Privacy Statement

section icon
section icon

UPDATED: OCTOBER 14, 2023 | EFFECTIVE: DECEMBER 15, 2021

Asana is a work management platform that provides teams with the tools to orchestrate their work.

At Asana, our mission is your mission. Our customers' trust and partnership are very important to us. That's why we refreshed our entire privacy statement to provide more clarity around how we use your information.

As you use and interact with Asana's websites, products, and services, we process information from and about you in order to provide access to our tools, an enhanced experience, and support. That means that we collect, use, transmit, store, share, and erase your information.

This Privacy Statement describes how Asana processes your information and explains the choices available to you with respect to your information. To learn more about Asana's commitment to your privacy, please read our Privacy Commitment.

If you have any questions or concerns about how Asana processes your information or about this Privacy Statement, you can email us any time at privacy@asana.com. Additionally, if you’re looking to exercise your privacy rights, you can do so here.

What’s Changing With This Update

It's important to us that you're able to clearly understand how we process your information and what rights you have under privacy and data protection laws. We've completely redesigned our Privacy Statement to make it shorter and simpler, reducing the amount of legalese and defined terms to the extent possible.

In addition, we also clarify when we would be processors of your data and when we would be the controller (see below in Our Relationship With You).

We welcome any questions, concerns or feedback you may have about the updates to this Privacy Statement. You can also view the previous version of this Privacy Statement here or through the link at the bottom of the Privacy Statement.

Table of Contents
Our Relationship With YouInformation We ProcessHow We Use Your InformationHow We Share Your InformationProtection, Storage, Transfer and Retention of Your InformationOther Important InformationYour Privacy RightsChanges To Our Privacy StatementContact Us and Privacy QuestionsPrevious Privacy Statements

Our Relationship with You

In situations where our users are subject to our Subscriber Agreement, Enterprise Master Services Agreement, or other Master Services Agreement to use Asana’s services, Asana is the processor/service provider (a provider that processes personal data on behalf of or at the direction of a controller, or other similar designation under the law) and our customer (usually a company or organization) is the controller/business (the entity that decides how and why information is processed) of the information provided to Asana via use of Asana. In all other cases, Asana is the controller of the information.

For example, if you create an account with

  • your corporate email address, your company is the controller of that information.

  • a free email domain (like gmail.com) or personal email account, Asana is the controller.

Asana can be used by companies or by individual users:

If you’re using Asana through your company, educational institution, or with your company email address, your company or educational institution’s own Asana administrator is responsible for the accounts associated with that company or institution and can: restrict, suspend, or terminate your access to or ability to use the services, access information about you, access or retain information stored with us (including your workspace content and log data about your use of Asana), and restrict your ability to edit, restrict, modify, or delete information associated with your use of our products and services.

Information We Process

Asana processes information we receive directly from you, automatically collected when you use Asana or visit one of our websites, and collected by Asana from third parties. However, please note that this Privacy Statement does not apply to the processing of your information by third-parties through your use of any third-party integrations available via our services. Please visit those third-party websites directly for more information on their privacy and data protection practices.

Information Asana Receives Directly From You

Information needed to create an account

This includes information that is needed for Asana to create an account for you and manage your ability to log in and out of Asana:

  • Identifiers, such as first and last name and email address

  • Your password for Asana (hashed) - unique, long, and strong, please

  • Information related to a third-party authentication identity provider, such as Google Authenticator

If you upgrade your account to a paid account, Asana may collect:

  • Billing information, such as name, address, and telephone number

  • Financial information, such as credit card information collected by our payment processors on our behalf

  • Information about your chosen Asana plan

Information you provide to us through your use of Asana

  • Information you provide in goals, portfolios, projects, and tasks

  • Information uploaded to Asana, such as attachments

  • Information from emails you forward to x@mail.asana.com

  • Profile photo and other information you choose to include to describe yourself, only collected if you do choose to provide it, such as your gender pronouns

  • Video and audio recordings, and transcripts of those recordings, if you use video messaging

  • Professional or employment information, such as your title or role at your company

  • Any other information you choose to provide while using Asana that identifies or can be reasonably associated with you

  • Information about your contacts, if you choose to provide it

Other information you may provide to us when you interact with Asana in other ways

You may voluntarily provide us with information when you interact with us in other ways, such as when you directly interact with Asana staff, such as our sales, user research, or user operations groups. Asana may process:

  • Your requests, questions, and responses to us via forms or email

  • Information you provide in connection with Asana sweepstakes, contests, or research studies, if you choose to participate

  • Information to verify your identity

  • Your date of birth

  • Your audio and video, if you participate in a sales call or user research study and do not opt out of call recording, which also involves the collection of biometric information associated with the call recordings

Information automatically processed when you visit our websites or use our mobile or desktop app

Information related to your use of Asana and our websites

We may also collect the following:

  • Metadata and inference information related to your use of Asana, our websites, and third-party integrations to better understand the way you work in Asana. We may log the actions you take as you use Asana, including but not limited to the number of Asana workspaces you work in, the number of tasks you are assigned, when you delete a task or comment, the features and embedded content you interact with, the types of files you share, and what, if any, third-party integrations you use.

