Villkor och policyer

Asana User Terms of Service

Effective Date: November 1, 2018

Asana, Inc. (“Asana,” “we,” “our”) offers a variety of team productivity, collaboration, and organizational tools available online, including via a mobile application (collectively, the “Service”), and websites, including but not limited to www.asana.com, wavelength.com, blog.asana.com, community.asana.com (the “Websites”).

Asana has three different types of users depending on the Asana products used:

  • We call users of the Websites “Site Visitors.”
  • We call users who use the free version of the Asana Service “Free Users.” While Free Users can access and use the Service, they have access to a more limited set of Service features and functionality than Subscribers.
  • We call users who use the Service as part of a paid Asana subscription plan (regardless of the subscription tier) “Subscribers.” The Service features and functionalities available to Subscribers are determined by the subscription tier and the specific terms agreed to between Asana and the organization (e.g., your employer or another entity or person, called the “Customer”) that entered into a separate agreement that governs delivery, access, and use of the Service (the “Customer Agreement”).

We refer to these three types of users collectively as “Users” or “you” for purposes of these User Terms of Service (the “Terms”). Regardless of what type of User you are, these Terms create a legal agreement directly between you and Asana and explain the rules governing use of the Service and Websites. By accessing or using the Service and Websites, you acknowledge and agree that you have read, understand, and agree to be bound by these Terms and our Privacy Policy. If you do not agree to these Terms, please do not access or use the Service and Websites.

IMPORTANT NOTICE: DISPUTES ABOUT THESE TERMS AND THE SERVICE AND WEBSITES PROVIDED BY ASANA ARE SUBJECT TO BINDING ARBITRATION AND A WAIVER OF CLASS ACTION RIGHTS AS DETAILED IN THE “MANDATORY ARBITRATION AND CLASS ACTION WAIVER” SECTION BELOW.

We may, from time to time, modify these Terms. Please check this page periodically for updates. If you do not agree to, or cannot comply with, the modified Terms, you must stop using the Service and Websites. The updated Terms will take effect upon their posting and will apply on a going-forward basis, unless otherwise provided in a notice to you, and except as provided in the Mandatory Arbitration and Class Action Waiver section of these Terms. Your continued use of the Service and Websites after any such update constitutes your acceptance of such changes.

1. ELIGIBILITY AND SCOPE

1.1 General. To use the Service and Websites you must be, and represent and warrant that you are, at least 13 years of age and competent to agree to these Terms. If Asana has previously prohibited you from accessing or using the Service and Websites, you are not permitted to access or use the Service and Websites.

1.2 Location. These Terms are applicable to Users located in the United States only. If you are located outside of the United States, you will be presented with a different set of terms.

2. ACCOUNT REGISTRATION AND USE

2.1 Account Registration and Confidentiality. To access the Service and Websites, you must register for an Asana account by creating a user name and password. You agree to provide us with accurate, complete, and current registration information about yourself. It is your responsibility to ensure that your password remains confidential and secure. By registering, you agree that you are fully responsible for all activities that occur under your user name and password. We may assume that any communications we receive under your account have been made by you. If you are a billing owner, an administrator, or if you have confirmed in writing that you have the authority to make decisions on behalf of a Customer (“Account Administrator”), you represent and warrant that you are authorized to make decisions on behalf of the Customer and agree that Asana is entitled to rely on your instructions.

2.2 Unauthorized Account Use. You are responsible for notifying us at terms-questions@asana.com if you become aware of any unauthorized use of or access to your account. You understand and agree that we may require you to provide information that may be used to confirm your identity and help ensure the security of your account. Asana will not be liable for any loss, damages, liability, expenses or attorneys’ fees that you may incur as a result of someone else using your password or account, either with or without your knowledge and/or authorization, and regardless of whether you have or have not advised us of such unauthorized use. You will be liable for losses, damages, liability, expenses and attorneys’ fees incurred by Asana or a third party due to someone else using your account. In the event that the Account Administrator or Customer loses access to an account or otherwise requests information about an account, Asana reserves the right to request from the Account Administrator or Customer any verification it deems necessary before restoring access to or providing information about such account in its sole discretion.

3. OUR PROPRIETARY RIGHTS

The Service and Websites are owned and operated by Asana and contain materials (including all software, design, text, editorial materials, informational text, photographs, illustrations, audio clips, video clips, artwork and other graphic materials, and names, logos, trademarks and services marks) which are derived in whole or in part from materials supplied by Asana and its partners, as well as other sources, and are protected by United States copyright laws, international treaty provisions, trademarks, service marks and other intellectual property laws. The Service and Websites are also protected as a collective work or compilation under U.S. copyright and other law and treaties. You agree to abide by all applicable copyright and other laws, as well as any additional copyright notices or restrictions contained in the Service and Websites. You acknowledge that the Service and Websites have been developed, compiled, prepared, revised, selected, and arranged by Asana and others through the application of methods and standards of judgment developed and applied through the expenditure of substantial time, effort, and money and constitute valuable intellectual property of Asana and such others. You agree to protect the proprietary rights of Asana and all others having rights in the Service and Websites during and after the term of these Terms and to comply with all written requests made by Asana or its suppliers and licensors (collectively, “Suppliers”) of content or otherwise to protect their and others’ contractual, statutory, and common law rights in the Service and Websites. You agree to notify Asana immediately upon becoming aware of any claim that the Service and Websites infringe upon any copyright, trademark, or other contractual, statutory, or common law rights. All present and future rights in and to trade secrets, patents, copyrights, trademarks, service marks, know-how, and other proprietary rights of any type under the laws of any governmental authority, domestic or foreign, including without limitation rights in and to all applications and registrations relating to the Service and Websites shall, as between you and Asana, at all times be and remain the sole and exclusive property of Asana. Any unauthorized use of any material contained on or through the Service and Websites may violate copyright laws, trademark laws, the laws of privacy and publicity and communications regulations and statutes.

4. USER CONTENT AND FEEDBACK

4.1 User Content and Submissions on the Service. The Service allows you to create tasks and submit associated information, text, files, and other materials (collectively, “User Content”) and to share that User Content with others. User Content submitted or otherwise made available to the Service is subject to the following terms:

4.1.1 Free User Content. Free Users maintain ownership of the User Content that they submit to the Service (“Free User Content”). By submitting Free User Content, Free Users grant Asana a license to access, use, copy, reproduce, process, adapt, publish, transmit, and display that Free User Content, as permitted by Asana’s Privacy Policy, including if required to do so by law or in good faith to comply with legal process. We reserve the right to remove any Free User Content on the Service that violates these Terms or that is otherwise objectionable in Asana’s sole discretion.

4.1.2 Subscriber User Content on the Service. Content submitted to the Service by Subscribers (“Subscriber User Content”) is owned and controlled by the Customer as set forth in the introduction to these Terms and the Customer Agreement, except with respect to Subscriber User Content submitted by students pursuant to a Customer Agreement with an educational institution (“Student Content”). Such Student Content is owned by the student and not the educational institution. Asana maintains a limited, non-exclusive and non-transferrable (except in connection with the sale or transfer of its business) license to access, use, copy, reproduce, process, adapt, publish, transmit, host, and display Subscriber User Content for the following limited purposes: (i) to maintain, provide and improve the Service; (ii) to prevent or address technical or security issues and resolve support requests; (iii) to investigate when we have a good faith belief, or have received a complaint alleging, that such Subscriber User Content is in violation of the Customer Agreement or these Terms; (iv) to comply with a valid legal subpoena, request, or other lawful process that meets the requirements of the Customer Agreement and our Law Enforcement Guidelines; and (v) as otherwise set forth in our Customer Agreement or as expressly permitted in writing by the Customer.

4.2 Feedback on the Websites. The Websites may have certain features that allow you to submit comments, information, and other materials (collectively, “Feedback”) to Asana and share such Feedback with other users, or the public. By submitting Feedback through the Websites, you grant Asana a license to access, use, copy, reproduce, process, adapt, publish, transmit, host, and display that Feedback for any purpose (including in testimonials or other Asana marketing materials and where required to do so by law or in good faith to comply with legal process.). We reserve the right to remove any Feedback posted in public forums for any reason at our sole discretion.

4.3 User Content and Feedback Representations. You acknowledge and agree that you have all required rights to submit User Content and Feedback without violation of any third-party rights. You understand that Asana does not control, and is not responsible for, User Content or Feedback, and that by using the Service and/or Websites, you may be exposed to User Content or Feedback from other users that is offensive, indecent, inaccurate, misleading, or otherwise objectionable. Please also note that User Content and Feedback may contain typographical errors, other inadvertent errors or inaccuracies. You agree that you will indemnify, defend, and hold harmless Asana for all claims resulting from User Content or Feedback you submit through the Service and/or Websites. We reserve the right, at our own expense, to assume the exclusive defense and control of such disputes, and in any event you will cooperate with us in asserting any available defenses.

5. LICENSE AND ACCEPTABLE USE

5.1 Your License. Subject to your compliance with these Terms, we grant you a limited, non-exclusive, non-sublicensable, non-transferable, and revocable license to access and use the Service and Websites only for your own internal use (or, for Subscribers, uses authorized by the Customer), and only in a manner that complies with all legal requirements that apply to you or your use of the Service and Websites, including the Asana Privacy Policy and these Terms. Asana may revoke this license at any time, in its sole discretion.

5.2 Acceptable Use. All Users must comply with the following rules regarding acceptable use of the Service and Websites. Disruption of the Service. You may not:

  • access, tamper with, or use non-public areas of the Service and Websites, Asana’s computer systems, or the technical delivery systems of Asana’s providers;
  • probe, scan, or test the vulnerability of any system or network or breach or circumvent any security or authentication measure;
  • access or search the Service and Websites by any means other than Asana’s publicly supported interfaces (for example, “scraping”);
  • attempt to disrupt or overwhelm our infrastructure by intentionally imposing unreasonable requests or burdens on our resources (e.g. using “bots” or other automated systems to send requests to our servers at a rate beyond what could be sent by a human user during the same period of time); or
  • interfere with or disrupt the access of any user, host or network, including, without limitation, by sending a virus, overloading, flooding, spamming, mail-bombing the Service and Websites, or by scripting the creation of User Content in such a manner as to interfere with or create an undue burden on the Service and Websites.

