provide information about how our Privacy Statement has changed over time below.
Asana is located at 633 Folsom Street, Suite 100, San Francisco, CA, 94107-3600. If you wish to contact us or if you have any questions about or complaints in relation to this notice, please contact us at privacy@asana.com. To contact our Data Protection Officer, please email dpo@asana.com.