  • Internet network activity, cookies, and similar tracking technologies, including data our servers automatically record, such as your web request, IP address, browser type and settings, referring/exit pages and URLs, number of clicks, date and time stamp information, language preferences, and other such information. Please visit our Cookie Notice for more information about the types of information we collect via cookies, including information about advertising and analytics, and how we use it. To manage your cookie settings, you can adjust them in our cookie preference center here: Cookie Settings

  • Information collected as a result of participation in beta testing

  • Information about how you interact with our marketing websites, like asana.com, such as where you click, how long you visit a page, your scrolling, mouse hovers, and other data to help us better understand your experience and provide you with the best user experience

  • Device information and activity when you use Asana via a mobile device, such as the type of device you are using, device IDs, operating system version, and mobile network information, which may include your mobile phone number.

  • Derived device geolocation information, such as approximate geographic location inferred from an IP address

Information Asana Receives from Other Sources

Sometimes Asana receives your information from third-parties (other individuals, marketing services, third-party integrations), which may include:

  • Information processed from third-party integrations you set up with Asana. For example a third-party integration may give us access to information stored in that third party that Asana will process to facilitate the integration

  • Name, email, and business contact information

  • Information about you provided to us from other individuals or users of Asana

How We Use Your Information

Asana uses your information to operate our products and services, communicate with you, process transactions when you change Asana plans, for security and fraud prevention, and to comply with the law. We may process your information to:

Provide services to you and operate our business

  • Maintain, provide, and improve our products and services

  • Help us better understand user interests and needs, and customize Asana for you

  • Analyze and research how you interact with our websites and applications

  • Protect Asana and you, for example:

    • Securing our systems and products against fraud or unauthorized activity

    • Identifying, troubleshooting, and fixing bugs and errors

    • Complying with global laws and regulations

  • Investigate (in good faith) alleged violations of our User Terms of Service

  • Comply with a valid legal subpoena, request, or other lawful process that meets the requirements of our Law Enforcement Guidelines or that we otherwise determine is necessary to respond to

  • If you use Asana as part of an organization, company, or academic institution, Asana will process your personal information as required by our contract with your organization or academic institution. Those contractual terms may differ from, and take precedence over, the uses described in this Privacy Statement.

In addition, we use information about your use of Asana, account information (such as your email address and name), and information related to third-party integrations to:

  • Communicate with you:

    • About Asana by phone, text, email, or chat

    • To share important notices and updates, product changes, and other necessary notices such as security and fraud alerts

    • To advertise or market Asana services to you. You have the ability to unsubscribe from promotional communications at any time

  • Facilitate reporting and analyze performance of the Asana platform or features available in Asana

  • Provide webinars or public presentations

  • Demonstrate Asana or provide you access to a demo Asana instance

  • Process your information at your direction

  • Provide cross-device management of your account. For example, we may locate or try to locate the same unique users across multiple browsers or devices (such as smartphones or tablets), or work with service providers that do this, in order to save your preferences across devices and analyze usage of our products and services. If you wish to opt out of Google’s ability to locate you across devices in this way, you may install the Google Analytics Opt-out Browser Add-on by clicking here.

Provide you with support and get your feedback

  • Respond to your requests for information

  • Help identify and troubleshoot any issues with your account and answer your questions

  • Resolve support requests

  • Provide you with reports about usage

  • Survey your opinions through surveys, research studies, and questionnaires

Combined Information

Unless otherwise prohibited by law, we may combine the information that we collect through your use of our products and services with information that we receive from other sources, both online and offline, and use that combined information as set out above.

Aggregated and De-identified data

We may aggregate and/or de-identify information related to your use of Asana (such as how many tasks or projects you created) so that such information can no longer be linked to you or your device. We may use such aggregated and de-identified data for any purpose, including but not limited to for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, sponsors, event promoters, and/or others.

Legal bases for processing. For more information about the legal bases Asana relies on to process your information, please visit Other Important Information.

How We Share Your Information

We need to share the information we collect about you to make our products and services run smoothly and to operate our business under the following conditions:

  • Service Providers and Subprocessors. We may provide access to or share your information with select third parties that use the information on our behalf to assist in providing Asana’s services, website, and features. These third parties provide a variety of services to us, including without limitation sales, marketing, provision of content and features, advertising, analytics, research, data storage, security, fraud prevention, and other services.