Misuse of the Service and Websites. You may not utilize the Service and Websites to carry out, promote or support:

  • any unlawful or fraudulent activities;
  • the impersonation of another person or entity or the misrepresentation of an affiliation with a person or entity in a manner that does or is intended to mislead, confuse, or deceive others;
  • activities that are defamatory, libelous or threatening, constitute hate speech, harassment, or stalking;
  • the publishing or posting of other people’s private or personal information without their express authorization and permission;
  • the sending of unsolicited communications, promotions advertisements, or spam;
  • the publishing of or linking to malicious content intended to damage or disrupt another user’s browser or computer; or
  • the promotion or advertisement of products or services other than your own without appropriate authorization.

User Content Standards Within the Service and Websites. You may not post any User Content on the Service or Websites that:

  • violates any applicable law, any third party’s intellectual property rights, or anyone’s right of privacy or publicity;
  • is deceptive, fraudulent, illegal, obscene, pornographic (including child pornography, which, upon becoming aware of, we will remove and report to law enforcement, including the National Center for Missing and Exploited children), defamatory, libelous or threatening, constitutes hate speech, harassment, or stalking;
  • contains any personal information of minors;
  • contains any sensitive personal information, such as financial information, payment card numbers, social security numbers, or health information without Asana’s prior written consent granted as part of a Customer Agreement;
  • contains viruses, bots, worms, or similar harmful materials; or
  • contains any information that you do not have a right to make available under law or any contractual or fiduciary duty.

Violations of this Section 5. In addition to any other remedies that may be available to us, Asana reserves the right to take any remedial action it deems necessary, including immediately suspending or terminating your account or your access to the Service or Websites, upon notice and without liability for Asana should you fail to abide by the rules in this Section 5 or if, in Asana’s sole discretion, such action is necessary to prevent disruption of the Service or Websites for other users. If you are a Subscriber, Asana reserves the right to notify the Customer’s Account Administrator(s) or other Customer representative(s) of any violations of these Terms.

6. PRIVACY

For information about how we collect, use, and share the data we collect from and about you, please see our Privacy Policy which is incorporated by reference into these Terms.

7. WARRANTIES, DISCLAIMERS AND LIMITATION OF LIABILITY

THE SERVICE AND WEBSITES AND USER CONTENT, WHETHER PROVIDED BY ASANA, ITS LICENSORS, ITS VENDORS OR ITS USERS, AND OTHER INFORMATION ON OR ACCESSIBLE FROM THE SERVICE AND WEBSITES ARE PROVIDED “AS IS” WITHOUT WARRANTY, REPRESENTATION, CONDITION, OR GUARANTEE OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTIES, REPRESENTATIONS, CONDITIONS OR GUARANTEES OF QUALITY, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ALL OF WHICH ARE DISCLAIMED TO THE FULLEST EXTENT PERMITTED BY LAW. SPECIFICALLY, BUT WITHOUT LIMITATION, ASANA DOES NOT WARRANT THAT: (i) THE INFORMATION AVAILABLE ON THE SERVICE AND WEBSITES IS FREE OF ERRORS; (ii) THE FUNCTIONS OR FEATURES (INCLUDING BUT NOT LIMITED TO MECHANISMS FOR THE DOWNLOADING AND UPLOADING OF USER CONTENT) WILL BE UNINTERRUPTED, SECURE, OR FREE OF ERRORS; (iii) DEFECTS WILL BE CORRECTED, OR (iv) THE SERVICE AND WEBSITES OR THE SERVER(S) THAT MAKE THE SERVICE AND WEBSITES AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. IN NO EVENT SHALL ASANA OR ITS AFFILIATES, LICENSORS, VENDORS, OR ANY OF THEIR RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, OR OTHER REPRESENTATIVES BE LIABLE TO YOU OR ANY OTHER PERSON OR ENTITY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS, LOSS OF DATA, LOSS OF USE, OR COSTS OF OBTAINING SUBSTITUTE GOODS OR SERVICES), ARISING OUT OF OR IN CONNECTION WITH THE SERVICE AND WEBSITES, ANY MATERIALS, INFORMATION, OR RECOMMENDATIONS APPEARING ON THE SERVICE AND WEBSITES, OR ANY LINK PROVIDED ON THE SERVICE AND WEBSITES, WHETHER OR NOT ASANA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND WHETHER BASED UPON WARRANTY, CONTRACT, TORT, STRICT LIABILITY, VIOLATION OF STATUTE, OR OTHERWISE. THIS EXCLUSION OF LIABILITY SHALL APPLY TO THE FULLEST EXTENT PERMITTED BY LAW. IN ANY EVENT, OUR AGGREGATE LIABILITY WILL NOT EXCEED THE AMOUNT PAID FOR THE SERVICE OR WEBSITES TO WHICH THE CLAIM RELATES OR, IF THE CLAIM DOES NOT RELATE TO A PRODUCT OR SERVICE, $100. ASANA DOES NOT WARRANT, ENDORSE, GUARANTEE OR ASSUME RESPONSIBILITY FOR ANY PRODUCT OR SERVICE ADVERTISED OR OFFERED BY A THIRD PARTY THROUGH THE SERVICE AND WEBSITES OR ANY WEBSITE FEATURED OR LINKED TO THROUGH THE SERVICE AND WEBSITES, AND ASANA WILL NOT BE A PARTY TO OR IN ANY WAY BE RESPONSIBLE FOR MONITORING ANY TRANSACTION BETWEEN YOU AND THIRD-PARTY PROVIDERS OF PRODUCTS OR SERVICE AND WEBSITES. ASANA WILL NOT BE LIABLE FOR THE OFFENSIVE OR ILLEGAL CONDUCT OF ANY THIRD PARTY. YOU VOLUNTARILY ASSUME THE RISK OF HARM OR DAMAGE FROM THE FOREGOING. THE FOREGOING LIMITATIONS WILL APPLY EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE AND TO THE FULLEST EXTENT PERMITTED BY LAW. If you are a California resident, you hereby waive California Civil Code §1542, which says: “A general release does not extend to claims which the creditor does not know or suspect to exist in his favor at the time of executing the release, which if known by him or her must have materially affected his or her settlement with the debtor.” This release includes the criminal acts of others.

8. EXCLUSIONS AND LIMITATIONS

Some jurisdictions do not allow the exclusion of certain warranties or the limitation or exclusion of liability for incidental or consequential damages such as above in Section 7. Accordingly, some of the above limitations may not apply to you. If you are a New Jersey resident, or a resident of another state that permits the exclusion of these warranties and liabilities, then the limitations in Section 7 specifically do apply to you.

9. INDEMNITY

YOU AGREE TO INDEMNIFY, DEFEND, AND HOLD ASANA AND ITS RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, MEMBERS, SHAREHOLDERS, CONTRACTORS, OR REPRESENTATIVES (AND ALL SUCCESSORS AND ASSIGNS OF ANY OF THE FOREGOING), HARMLESS FROM AND AGAINST ANY CLAIM OR DEMAND, INCLUDING WITHOUT LIMITATION, REASONABLE ATTORNEYS’ FEES AND DISBURSEMENTS, MADE BY ANY THIRD PARTY IN CONNECTION WITH OR ARISING OUT OF YOUR USE OF THE SERVICE AND WEBSITES, YOUR CONNECTION TO THE SERVICE AND WEBSITES, YOUR VIOLATION OF THE TERMS OR ASANA’S PRIVACY POLICY, YOUR VIOLATION OF AN APPLICABLE LAW, YOUR SUBMISSION, POSTING, OR TRANSMISSION OF USER CONTENT TO THE SERVICE AND WEBSITES, AND/OR YOUR VIOLATION OF ANY RIGHTS OF ANOTHER INDIVIDUAL OR ENTITY. WE RESERVE THE RIGHT, AT OUR OWN EXPENSE, TO ASSUME THE EXCLUSIVE DEFENSE AND CONTROL OF SUCH DISPUTES, AND IN ANY EVENT YOU WILL COOPERATE WITH US IN ASSERTING ANY AVAILABLE DEFENSES.

10. THIRD-PARTY LINKS AND SERVICE AND WEBSITES

The Service and Websites may provide (1) information and content provided by third parties; (2) links to third-party websites or resources, such as sellers of goods and services; and (3) third-party products and services for sale directly to you. Asana is not responsible for the availability of such external sites or resources, and does not endorse and is not responsible or liable for (i) any content, advertising, products, or other materials on or available from such sites or resources, (ii) any errors or omissions in these websites or resources, or (iii) any information handling practices or other business practices of the operators of such sites or resources. You further acknowledge and agree that Asana shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any linked sites or resources. Your interactions with such third parties will be governed by the third parties’ own terms of service and privacy policies, and any other similar terms.

11. MODIFICATION

Asana reserves the right at any time to modify or discontinue, temporarily or permanently, the Service and Websites (or any part thereof), with or without notice. You agree that Asana shall not be liable to you or any third party for any modification, suspension or discontinuance of the Service and Websites.

12. MANDATORY ARBITRATION AND CLASS ACTION WAIVER

PLEASE READ THIS SECTION CAREFULLY. IT AFFECTS YOUR LEGAL RIGHTS, INCLUDING YOUR RIGHT TO FILE A LAWSUIT IN COURT.

12.1 Application. You and Asana agree that these Terms affect interstate commerce and that the Federal Arbitration Act governs the interpretation and enforcement of these arbitration provisions. This Section 12 is intended to be interpreted broadly and governs any and all disputes between us including but not limited to claims arising out of or relating to any aspect of the relationship between us, whether based in contract, tort, statute, fraud, misrepresentation or any other legal theory; claims that arose before these Terms or any prior agreement (including, but not limited to, claims related to advertising); and claims that may arise after the termination of these Terms. The only disputes excluded from this broad prohibition are the litigation of certain intellectual property and small court claims, as provided below.

12.2. Initial Dispute Resolution. Most disputes can be resolved without resort to arbitration. If you have any dispute with us, you agree that before taking any formal action, you will contact us at dispute-notice@asana.com and provide a brief, written description of the dispute and your contact information (including your username, if your dispute relates to an account). Except for intellectual property and small claims court claims, the parties agree to use their best efforts to settle any dispute, claim, question, or disagreement directly through consultation with Asana, and good faith negotiations shall be a condition to either party initiating a lawsuit or arbitration.

12.3 Binding Arbitration. If the parties do not reach an agreed-upon solution within a period of thirty (30) days from the time informal dispute resolution is initiated under the Initial Dispute Resolution provision above, then either party may initiate binding arbitration as the sole means to resolve claims, (except as provided in section 12.7 below) subject to the terms set forth below. Specifically, all claims arising out of or relating to these Terms (including the Terms’ formation, performance, and breach), the parties’ relationship with each other, and/or your use of Asana shall be finally settled by binding arbitration administered by the JAMS Comprehensive Arbitration Rules & Procedures (“JAMS”). The JAMS rules will govern payment of all arbitration fees. Asana will pay all arbitration fees for claims less than $75,000. If you receive an arbitration award that is more favorable than any offer we make to resolve the claim, we will pay you $1,000 in addition to the award. Asana will not seek its attorneys’ fees and costs in arbitration unless the arbitrator determines that your claim is frivolous.

12.4 Arbitrator’s Powers. The arbitrator, and not any federal, state, or local court or agency, shall have exclusive authority to resolve all disputes arising out of or relating to the interpretation, applicability, enforceability, or formation of these Terms including but not limited to any claim that all or any part of these Terms is void or voidable, whether a claim is subject to arbitration, or the question of waiver by litigation conduct. The arbitrator shall be empowered to grant whatever relief would be available in a court under law or in equity. The arbitrator’s award shall be written and shall be binding on the parties and may be entered as a judgment in any court of competent jurisdiction.

12.5 Filing a Demand. To start an arbitration, you must do the following: (a) Write a Demand for Arbitration (“Demand”) that (i) briefly explains the dispute, (ii) lists your and Asana’s names and addresses, (iii) specify the amount of money in dispute, if applicable, (iv) identify the requested location for a hearing if an in-person hearing is requested, and (v) state what you want in the dispute; (b) send one copy of the Demand to JAMS, along with a copy of these Terms and the filing fee required by JAMS; and (c) Send one copy of the Demand for Arbitration to us at dispute-notice@asana.com.

The parties understand that, absent this mandatory arbitration provision, they would have the right to sue in court and have a jury trial. They further understand that, in some instances, the costs of arbitration could exceed the costs of litigation and the right to discovery may be more limited in arbitration than in court. If you are a resident of the United States, arbitration may take place in the county where you reside at the time of filing, unless you and we both agree to another location or telephonic arbitration. For individuals residing outside the United States, arbitration shall be initiated in San Francisco County, California, United States, and you and Asana agree to submit to the personal jurisdiction of any federal or state court in San Francisco County, California, United States, in order to compel arbitration, stay proceedings pending arbitration, or to confirm, modify, vacate, or enter judgment on the award entered by the arbitrator.

12.6 Class Action Waiver. The parties further agree that the arbitration shall be conducted in the party’s respective individual capacities only and not as a class action or other representative action, and the parties expressly waive their right to file a class action or seek relief on a class basis. YOU AND ASANA AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING. If any court or arbitrator determines that the class action waiver set forth in this paragraph is void or unenforceable for any reason or that an arbitration can proceed on a class basis, then the arbitration provisions set forth above shall be deemed null and void in their entirety and the parties shall be deemed to have not agreed to arbitrate disputes.

12.7 Exception: Litigation of Intellectual Property and Small Claims Court Claims. Notwithstanding the parties’ decision to resolve all disputes through arbitration, either party may bring enforcement actions, validity determinations or claims arising from or relating to theft, piracy or unauthorized use of intellectual property in state or federal court with jurisdiction or in the U.S. Patent and Trademark Office to protect its intellectual property rights (“intellectual property rights” means patents, copyrights, moral rights, trademarks, and trade secrets, but not privacy or publicity rights). Either party may also seek relief in small claims court in San Francisco, California for disputes or claims within the scope of that court’s jurisdiction.

12.8 30-Day Right to Opt Out. You have the right to opt out and not be bound by the arbitration and class action waiver provisions set forth above by sending written notice of your decision to opt out to dispute-notice@asana.com with the subject line, “ARBITRATION AND CLASS ACTION WAIVER OPT-OUT.” The notice must be sent within the later of 30 days of your first use of the Service or within 30 days of changes to this section being announced on the Site. Otherwise you shall be bound to arbitrate disputes in accordance with the terms of these paragraphs. If you opt out of these arbitration provisions, Asana also will not be bound by them.

12.9 Changes to This Section. Asana will provide thirty (30) days’ notice of any changes to this section by posting on the Service and Websites. Amendments will become effective thirty (30) days after they are posted on the Service and Websites or sent to you by email. Changes to this section will otherwise apply prospectively only to claims arising after the thirtieth (30th) day. If a court or arbitrator decides that this subsection on “Changes to This Section” is not enforceable or valid, then this subsection shall be severed from the section entitled Mandatory Arbitration and Class Action Waiver, and the court or arbitrator shall apply the first Mandatory Arbitration and Class Action Waiver section in existence after you began using the Service and Websites.

12.10 Survival. This Mandatory Arbitration and Class Action Waiver section shall survive any termination of your use of the Service and Websites.

13. CONTROLLING LAW AND SEVERABILITY

These Terms shall be construed in accordance with and governed by the laws of California notwithstanding its conflicts of law principles. Any dispute arising out of these terms and conditions or the use of this site shall be initiated and conducted in the state or federal courts of San Francisco County, California, and you and Asana consent to the exclusive jurisdiction of such courts.

14. GENERAL TERMS

14.1 Force Majeure. Under no circumstances shall Asana or its licensor or supplier be held liable for any delay or failure in performance resulting directly or indirectly from an event beyond its reasonable control.

14.2 No Waiver. No waiver of any provision of these Terms will be binding unless in writing, no waiver of any provisions of these Terms will be deemed a further or continuing waiver of such provision or any other provision, and the failure of Asana to exercise or enforce any right or remedy in these Terms does not waive that right or remedy. If an arbitrator or a court of competent jurisdiction finds any provision of these Terms to be invalid, the parties agree that the court should endeavor to give effect, to the maximum extent permitted by law, to the parties’ intentions as reflected in the provision, and the other provisions of these Terms will remain in full force and effect.

14.3 Third-Party Beneficiaries. You agree that, except as otherwise expressly provided in these Terms, there shall be no third-party beneficiaries to these Terms.

14.4 Statute of Limitations. Except for residents of New Jersey, you agree that regardless of any statute or law to the contrary, any claim or cause of action arising out of or related to the use of the Service and Websites and/or these Terms must be filed within one (1) year after such claim or cause of action arose or be forever barred.

14.5 Miscellaneous. These Terms (and all terms and conditions incorporated herein) constitute the entire agreement between you and Asana and govern your use of the Service and Websites, and supersede any prior agreements between you and Asana on the subject matter. These Terms, and any rights or licenses granted hereunder, may not be assigned or delegated by you. These Terms, and any rights or licenses granted hereunder, may be assigned or delegated by Asana without restriction. These Terms bind and inure to the benefit of each party and the party’s successors and permitted assigns. These Terms may not be modified by an oral statement by a representative of Asana. No agency, partnership, joint venture or employee-employer relationship is intended or created by these Terms. You agree that any agreements made by and between you and us in electronic form are as legally binding as if made in physical written form. If you are using the Service and Websites for or on behalf of the U.S. government, your license rights do not exceed those granted to non-government consumers. The section titles in these Terms are for convenience only and have no legal or contractual effect. Any provision of these Terms that by its nature is reasonably intended to survive beyond termination of these Terms shall survive.

14.6 Notices. We may deliver notice to you by e-mail, posting a notice on the Service and Websites or any other method we choose and such notice will be effective on dispatch. If you give notice to us, it will be effective when received and you must use the following physical or email address: (1) Asana, Inc. 1550 Bryant Street, Suite 200, San Francisco, CA 94103; or (2) terms-questions@asana.com.

15. QUESTIONS

If you have any questions about these Terms, please contact us at terms-questions@asana.com.

Asana underprocessorer

Senast uppdaterad: 19 november 2020

Asana och dess dotterbolag använder underprocessorer från tredje part och närstående bolag för att hjälpa oss tillhandahålla tjänster till våra kunder. En underprocessor är en tredjepartsprocessor som är anlitad av Asana eller i vissa fall av ett Asana-dotterbolag och som tar emot data från Asana och behandlar personuppgifter på uppdrag av våra kunder.

Som ett villkor för att tillåta en underprocessor att behandla personuppgifter upprättar Asana (och dess dotterbolag i vissa fall) ett skriftligt avtal innehållande dataskyddsskyldigheter med varje underprocessor. Detta är minst lika säkert som de tekniska och organisatoriska åtgärderna Asana har infört för att skydda kundens personuppgifter mot oavsiktlig eller olaglig förstörelse, förlust, ändring eller otillåten spridning eller åtkomst.

Registrera dig nedan för att få aviseringar om underprocessorändringar.

Underprocessorer från tredje part

Entitet, namn Underprocessor, aktivitet Entitet, land
Amazon Web Services, Inc. Cloud Service Provider Förenta staterna
Forethought Technologies, Inc Kundsupport Förenta staterna
Looker Data Sciences, Inc. (Google) Analys-tjänster Förenta staterna
Sendgrid, Inc. (Twilio) E-postbehandling Förenta staterna
Snowflake Inc. Data-lagerställe Förenta staterna
Tableau Software, LLC (Salesforce) Analys och datavisualisering Förenta staterna
Vimeo, LLC Videomeddelanden Förenta staterna
Wildbit, LLC (Postmark) E-postbehandling Förenta staterna
Zendesk, Inc. Cloud-kundsupport Förenta staterna

Asanas dotterbolag

Entitet, namn Entitet, land
Asana Software Ireland Limited Irland
Asana Software Australia Pty Ltd Australien
Asana Software Iceland ehf Island
Asana Software Canada Ltd Kanada
Asana Japan KK Japan
Asana Software UK Limited Storbrittanien
Asana Germany Gmbh Tyskland
Asana Software Singapore Pte Ltd Singapore
Asana France Frankrike

Uppdateringar

I takt med att Asana fortsätter att växa kan vi besluta att använda nya underprocessorer och meddelar dig i sådana fall om detta enligt ditt tillämpliga avtal med Asana.