  • Advertising and Marketing. We may provide information collected when you visit an Asana website (such as email addresses) to service providers, who may “match” this information in de-identified form to cookies (or mobile ad identifiers) and other proprietary IDs, in order to provide you with more relevant Asana ads when you visit other websites.

  • Because you ask us to share. We may disclose your information to third parties when you ask us to do so. This includes when you connect Asana with other tools via our available integrations.

  • Consistent with your settings within our products and services. Please note that the information you submit through and share in Asana may be viewable by other users in your workspace, team, division, organization, depending on the specific settings you have selected and if an organization has been created for your domain.

  • Affiliates and Subsidiaries. We may share the information we collect within the Asana family of companies to provide Asana’s services to you. A list of our affiliates can be found here.

  • Business Transfers. If the ownership of all or substantially all of our business changes, or all or some of our assets are sold as part of a bankruptcy or other proceeding, we may transfer your information to the new owner so that the services can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Privacy Statement until the acquiring party updates it. If such transfer is subject to additional mandatory restrictions under applicable laws or agreements, Asana will comply with those restrictions.

  • Compliance with legal obligations. To comply with a valid legal subpoena, request, or other lawful process that meets the requirements of our Law Enforcement Guidelines. We will notify individuals or customers of that request unless: we are prohibited from doing so by law or court order; or there are exceptional circumstances, such as an emergency involving the risk of bodily injury or death to a person or group of people or potential harm to minors.

  • If you have one, your company’s own Asana account administrator. If you’re using Asana in connection with an organization, academic institution, or company domain, your company’s own Asana account administrator can export data associated with the domain they manage if they have a subscription plan that allows them to do so.

  • Public Forums. Our public forums, such as the Asana community forum, make it possible for you to upload and share comments or feedback publicly with other users. Any information that you submit through such public forums is not confidential, and Asana may use it for any purpose (including in testimonials or other Asana marketing materials). Any information you post openly in these ways will be available to the public at large and potentially accessible through third-party search engines. Such information can be read, collected and/or used by other users, and it could be used to send you unsolicited messages.

We use and share the categories of information we collect from and about you consistent with the various business purposes we discuss throughout this Privacy Statement. We do not share your information with third parties for their own direct marketing purposes. We do not sell your information as defined under applicable law. For more information, see our Privacy Commitment.

Protection, Storage, Transfer and Retention of Your Information

Security

Asana takes technical and organizational measures to protect your information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. However, no method of transmission over the Internet, and no means of electronic or physical storage, is absolutely secure, and so we cannot ensure or warrant the security of that information. We are constantly updating and improving our safeguards, and you can read up to date information about our security practices by visiting our Trust page.

Storage

When you use Asana, some information about you will be stored in the United States. For more information about our EU data storage options, please visit our Trust page.

Transfer of Your Information Out of EEA, UK, and Switzerland

When you use our products and services, information about you will be transferred to the United States where the majority of Asana’s data processing occurs. We may also transfer information that we collect about you to third party processors across borders from your country or jurisdiction to other countries or jurisdictions around the world.

Asana uses appropriate technical and operational safeguards for cross-border transfers of personal data collected in the European Economic Area (EEA), United Kingdom, and Switzerland, as required by applicable local law, including the Standard Contractual Clauses.

Asana remains certified under the EU-US Privacy Shield and Swiss-US Privacy Shield, but does not rely on these frameworks to transfer personal data. You can find out more information about Asana’s certification under these frameworks here.

Privacy Shield

Asana complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from the European Union and Switzerland to the United States, respectively. Asana has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement and Liability. In compliance with the EU-US Privacy Shield and Swiss-US Privacy Shield Principles, Asana commits to resolve complaints about your privacy and our collection or use of your personal data. European Union or Swiss citizens with inquiries or complaints regarding this privacy policy should first contact Asana at: privacy@asana.com. Asana has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU Privacy Shield, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Asana, please visit the BBB EU Privacy Shield web site at https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. Asana is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with respect to its compliance with the provisions of the EU-US and Swiss-US Privacy Shield.

Asana will take reasonable and appropriate steps necessary to ensure that any third party who is acting as a “data processor” under EU and Swiss terminology is processing the personal data we entrust to them in a manner that is consistent with the EU-US and Swiss-US Privacy Shield Principles. Asana is potentially liable in cases of onward transfer to third parties of data of EU and Swiss individuals received pursuant to the EU-US and Swiss-US Privacy Shield, respectively.

Data Retention

We will retain your information for the period necessary to fulfill the purposes outlined in this Privacy Statement, to make our products and services available to you, or as instructed by you, unless a longer retention period is required or permitted by law.