Asana Data Processing Addendum

This Data Processing Addendum, including the Standard Contractual Clauses where applicable (“DPA”), is entered into between Asana, Inc. (“Asana”) and the entity identified in the Agreement (“Customer”) (each referred to as a “Party” and collectively as the “Parties”). This DPA is incorporated by reference into the applicable subscription agreement governing use of the Service (the “Agreement”) between the Parties. All capitalized terms used in this DPA but not defined will have the meaning set forth in the Agreement. To the extent of any conflict or inconsistency between this DPA, any previously executed data processing agreement, and the remaining terms of the Agreement, this DPA will govern.

This DPA sets out the terms that apply when personal data is processed by Asana under the Agreement. The purpose of the DPA is to ensure such processing is conducted in accordance with Applicable Law and respects the rights of individuals whose personal data are processed under the Agreement.

1. Definitions

“Applicable Law(s)” means all applicable laws, regulations, and other legal or regulatory requirements in any jurisdiction relating to privacy, data protection, security, or the processing of personal data, including without limitation (i) the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (“CCPA”), (ii) the General Data Protection Regulation, Regulation (EU) 2016/679 (“GDPR”), (iii) in respect of the United Kingdom, the Data Protection Act 2018 and the GDPR as saved into United Kingdom law by virtue of section 3 of the United Kingdom's European Union (Withdrawal) Act 2018 (the "UK GDPR"), and (iv) the Swiss Federal Data Protection Act ("Swiss DPA"). For the avoidance of doubt, if Asana’s processing activities involving personal data are not within the scope of an Applicable Law, such law is not applicable for purposes of this DPA.

“Asana” means Asana, Inc., a company incorporated in Delaware, and its Affiliates.

“controller”, “personal data”, “process”, “processing”, “processor”, and “data subject” will have the same meanings as defined by Applicable Law. Other relevant terms such as “business”, “business purpose”, “consumer”, “personal information”, “sale” (including the terms “sell”, “selling”, “sold”, and other variations thereof), “service provider”, and “third party” have the meanings given to those terms under the CCPA.

“Customer Personal Data” means personal data, personal information or personally identifiable information Customer uploads or otherwise inputs into the Service and which is processed in connection with the provision of the Service under the Agreement by Asana on behalf of the Customer.

“Data Breach” means any breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data processed by Asana and/or its subprocessors in connection with the provision of the Service.

“Europe" means the European Economic Area, which constitutes the member states of the European Union and Norway, Iceland, and Liechtenstein ("EEA"), as well as, for the purposes of this DPA, Switzerland and the United Kingdom.

“Restricted Transfer" means: (i) where the GDPR applies, a transfer of personal data from the EEA to a country outside of the EEA which is not subject to an adequacy determination by the European Commission; (ii) where the UK GDPR applies, a transfer of personal data from the United Kingdom to any other country which is not subject to adequacy regulations adopted pursuant to Section 17A of the United Kingdom Data Protection Act 2018; and (iii) where the Swiss DPA applies, a transfer of personal data to a country outside of Switzerland which is not included on the list of adequate jurisdictions published by the Swiss Federal Data Protection and Information Commissioner.

“Standard Contractual Clauses” means (i) where the GDPR applies, the standard contractual clauses annexed to the European Commission's Implementing Decision 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the European Council (available as of June 2021 https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj), (the "EU SCCs"); (ii) where the UK GDPR applies, the applicable standard data protection clauses adopted pursuant to Article 46(2)(c) or (d) of the UK GDPR ("UK SCCs"); and (iii) where the Swiss DPA applies, the applicable standard data protection clauses issued, approved or recognized by the Swiss Federal Data Protection and Information Commissioner (the "Swiss SCCs"), in each case as completed as described in Section 9 (Data Transfers) below.

2. Relationship of the Parties

2.1 Asana as a Processor. The Parties acknowledge and agree that with regard to Customer Personal Data, Customer is a controller and Asana is a processor.

2.2 Asana as a Subprocessor. In circumstances in which Customer may be a processor, Customer appoints Asana as Customer’s subprocessor, which will not change the obligations of either Customer or Asana under this DPA.

3. Customer’s Instructions to Asana

3.1 Purpose Limitation. Asana will process Customer Personal Data (a) in order to provide the Service in accordance with the Agreement; (b) with Customer’s lawful instructions as set forth under Section 3.3; (c) as necessary to comply with Applicable Law; and (d) as otherwise agreed in writing.

3.2 No Sale of Personal Information. Asana will not sell Customer Personal Data or otherwise process Customer Personal Data for any purpose other than as set forth in the Agreement, unless obligated to do so under Applicable Law. In such case, Asana will inform Customer of that legal requirement before such processing unless legally prohibited from doing so. Further details regarding Asana’s processing operations are set forth in Exhibit A.

3.3 Lawful Instructions. Customer appoints Asana as a processor (or subprocessor) to process Customer Personal Data on behalf of, and in accordance with, Customer’s instructions. Customer will not instruct Asana to process Customer Personal Data in violation of Applicable Law. Asana will promptly inform Customer if, in Asana’s opinion, an instruction from Customer infringes Applicable Law. The Agreement, including this DPA, along with Customer’s configuration of the Service (as Customer may be able to modify from time to time), constitutes Customer’s complete and final instructions to Asana regarding the processing of Customer Personal Data, unless otherwise agreed in writing.

4. Subprocessing

4.1 Subprocessors. Customer acknowledges and agrees that Asana’s Affiliates and certain third parties may be retained as subprocessors (“Subprocessors”) to process Customer Personal Data on Asana’s behalf in order to provide the Service. Asana’s Subprocessors are listed at https://asana.com/terms#subprocessors. Asana will impose contractual obligations on any Subprocessor Asana appoints requiring it to protect Customer Personal Data to standards which are no less protective than those set forth under this DPA. Asana remains liable for its Subprocessors’ performance under this DPA to the same extent Asana is liable for its own performance. If Customer subscribes to receive updates available at https://asana.com/terms#subprocessors, Customer will be automatically notified of new Subprocessors ten (10) business days before Asana authorizes such Subprocessor to process Customer Personal Data (or in the case of an emergency, as soon as reasonably practicable). The subprocessor agreements to be provided under Clause 9 of the Standard Contractual Clauses may have all commercial information, or provisions unrelated to the Standard Contractual Clauses, redacted prior to sharing with Customer, and Customer agrees that such copies will be provided only upon Customer’s written request.

4.2 Right to Object. Customer may reasonably object to Asana’s use of a new Subprocessor by notifying Asana promptly in writing at dpa@asana.com (with its reasonable grounds for objection) within ten (10) business days after receipt of Asana’s notice as described in Section 4.1. In the event Customer objects to a new Subprocessor, Asana will use commercially reasonable efforts to make available to Customer a change in the Service or Customer’s configuration or use of the Service to avoid processing of Customer Personal Data by the objected-to new Subprocessor. If Asana is unable to make available such change within a reasonable period of time, which will not exceed thirty (30) days, either Party may upon written notice terminate without penalty the applicable Order Form(s) or the Agreement.

5. Assistance and Cooperation

5.1 Security. Asana will use appropriate technical and organizational measures to protect Customer Personal Data that it processes. Such measures will take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, so as to ensure a level of security appropriate to the risk. Asana will ensure that the persons Asana authorizes to process Customer Personal Data are subject to written confidentiality agreements or a statutory obligation of confidentiality no less protective than the confidentiality obligations set forth in the Agreement.

5.2 Data Breach Notification and Response. Asana will comply with the Data Breach-related obligations directly applicable to it under Applicable Law. Taking into account the nature of processing and the information available to Asana, Asana will assist Customer by notifying it of a confirmed Data Breach without undue delay or within the time period required under Applicable Law, and in any event no later than seventy-two (72) hours following such confirmation. To the extent available, this notification will include Asana’s then-current assessment of the following:

  • (a) the nature of the Data Breach, including, where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;

  • (b) the likely consequences of the Data Breach; and

  • (c) measures taken or proposed to be taken by Asana to address the Data Breach, including, where applicable, measures to mitigate its possible adverse effects.

Asana will provide timely and periodic updates to Customer as additional information regarding the Data Breach becomes available. Customer acknowledges that any updates may be based on incomplete information. Asana will not assess the contents of Customer Data for the purpose of determining if such Customer Data is subject to any requirements under Applicable Law. Nothing in this DPA or in the Standard Contractual Clauses will be construed to require Asana to violate, or delay compliance with, any legal obligation it may have with respect to a Data Breach or other security incidents generally.

6. Responding to Individuals Exercising Their Rights Under Applicable Law

To the extent legally permitted, Asana will promptly notify Customer, or refer the individual back to the Customer, if Asana receives any requests from an individual seeking to exercise any rights afforded to them under Applicable Law regarding their personal data, which may include: access, rectification, restriction of processing, erasure (“right to be forgotten”), data portability, objection to the processing, or to not be subject to an automated individual decision making (each, a “Data Subject Request”). In the event Customer is unable to address a Data Subject Request in its use of the Service, Asana will, upon Customer’s request, provide commercially reasonable efforts to assist Customer in responding to such Data Subject Request, to the extent Asana is legally permitted to do so and the response to such Data Subject Request is required under Applicable Law. To the extent legally permitted, Customer will be responsible for any costs arising from Asana’s provision of additional functionality to assist with a Data Subject Request.

7. DPIAs and Consultation with Supervisory Authorities or other Regulatory Authorities

Taking into account the nature of the processing and the information available to Asana, Asana will provide reasonable assistance to and cooperation with Customer for Customer’s performance of any legally required data protection impact assessment of the processing or proposed processing of Customer Personal Data involving Asana, and in consultation with supervisory authorities or other regulatory authorities as required, by providing Customer with any publicly available documentation for the Service or by complying with Section 10 (Audits) below. Additional support for data protection impact assessments or relations with regulators may be available and would require mutual agreement on fees, the scope of Asana’s involvement, and any other terms that the Parties deem appropriate.

8. Responding to Law Enforcement Requests

To the extent legally permitted, upon request for data or records from law enforcement or a governmental entity, Asana will respond to such requests in accordance with the guidelines set forth at https://asana.com/terms#law-enforcement-guidelines. Asana responds only to law enforcement requests that adhere to established legal process and applicable laws.

9. Data Transfers

9.1 Customer authorizes Asana and its Subprocessors to make international transfers of Customer Personal Data in accordance with this DPA and Applicable Law.

9.2 Customer acknowledges and agrees that, subject to compliance with Applicable Laws, Asana may process Customer Personal Data anywhere in the world where Asana, its Affiliates or its subprocessors maintain data processing operations. The Parties agree that when the transfer of Customer Personal Data from Customer (as "data exporter") to Asana (as "data importer") is a Restricted Transfer and Applicable Law requires that appropriate safeguards are put in place, the Parties will be subject to the Standard Contractual Clauses, which will be deemed incorporated into and form a part of this DPA, as follows:

  • (a) In relation to transfers of Customer Personal Data protected by the GDPR, the EU SCCs will be completed as follows:

    • (i) The clauses as set forth in Module Two (controller to processor) will apply only to the extent Customer is a controller and Asana is a processor;

    • (ii) The clauses as set forth in Module Three (processor to processor) will only apply to the extent Customer is a processor and Asana is a subprocessor;

    • (iii) The “data exporter” is the Customer, and the exporter’s contact information is set forth below;

    • (iv) The “data importer” is Asana, and Asana’s contact information is set forth below;

    • (v) In Clause 7, the optional docking clause will apply;

    • (vi) In Clause 9, Option 2 will apply, and the time period for prior notice of subprocessor changes will be as set out in Section 4.1 of this DPA;

    • (vii) In Clause 11, the optional language will not apply;

    • (viii) In Clause 17, Option 1 will apply, and the EU SCCs will be governed by Irish law;

    • (ix) In Clause 18(b), disputes will be resolved before the courts of Ireland; and

    • (x) Annexes I and II of the Appendix are set forth in Exhibit A below.

  • (b) In relation to transfers of Customer Personal Data protected by the UK GDPR, the EU SCCs will also apply to such transfers in accordance with paragraph (a) above, subject to the following:

    • (i) Any references in the EU SCCs to "Directive 95/46/EC" or "Regulation (EU) 2016/679" will be interpreted as references to the UK GDPR;

    • (ii) Any references to "EU", "Union" and "Member State law" will be interpreted as references to English law; and

    • (iii) Any references to the "competent supervisory authority" and "competent courts" will be interpreted as references to the relevant data protection authority and courts in England;

    • unless the EU SCCs as implemented above cannot be used to lawfully transfer such Customer Personal Data in compliance with the UK GDPR, in which event the UK SCCs will instead be incorporated by reference and form an integral part of this DPA and will apply to such transfers. Where this is the case, the relevant Annexes or Appendices of the UK SCCs will be populated using the information contained in Exhibit A of this DPA (as applicable).

  • (c) In relation to transfers of Customer Personal Data protected by the Swiss DPA, the EU SCCs will also apply to such transfers in accordance with paragraph (a) above, subject to the following:

    • (i) Any references in the EU SCCs to "Directive 95/46/EC" or "Regulation (EU) 2016/679" will be interpreted as references to the Swiss DPA;

    • (ii) Any references to "EU", "Union" and "Member State law" will be interpreted as references to Swiss law; and

    • (iii) Any references to the "competent supervisory authority" and "competent courts" will be interpreted as references to the relevant data protection authority and courts in Switzerland;

    • unless the EU SCCs as implemented above cannot be used to lawfully transfer such Customer Personal Data in compliance with the Swiss DPA, in which event the Swiss SCCs will instead be incorporated by reference and form an integral part of this DPA and will apply to such transfers. Where this is the case, the relevant Annexes or Appendices of the Swiss SCCs will be populated using the information contained in Exhibit A of this DPA (as applicable).

9.3 It is not the intention of either Party to contradict or restrict any of the provisions set forth in the Standard Contractual Clauses and, accordingly, if and to the extent the Standard Contractual Clauses conflict with any provision of the Agreement (including this DPA) the Standard Contractual Clauses will prevail to the extent of such conflict.

9.4 If Asana adopts an alternative data transfer mechanism (including any new version of or successor to the Standard Contractual Clauses adopted pursuant to Applicable Laws) for the transfer of Customer Personal Data that is not described in this DPA ("Alternative Transfer Mechanism"), the Alternative Transfer Mechanism will apply instead of any applicable transfer mechanism described in this DPA (but only to the extent such Alternative Transfer Mechanism complies with Applicable Law).

9.5 By entering into this DPA, the Parties are deemed to be signing the applicable Standard Contractual Clauses and its applicable Appendices and Annexes.

10. Audits

10.1 Audit. Asana will allow for and contribute to audits conducted by Customer (or a third party auditor mutually agreed by both parties ("Auditor")) of documentation, data, certifications, reports, and records relating to Asana's processing of Customer Personal Data (“Records”) for the sole purpose of determining Asana's compliance with this DPA subject to the terms of this Section 10 provided the Agreement remains in effect and such audit is at Customer’s sole expense (an "Audit").

10.2 Written Notice. Customer may request an Audit upon fourteen (14) days’ prior written notice to Asana, no more than once annually, except, in the event of a Data Breach occurring on Asana’s systems, in which case Customer may request an Audit within a reasonable period of time following such Data Breach.

10.3 Further Written Requests and Inspections. To the extent that the provision of Records does not provide sufficient information to allow Customer to determine Asana’s compliance with the terms of this DPA, Customer may, as necessary: (i) request additional information from Asana in writing, and Asana will respond to such written requests in within a reasonable period of time ("Written Requests"); and (ii) only where Asana's responses to such Written Requests do not provide the necessary level of information required by Customer, request access to Asana's premises, systems and staff, upon twenty one (21) days prior written notice to Asana (an "Inspection") subject to the parties having mutually agreed upon (a) the scope, timing, and duration of the Inspection, (b) the use of an Auditor to conduct the Inspection, (c) the Inspection being carried out only during Asana's regular business hours, with minimal disruption to Asana’s business operations, and (d) all costs associated with the Inspection being borne by Customer (including Asana's time in connection with facilitating the Inspection, charged at Asana's then-current rates). Inspections will be permitted no more than once annually.

10.4 Confidentiality. In connection with any Audit or Inspection conducted in accordance with this Section 10, the Auditor must be bound by obligations of confidentiality no less protective than those contained in the Agreement. Auditor's will not be entitled to receive any data or information pertaining to other clients of Asana or any other Confidential Information of Asana that is not directly relevant for the authorized purposes of the Audit or Inspection.

10.5 Corrective Action. If any material non-compliance is identified by an Audit or Inspection, Asana will take prompt action to correct such non-compliance.

11. Return or Destruction of Customer Personal Data

Upon termination of the Agreement and written verified request from Customer’s authorized representative (which for purposes of this section is either a billing owner or an Administrator of the Service or a Customer personnel who has confirmed in writing that they are authorized to make decisions on behalf of the Customer), Asana will delete Customer Personal Data, unless prohibited by Applicable Law.

EXHIBIT A
Annex I to the Standard Contractual Clauses

A. LIST OF PARTIES

MODULE TWO: Transfer controller to processor

MODULE THREE: Transfer processor to processor

Data exporter(s): Details/Descriptions
Name: Customer, a user of the Service
Address: Address as listed in the Agreement
Contact person’s name, position and contact details: Contact information as listed in the Agreement
Activities relevant to the data transferred under these Clauses: Activities relevant are described in Section B below
Signature and date: See Section 9.5 of DPA
Role (controller/processor): Controller and/or processor
Data importer(s): Details/Descriptions
Name: Asana, Inc., provider of the Service
Address: 633 Folsom Street, Suite 100, San Francisco, CA 94107
Contact person’s name, position and contact details: privacy@asana.com or dpo@asana.com
Activities relevant to the data transferred under these Clauses: Activities relevant are described in Section B below
Signature and date: See Section 9.5 of DPA
Role (controller/processor): Processor

B. DESCRIPTION OF TRANSFER

MODULE TWO: Transfer controller to processor

MODULE THREE: Transfer processor to processor

Categories of data subjects whose personal data is transferred

The categories of data subjects whose personal data is transferred are determined solely by the data exporter. In the normal course of the data importer's Service, the categories of data subject might include (but are not limited to): the data exporter’s personnel, customers, service providers, business partners, affiliates and other End Users.

Categories of personal data transferred

The categories of personal data transferred are determined solely by the data exporter. In the normal course of the data importer's Service, the categories of personal data transferred might include (but are not limited to): name, email address, telephone, title, free text projects, and task lists entered by the data exporter or its End Users.

Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.

The data importer does not intentionally or knowingly process any special category data. However the categories of personal data transferred are determined solely by the data exporter.

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).

Continuous with use of the Service.

Nature of the processing

The provision of the Service to Customer in accordance with the Agreement.

Purpose(s) of the data transfer and further processing

To provide the Service to Customer as described in the Agreement.

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

For as long as necessary to provide the Service as described in the Agreement, as legally or contractually required, or upon receipt of Customer’s written request for deletion.

For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing

The subject matter, nature and duration of the processing are specified above and in the Agreement.

C. COMPETENT SUPERVISORY AUTHORITY

MODULE TWO: Transfer controller to processor

MODULE THREE: Transfer processor to processor

Identify the competent supervisory authority lies in accordance with Clause 13

Customer agrees the competent supervisory authority will be the Data Protection Commission (DPC) of Ireland.

Annex II to the Standard Contractual Clauses

TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

MODULE TWO: Transfer controller to processor

MODULE THREE: Transfer processor to processor

Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons.

Asana emphasizes the following principles in the design and implementation of its security program and practices: (a) physical and environmental security to protect the Service against unauthorized access, use, or modification; (b) maintaining availability for operation and use of the Service; (c) confidentiality to protect customer data; and (d) integrity to maintain the accuracy and consistency of data over its life cycle.

Description of Asana’s current technical and organizational security measures can be found at https://asana.com/security-standards.