Other Important Information

Use by children under 16

If you are under the age of 16, you may not have an Asana account or use Asana’s products or services. We do not knowingly process any information from, or direct any of our products or services to, children under the age of 16.

Marketing Practices and Choices

If you receive email from us, we may use certain analytics tools, such as clear GIFs, to capture data, such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns.

You may instruct us not to use your contact information to contact you by email, postal mail, or phone regarding products, services, promotions, and special events that might appeal to your interests by contacting us at the “Asana Contact Info” section below. In commercial email messages, you can also opt out by following the instructions located at the bottom of such emails.

Please note that, regardless of your request, we may still use and share certain information as permitted by this Privacy Statement or as required by applicable law. For example, you may not opt out of certain transactional, operational, or service-related emails, such as those reflecting our relationship or transactions with you.

Do-Not-Track

Do Not Track is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our websites for third party purposes, and that is why we provide the ability to opt out, if needed, and adjust your cookie preferences. We do not currently recognize or respond to browser-initiated DNT signals. To learn more about Do Not Track, you can do so here. For more information about how Asana uses cookies and similar tracking technologies, visit our Cookie Notice.

Legal Bases for Processing Your Information

Our legal basis under the General Data Protection Regulation (GDPR), a data protection and privacy regulation in the European Union, for collecting and using your information described above will depend on the particular type of information and the specific context in which we collect it. However, some examples of legal bases for processing that we rely on:

  • Where use of your information is necessary to perform our obligations under a contract with you (for example, to comply with the User Terms of Service which you accept by using Asana’s services or to fulfill the terms of a contract signed with companies)

  • Where use of your information is necessary for our legitimate interests or the legitimate interests of others (for example, to provide security, operate our products and services, prevent fraud, analyze use of and improve our products and services, and for similar purposes)

  • Where use of your information is necessary to comply with a legal obligation

  • Where we have your consent to process data in a certain way

Your Privacy Rights

C. Your Privacy Rights

Asana users from around the world use our products to bring clarity to their work. Regardless of what country you’re located in, we respect your ability to know, access, correct, export, restrict the processing of, and delete your information, and have extended those rights globally. We will not discriminate against you for exercising your privacy rights.

Information About Your Rights

Upon your request, and subject to applicable legal exceptions, we will:

  • provide access to and/or a copy of certain information we hold about you

  • prevent the processing of your information for promotional purposes (including any direct marketing processing based on profiling)

  • update information which is out of date or incorrect

  • delete certain information which we have about you

  • restrict the way that we process and disclose some of your information

  • transfer your information to a third party provider of services

  • revoke your consent for the processing of your information

California Rights

In addition to the rights and information listed above, California consumers and their authorized agents can request information about:

  • The categories of information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting your information; and the categories of third parties we share or disclose your information. For your convenience and so you don’t have to request it, we’ve included that information in this Privacy Statement.

  • The financial incentives that we offer to you, if any.

Asana does not sell your data, as defined under applicable law, such as the California Consumer Privacy Act (CCPA).

Nevada Rights

Under Nevada law, certain Nevada consumers may opt out of the sale of information about you. We do not sell your data. However, if you are a Nevada resident you may submit a request to opt out of any potential future sales under Nevada law by completing Asana’s Nevada Opt-Out Form. Please note, if needed, we may take reasonable steps to verify your identity and the authenticity of the request.

Exercising Your Rights

We will need to verify your identity and may need to verify your relationship with Asana (for example, if you’re an administrator of an Asana Organization or Workspace and you’re making a request on behalf of another individual) for security and to prevent fraud.

We may take additional steps to verify that you are authorized to make the request. If you are an end user of Asana’s services and not a direct customer of Asana (for example, your company uses Asana and you’re an employee or authorized representative of that company), you should direct requests relating to your information to the administrator of your company’s Asana account. We will redirect you to your administrator or notify the administrator directly. To exercise your privacy rights, please make a request by filling out this form.

Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation.

Changes To Our Privacy Statement

We will update this Privacy Statement to make sure it accurately reflects our data collection and use practices, our amazing features, advances in technology, or as applicable laws require. We will comply with applicable legal requirements regarding providing you with notice and/or consent when we make such changes, depending on the type of change made. We also provide information about how our Privacy Statement has changed over time below.

Contact Us and Privacy Questions

Asana is located at 633 Folsom Street, Suite 100, San Francisco, CA, 94107-3600. If you wish to contact us or if you have any questions about or complaints in relation to this notice, please contact us at privacy@asana.com. To contact our Data Protection Officer, please email dpo@asana.com.

Previous Privacy Statements

January 1, 2020