Specific measures:

Measure Description
Measures of pseudonymisation and encryption of personal data Customer Data is encrypted in transit and encrypted at rest (and remains encrypted at rest). The connection to app.asana.com is encrypted with 128-bit encryption and supports TLS 1.2 and above. Logins and sensitive data transfer are performed over encrypted protocols such as TLS or ssh.
Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services Asana maintains an information security program, which includes: (a) having a formal risk management program; (b) conducting periodic risk assessments of all systems and networks that process Customer Data on at least an annual basis; (c) monitoring for security incidents and maintaining a tiered remediation plan to ensure timely fixes to any discovered vulnerabilities; (d) a written information security policy and incident response plan that explicitly addresses and provides guidance to its personnel in furtherance of the security, confidentiality, integrity, and availability of Customer Data; (e) penetration testing performed by a qualified third party on an annual basis; and (f) having resources responsible for information security efforts.
Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident Asana takes daily snapshots of its databases and securely copies them to a separate data center for restoration purposes in the event of a regional AWS failure. Backups are encrypted and have the same protection in place as production. Additionally, Customer Data is stored cross-regionally with AWS.
Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing On an annual basis, Asana performs on its own and engages third-parties to perform a variety of testing to protect against unauthorized access to Customer Data and to assess the security, reliability, and integrity of the Service. To the extent Asana determines, in its sole discretion, that any remediation is required based on the results of such testing, it will perform such remediation within a reasonable period of time taking into account the nature and severity of the identified issue
As of the Effective Date, Asana undergoes a SOC 2 Type II audit on an annual basis with respect to the suitability of its controls to meet the criteria related to security, availability, and confidentiality set forth in the 2016 edition of TSP section 100A, Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Principles and Criteria). Asana maintains an ISO/IEC 27001:2013 certification to demonstrate our conformity with the defined requirements in the ISO/IEC 27001:2013 standard.
Measures for user identification and authorisation Access to manage Asana’s AWS environment requires multi-factor authentication, ssh access to the Service is logged, and access to Customer Data is restricted to a limited set of approved Asana employees. AWS networking features such as security groups are leveraged to restrict access to AWS instances and resources and are configured to restrict access using the principle of least privilege. Employees are trained on documented information security and privacy procedures. Every Asana employee signs a data access policy that binds them to the terms of Asana’s data confidentiality policies and access to Asana systems is promptly revoked upon termination of employment.
Measures for the protection of data during transmission Customer Data is encrypted in transit and encrypted at rest (and remains encrypted at rest). The connection to app.asana.com is encrypted with 128-bit encryption and supports TLS 1.2 and above. Logins and sensitive data transfer are performed over encrypted protocols such as TLS or ssh.
Measures for the protection of data during storage Customer Data is stored cross-regionally with AWS. Data backups are encrypted. Customer data is encrypted at rest with AES 256 bit secret keys.
Measures for ensuring physical security of locations at which personal data are processed Asana uses Amazon Web Services (AWS) to provide management and hosting of production servers and databases in both the United States and the European Union. AWS employs a robust physical security program with multiple certifications, including SSAE 16 and ISO 27001 certification.
Measures for ensuring events logging All access to information security management systems at Asana are restricted, monitored, and logged. At a minimum, log entries include date, timestamp, action performed, and the user ID or device ID of the action performed. The level of additional detail to be recorded by each audit log will be proportional to the amount and sensitivity of the information stored and/or processed on that system. All logs are protected from change.
Measures for ensuring system configuration, including default configuration To prevent and minimize the potential for threats to Asana’s systems, baseline configurations are required prior to deployment of any user, network, or production equipment. Baseline configurations are in place for wireless security settings in order to ensure strong encryption and replace vendor default settings as part of deployment of network devices. Systems are centrally managed and configured to detect and alert on suspicious activity.
Measures for internal IT and IT security governance and management IT Security Governance and Management structures and processes are designed to ensure compliance with data protection principles at their effective implementation. Asana maintains a formal information security program with dedicated security personnel reporting to the Head of Security. The Security Team is responsible for implementing security controls and monitoring Asana for suspicious activity. Policies and Procedures, including the Asana Information Security Policy, are updated on an annual basis and reviewed and approved by Management. On a quarterly basis, senior management meets with the board of directors to review business objectives, projects, resource needs, and risk mitigation activities, including results from internal and external assessments.
Measures for certification/assurance of processes and products As of the Effective Date, Asana undergoes a SOC 2 Type II audit on an annual basis with respect to the suitability of its controls to meet the criteria related to security, availability, and confidentiality set forth in the 2016 edition of TSP section 100A, Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Principles and Criteria). Asana maintains an ISO/IEC 27001:2013 certification to demonstrate our conformity with the defined requirements in the ISO/IEC 27001:2013 standard.
Measures for ensuring data minimisation Asana only collects information that is necessary in order to provide the Services outlined in our Terms of Service. Our employees are directed to access only the minimum amount of information necessary to perform the task at hand.
Measures for ensuring data quality Asana maintains web Server and application log details that include any changes to sensitive configuration settings and files. At minimum, log entries include date, timestamp, action performed, and the user ID or the device ID of the action performed. Logs are protected from change. Users who would like to exercise their rights under applicable law to update information which is out of date or incorrect may do so at any time using this form. More information on data subject rights can be found at https://asana.com/terms#privacy-policy.
Measures for ensuring limited data retention Asana will retain information for the period necessary to fulfill the purposes outlined in our Privacy Policy, unless a longer retention period is required or permitted by law, or where the Customer Agreement requires or permits specific retention or deletion periods. Customer may request deletion of data at any time and Customer Personal Data is deleted or anonymized upon termination of the Agreement.
Measures for ensuring accountability Asana has established a comprehensive GDPR compliance program and is committed to partnering with its customers and vendors on GDPR compliance efforts. Some significant steps Asana has taken to align its practices with the GDPR include:

Revisions to our policies and contracts with our partners, vendors, and users

Enhancements to our security practices and procedures

Closely reviewing and mapping the data we collect, use, and share

Creating more robust internal privacy and security documentation

Training employees on GDPR requirements and privacy and security best practices generally

Carefully evaluating and building a data subject rights’ policy and response process. Below, we provide additional details about the core areas of Asana’s GDPR compliance program and how customers can use Asana to support their own GDPR compliance initiatives.

Appointed a Data Protection Officer (“DPO”), who can be reached at dpo@asana.com.

Asana offers its customers who are controllers of EU personal data the option to enter into a robust data processing addendum (“DPA”) under which Asana commits to process and safeguard personal data in accordance with GDPR requirements. This includes current Standard Contractual Clauses and Asana’s commitment to process personal data consistent with the instructions of the data controller.
Measures for allowing data portability and ensuring erasure Asana provides a mechanism for individuals to exercise their privacy rights in accordance with applicable law. Individuals may contact Asana at any time using this form. More information can be found at https://asana.com/terms#privacy-policy.

For transfers to (sub-) processors, also describe the specific technical and organisational measures to be taken by the (sub-) processor to be able to provide assistance to the controller and, for transfers from a processor to a sub-processor, to the data exporter

As described in the DPA, Asana has measures in place to provide assistance to controllers as needed. Such measures include, but are not limited to, the ability to delete all Customer Personal Data associated with a domain and making available APIs to allow controllers to better manage and control their data. With regard to Data Subject Requests, in the event the controller is unable to address a Data Subject Request in its use of the Service, Asana will, upon request, provide commercially reasonable efforts to assist the controller in responding to such Data Subject Request, to the extent Asana is legally permitted to do so and the response to such Data Subject Request is required under Applicable Law. Data subjects may also exercise their rights by contacting Asana at any time using this form.

Asanas policy för sekretess och dataskydd

Asana har åtagit sig att skydda och respektera din integritet. Mot bakgrund av att flera jurisdiktioner har antagit lagar som påverkar hur företag hanterar personlig information, vill vi ta en stund för att dela med oss ​​av vilka åtgärder Asana har infört för att följa två viktiga dataskyddslagar: Dataskyddsförordningen och California Consumer Privacy Act.

Dataskyddsförordningen GDPR (General Data Protection Regulation)

Dataskyddsförordningen GDPR är en europeisk lag som fastställer skydd av personuppgifter för EU-invånare och som trädde i kraft den 25 maj 2018. Enligt GDPR måste organisationer som samlar in, underhåller, använder eller på annat sätt behandlar EU-invånares personuppgifter (oavsett organisationens plats) införa vissa integritets- och säkerhetsgarantier för informationen. Asana har etablerat ett omfattande GDPR-efterlevnadsprogram och samarbetar med sina kunder och leverantörer för att följa dataskyddsförordningen. Några viktiga steg som Asana har tagit för att anpassa sina metoder till GDPR är:

  • Revideringar av våra policyer och kontrakt med våra partner, leverantörer och användare
  • Förbättringar av våra säkerhetsrutiner
  • Noggrann granskning och kartläggning av de uppgifter vi samlar in, använder och delar
  • Skapa mer robust intern sekretess- och säkerhetsdokumentation
  • Utbildning av anställda i GDPR-krav och sekretess-/säkerhetsmetoder i allmänhet
  • Noggrann uppbyggnad och utvärdering av processen kring behandlingen av användardata

Nedan ger vi ytterligare information om kärnområdena i Asanas GDPR-program och hur kunder kan använda Asana för att stödja sina egna GDPR-efterlevnadsinitiativ.

Avtal om databehandling

Enligt dataskyddsförordningen måste ”personuppgiftsansvariga” (dvs. entiteter som bestämmer syfte och metod för databehandling) ingå avtal med andra entiteter som behandlar uppgifter för deras räkning (kallade ”databehandlare”). Asana erbjuder kunder som är personuppgiftsansvariga för EU-personuppgifter möjligheten att ingå ett [Tillägg till databehandling] (#databehandling) enligt vilket Asana förbinder sig att behandla och skydda personuppgifter i enlighet med GDPR-kraven. Detta inkluderar Asanas åtagande att behandla personuppgifter i enlighet med instruktionerna från personuppgiftsansvariga.

Internationella dataöverföringar

EU:s dataskyddslagstiftning kräver att organisationer använder en vedertagen rättslig mekanism för att överföra data från EU till länder som inte har en liknande dataskyddsförordning, inklusive USA.

Även om överföring av personuppgifter från EU och Schweiz till USA inom ramarna för EU-USA och Schweiz-USA Privacy Shield inte längre är giltigt, inkluderar Asanas [Tillägg till databehandling] (#databehandling) standardavtalsklausuler som fortsätter att fungera som en rättslig mekanism vid överföring av personuppgifter utanför EES. Asana använder även standardavtalsklausulerna med alla underentreprenörer vi arbetar med.

Även om vi inte kan förlita oss på Privacy Shield för att föra över data från EES och Schweiz, har Asana beslutat att behålla sin Privacy Shield-certifiering för att fortsätta att skydda de data som redan har överförts under Privacy Shield och som ett åtagande till fortsatt dataskydd.

Regleringarna inom det här området är under ständig utveckling och vi övervakar noggrant ytterligare rekommendationer från dataskyddsmyndigheter. Asana åtar sig även fortsättningsvis att skydda kundernas integritet och att följa dataskyddslagarna.

Verktyg för dataåtkomst, -hantering och -bärbarhet

GDPR ger under vissa omständigheter dataregistrerade rätten att bland annat få tillgång till, radera och korrigera sina personuppgifter. Asana har åtagit sig att underlätta förfrågningar från dataregistrerade i enlighet med GDPR, vilket beskrivs ytterligare i vår [Sekretesspolicy] (#privacy-policy).

Sekretessdokument

GDPR bygger på transparens, rättvisa och ansvarighet. Följaktligen kräver lagen att organisationer upprätthåller dokumentation om sekretesspolicyer och beslut kring hantering av personuppgifter. Asana delar GDPR:s värnande av dessa principer och har dokumenterat sin datainsamling och -bearbetning inom ramen för sitt GDPR-efterlevnadsprogram, samt även de olika policyerna och riktlinjerna inom GDPR. Du kan läsa mer om hur Asana samlar in, använder och delar personuppgifter genom att besöka Asanas [Sekretesspolicy] (#privacy-policy).

Datasäkerhet

GDPR kräver att organisationer vidtar lämpliga tekniska och organisatoriska åtgärder för att säkerställa sekretessen, diskretionen och säkerheten kring personuppgifter. Säkerhet fortsätter att vara högsta prioritet för Asana, och vi har framgångsrikt genomfört våra SOC 2-granskningar (typ I) och (typ II) för att kontrollera säkerhet, tillgänglighet och sekretess. Detta innebär att en oberoende tredje part har validerat både våra processer och praxisar avseende dessa tre kriterier och bekräftat vår förmåga att efterleva de kontroller vi har implementerat. Vi har också vidtagit en mängd olika skyddsåtgärder för att värna om säkerheten på vår plattform, inklusive kryptering av webbanslutningar för att skydda dataöverföringar, replikering av våra databaser för att stärka plattformens tillförlitlighet, samt kontrollera åtkomsten till våra anläggningar och kontorsnätverk. Asana erbjuder också kunderna möjligheten att använda ytterligare säkerhetskontroller för att förbättra säkerheten kring teamets data. Se vår [Säkerhetsförklaring] (/security-statement) för mer information.

Utöva dina rättigheter enligt GDPR

Om du vill utöva dina rättigheter enligt GDPR kan du skicka din förfrågan genom att fylla i vårt [GDPR Formulär för dataregistrerades rättigheter ] (https://form-beta.asana.com/?k=u-9Ke25U6hcGWHvubWLzpg&d=15793206719) eller kontakta oss på privacy@asana.com .

California Consumer Privacy Act

CCPA (California Consumer Privacy Act), som trädde i kraft den 1 januari 2020, är ​​en lag som ger Kaliforniens konsumenter vissa rättigheter kring personuppgifter. Närmare bestämt kräver lagen att företag som omfattas av lagen ger konsumenterna möjlighet att begära åtkomst till och radering av sina uppgifter och möjligheten att välja bort ”försäljning” av sina personuppgifter. Lagen begränsar också hur tjänsteleverantörer som behandlar personuppgifter på uppdrag av ett företag får använda den informationen.

Asana säljer inte sina kunders eller användares personuppgifter. Om ett företag som omfattas av CCPA har ingått ett tjänste- eller prenumerationsavtal med Asana, kommer Asana också att fungera som en tjänsteleverantör till det företaget. Specifikt kommer Asana att behandla sådana kunders personuppgifter uteslutande för de ändamål som anges i avtalet och kommer att samarbeta med kunderna för att tillmötesgå förfrågningar om radering av eller åtkomst till data.

CCPA Databehandlingstillägg

Asana har uppdaterat sitt [Databehandlingstillägg] (#data-processing) så att det specifikt hänvisar till CCPA, och vi gör ett uttryckligt åtagande i vårt databehandlingstillägg att inte sälja personlig information. Om din organisation är kund hos Asana och behöver ett CCPA-tillägg kan du signera och skicka tillbaka databehandlingstillägget till dpa@asana.com .

Utöva dina rättigheter enligt CCPA

Se avsnittet VI (”Sekretessinformation för invånare i Kalifornien”) i vår [Sekretesspolicy] (#privacy-policy) för mer information om hur Asana ger enskilda konsumenter möjligheten att få åtkomst till eller begära radering av sina personuppgifter i enlighet med CCPA.

Om du vill utöva någon av dina rättigheter enligt Kaliforniens lag avseende dina personuppgifter kan du skicka din förfrågan genom att fylla i Asanas [CCPA Formulär för konsumenträttigheter] (https://form-beta.asana.com?k=u-9Ke25U6hcGWHvubWLzpg&d=15793206719) eller skriva till privacy@asana.com .

Pågående efterlevnad och kommunikation

Kraven i både GDPR och CCPA är omfattande, men lagen och reglerna är under ständig utveckling när det gäller integritet och dataskydd – och inte bara i EU eller USA. När dataskyddsmyndigheter och tillsynsmyndigheter tolkar och ger rekommendationer om GDPR, CCPA och andra dataskyddslagar runt om i världen, och när länderna antar nya dataskyddslagar, kommer vi att fortsätta följa denna utveckling noga och utvärdera vårt program för att eventuellt göra ändringar eller förbättringar vid behov.

Slutligen värdesätter vi kommunikation med våra kunder. Skriv gärna till privacy@asana.com om du har några frågor om vår dataskyddspraxis.

Lagen Gramm-Leach-Bliley

Lagen Gramm-Leach-Bliley (GLBA) kräver att finansinstitut – företag som erbjuder konsumenter finansiella produkter eller tjänster som lån, finansiell rådgivning, investeringsrådgivning eller försäkringar – förklarar för sina kunder hur de delar och skyddar känsliga uppgifter. Alla tjänsteleverantörer som har åtkomst till konsumenters icke-offentliga personuppgifter (NPI) med finansinstitutens tillstånd måste också följa GLBA. Asana följer GLBA:s sekretessregler och säkerhetsregler. Förutom att vi tillämpar säkerhetsåtgärder använder vi innehållet i kundernas arbete endast för att tillhandahålla våra tjänster och inte för något annat ändamål. Kunder bör inte lagra känsliga personuppgifter (inklusive kontonummer och personnummer) i Asana.

Family Educational Rights and Privacy Act (Lagen om familjers utbildningsrättigheter och sekretess)

Family Educational Rights and Privacy Act (FERPA) är en amerikansk federal lag som kräver att akademiska institutioner såsom högskolor och universitet ska skydda sekretessen kring elevers utbildningsregister. Asana gör det möjligt för våra kunder att följa FERPA genom att se till att personuppgifter hålls säkra och endast används för att tillhandahålla våra tjänster enligt beskrivningen i våra användarvillkor och vår sekretesspolicy. Asana är avtalsmässigt förpliktigad att inte lämna ut kunduppgifter, förutom om de begärs från den avtalsslutande akademiska institutionen, är i enlighet med våra avtalsvillkor eller utkrävs enligt lag.

Relaterade resurser

Asana Privacy Policy

Effective Date: January 1, 2020

Asana offers a variety of team productivity, collaboration, and organizational tools available online, including via a mobile application (collectively, the “Service”), and websites, including but not limited to www.asana.com, wavelength.com, blog.asana.com, community.asana.com (the “Websites”). As you use the Service and interact with the Websites, Asana collects and processes information from and about you in order to provide you with access to the Service, enhance your experience while using the Service, and interact with you. This Privacy Policy (the “Policy”) describes how Asana collects, uses, and discloses information collected through the Service and Websites, and what choices you have with respect to such information. The first section below explains which privacy terms are applicable to you depending on what type of user you are.

References to “Asana” throughout the Policy mean the Asana entity that acts as the data controller or data processor of your information, as explained in more detail below. By accessing or using the Service and Websites, you acknowledge and agree that you have read, understand, and agree to be bound by this Policy. If you do not agree with this Policy, do not access or use the Service, Websites, or any other part of Asana’s business.

If you have any questions about this Privacy Policy, please contact Asana at: 1550 Bryant Street, Suite 200, San Francisco, CA 94103 or by emailing us at privacy@asana.com.

This Privacy Policy contains the following sections:

I. What Type of User am I and Which Privacy Terms Are Applicable to Me?

Asana has three different types of users depending on the Asana products used. Please see the bullets below to determine which type of user you are, and then click the internal link to visit the privacy terms applicable to you. It is possible that you may use Asana in different ways. If so, please review all applicable privacy terms. Also, don’t forget to review Section V, which contains privacy terms applicable to all users.

  • Subscribers. We call users who use the Service as part of any tier of a paid Asana subscription plan “Subscribers.” The Service features and functionalities available to Subscribers are determined by the specific terms agreed to between Asana and the organization (e.g., your employer or another entity or person, called the “Customer”) that entered into a separate agreement that governs delivery, access, and use of the Service (for purpose of this Policy, the “Customer Agreement”). The Customer controls its instance of the Service and is the data controller of the information collected through the Service about Subscribers, and Asana is a data processor of such information. To go directly to the terms applicable to Subscribers, please click here.
  • Free Users. We call users who use a non-paid version of the Service “Free Users.” While Free Users can access and use the Service, they have access to a more limited set of Service features and functionality than Subscribers. Asana is the data controller of the information collected through the Service about Free Users. To go directly to the terms applicable to Free Users, please click here.
  • Site Visitors. We call users of the Websites “Site Visitors.” Site Visitors can be individuals who are simply browsing the Websites but who do not use the Asana Service; or, Site Visitors can be Free Users or Subscribers who visit the Websites to seek additional information about Asana. Asana is the data controller of the information collected through the Website about Site Visitors. To go directly to the terms applicable to Site Visitors please click here.

II. Privacy Terms for Subscribers

A. Overview

Section II of this Policy applies only to Subscribers. If you are a Subscriber, the “Customer Agreement” governs the collection and processing of information collected from you through the Customer’s instance of the Service (e.g. a Customer's organization or workspace, but for purposes of this Policy referred to as the “Workspace”), including all associated messages, attachments, files, tasks, projects and project names, team names, channels, conversations, and other content submitted through the Service (“Workspace Content”). In the event of a conflict between this Privacy Policy and the Customer Agreement, the Customer Agreement governs. Because the Customer controls the Workspace used by Subscribers, if you have any questions about the Customer’s specific Workspace settings and privacy practices, please contact the Customer whose Workspace you use. If you are a Subscriber located in the European Union, please note that the Customer is the data controller with respect to the processing of your Workspace Content pursuant to the EU General Data Protection Regulation (“GDPR”). When processing Workspace Content of EU data subjects governed by the Customer Agreement, Asana is the data processor, meaning that we collect and process such information solely on behalf of the Customer.

B. Collection and Use of Subscriber Information

This section explains the information we collect from Subscribers. We do not require Subscribers to provide us with information. However, certain information, such as account log-in data, is required to provide you with access to the Service, and other information may be collected automatically as you use the Service.

  1. Workspace Content. Workspace Content is collected, used, and shared by Asana in accordance with the Customer’s instructions, including any applicable terms in the Customer Agreement, or as required by applicable law. The Customer, and not Asana, determines its own, internal policies regarding storage, access, modification, deletion, sharing, and retention of Workspace Content which may apply to your use of the Service. For example, a Customer may provide or remove access to the Service, enable or disable third party integrations, manage permissions, retention and export settings, transfer or assign teams, or share projects. Please check with the Customer about the policies and settings that they have instituted with respect the Workspace Content that you provide when using the Service.
  2. Account Information. To set up your Asana account, you or the Customer will provide us with basic information about you which may include your name, address, telephone number, email address, and password. You will then have the ability to provide optional profile information, such as a photograph or basic demographic data. With your permission, we may also upload calendar information stored on your mobile device to your account. If you submit payment information in connection with your use of the Service, we utilize a third party credit card payment processing company to collect payment information, including your credit card number, billing address, and phone number. In such circumstances, the third party service provider, and not Asana, stores your payment information on our behalf.
  3. Service Usage Information. As you use the Service, we collect information about how you use and interact with the Service (“Service Usage Information”). Such information includes:
  • Device information – when you access the Service using a mobile device, we collect certain device information, including the type of device you are using, its operating system, and mobile network information, which may include your mobile phone number. We may also collect your MAC address and other unique device identifiers.
  • Log files – when you use the Service, our servers automatically record information in server log files. These log files may include information such as your web request, IP address, browser type and settings, referring/exit pages and URLs, number of clicks, date and time stamp information, language preferences, data from cookies and similar technologies, and other such information.
  • Location information – we collect and process general information about the location of the device from which you are accessing the Service (e.g., approximate geographic location inferred from an IP address).
  • Workspace Use Metadata – when you interact with the Service, metadata is generated that provides high-level (non-content) information about the way you work in your Workspace. For example, we may log the number of Workspaces you work in; the number of tasks to which you are assigned; the features and embedded Service content you interact with; the types of files you share; and what, if any, third party services and integrations you use.
  1. Other Information. You may provide us with information when you interact with us in other ways, such as when you submit requests or questions to us via forms or email (e.g., support forms, sales forms, user research participation forms); information you provide in connection with Asana sweepstakes, contests, or research studies in which you choose to participate; beta testing; and requests for customer support and technical assistance (collectively, “Other Information”).
  2. Information Collected from Third-Party Integrations. If you choose to use or connect to third-party integrations (e.g., OneDrive, Unito, Wufoo, Slack) through the Service, or if you are required or permitted to do so by a Customer, such third parties may allow us to have access to and store additional information about your interaction with those services as it relates to your use of the Service. If you initiate these connections, you also understand that we will share information about you that is required to enable your use of the third-party integration through the Service. If you do not wish to have this information shared, do not initiate these connections. By enabling these connections, you authorize us to connect and access the information provided through these connections, and you understand that the privacy policies of these third parties govern such connections.

C. How Does Asana Use Subscriber Information?

This section explains how Asana uses information collected from Subscribers.

  1. Workspace Content. Asana may view and use Workspace Content collected from and about Subscribers only as necessary:
  • To maintain, provide and improve the Service
  • To prevent or address technical or security issues and resolve support requests
  • To investigate when we have a good faith belief, or have received a complaint alleging, that such Workspace Content is in violation of the Customer Agreement or our User Terms of Service
  • To comply with a valid legal subpoena, request, or other lawful process that meets the requirements of the Customer Agreement and our Law Enforcement Guidelines
  • As otherwise set forth in our Customer Agreement or as expressly permitted in writing by the Customer
  1. Account Information, Service Usage Information, Information from Third Party Integrations, and Other Information. Asana may use these categories of information collected from and about Subscribers to:
  • Maintain, provide, and improve the Service

  • Respond to your requests for information

  • Prevent or address technical or security issues and resolve support requests

  • Investigate in good faith alleged violations of our User Terms of Service

  • Comply with a valid legal subpoena, request, or other lawful process that meets the requirements of our Law Enforcement Guidelines

  • Help us better understand user interests and needs, and customize the Service for our users

  • Engage in analysis, research, and reports regarding use of the Service

  • Protect the Service and our users

  • Communicate with you via email and through the Service about important notices and updates regarding the Service, such as to inform you about changes in the Service, our service offerings, and important services-related notices, such as about security and fraud. Because these communications are an important part of the Service, you may not opt out of them

  • In accordance with applicable legal obligations, communicate with you about promotions, offers, and news about Asana. You have the ability to unsubscribe from such promotional communications

  • Provide cross-device management of your account. For example, we may locate or try to locate the same unique users across multiple browsers or devices (such as smartphones or tablets), or work with service providers that do this, in order to save your preferences across devices and analyze usage of the Service. If you wish to opt out of the ability of one our service providers, Google Analytics, to locate you across devices in this way, you may install the Google Analytics Opt-out Browser Add-on by clicking here

D. Sharing of Subscriber Information

In accordance with the applicable Customer Agreement, we may share the information we collect from Subscribers as follows:

  • Affiliates and Subsidiaries. We may share the information we collect within the Asana family of companies.
  • Service Providers. We may provide access to or share your information with select third parties that use the information only to perform services on our behalf. These third parties provide a variety of services to us, including without limitation sales, marketing, provision of content and features, analytics, data storage, security, fraud prevention, and other services.
  • Business Transactions. If the ownership of all or substantially all of our business changes, we may transfer your information to the new owner so that the Service can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Policy until such time as the acquiring party modifies it. If such transfer is subject to additional mandatory restrictions under applicable laws, Asana will comply with such restrictions.
  • Consistent with your settings within the Service. Please note that the Workspace Content you submit through the Service may be viewable by other users in your Workspace and within your organization, depending on the specific settings you and your organization have selected.

E. Aggregate De-Identified Data

We may aggregate and/or de-identify information collected through the Service so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and analytics, and may also share such data with any third parties, including partners, affiliates, services providers, and others.

F. Combined Information

We may combine the information that we collect through the Service with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Policy and the Customer Agreement.

G. Data Retention

We will retain your information for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or permitted by law, or where the Customer Agreement requires or permits specific retention or deletion periods.

H. Data Subject Rights

Please contact your Workspace owner(s) or administrator(s) to exercise any data subject rights you have under applicable local laws, including your ability to access, delete, rectify, transfer, or object under the GDPR.

III. Privacy Terms for Free Users

A. Overview

Section III of this Policy applies only to Free Users of the Service. If you are a Free User located in the European Union, Asana is the data controller with respect to the processing of your personal data pursuant to the GDPR.

B. Collection and Use of Free User Information

This section explains how we collect, process, and use the information collected from Free Users. We do not require Free Users to provide us with information. However, certain information, such as account log-in data, is required to provide you with access to the Service, and other information may be collected automatically as discussed below.

  1. Information You Provide to Asana. Asana collects the following information submitted directly through the Service by Free Users:
  • The messages, attachments, files, tasks, project names, team names, channels, conversations, and other content submitted through the Service (collectively, the “Workspace Content”);
  • Information you provide as part of your account registration with Asana, which may include your name, organization name, address, telephone number, email address, username and password; optional information that you may choose to provide, such as a photograph or basic demographic data; and, with your permission, calendar information stored on your mobile device that you may elect to upload to your account (collectively, the “Account Information”); and
  • Information you provide in other interactions with us, such as requests or questions you submit to us via forms or email (e.g., support forms, sales forms, user research participation forms), information you provide in connection with Asana sweepstakes, contests, or research studies in which you choose to participate; beta testing; and requests for customer support and technical assistance (collectively, “Other Information”).
  1. Service Usage Information. As you use the Service, we collect a variety of information about how you use and interact with the Service (“Service Usage Information”). Such information includes:
  • Device information – when you access the Service using a mobile device, we collect certain device information, including the type of device you are using, its operating system, and mobile network information, which may include your mobile phone number. We may also collect your MAC address and other unique device identifiers.
  • Log files – when you use the Service, our servers automatically record certain information in server log files. These log files may include information such as your web request, IP address, browser type and settings, referring / exit pages and URLs, number of clicks, date and time stamp information, language preferences, data from cookies and similar technologies, and other such information.
  • Location information – we collect and process general information about the location of the device from which you are accessing the Service (e.g., approximate geographic location inferred from an IP address).
  • Workspace Use Metadata – when you interact with the Service, metadata is generated that provides high-level (non-content) information about the way you work in your Workspace. For example, we may log the number of Workspaces you work in; the number of tasks to which you are assigned; the features and embedded Service content you interact with; the types of files you share; and what, if any, third party services and integrations you use.
  1. Information Collected from Third Party Integrations. If you choose to use or connect to third-party integrations (e.g., OneDrive, Unito, Wufoo, Slack) through the Service, such third parties may allow us to have access to and store additional information about your interaction with those services as it relates to your use of the Service. Moreover, if you initiate these connections, you also understand that we will share information about you that is required to enable your use of the third-party integration through the Service. If you do not wish to have this information shared, do not initiate these connections. By enabling these connections, you authorize us to connect and access the information provided through these connections, and you understand that the privacy policies of these third parties govern such connections.
  2. Information Collected from Other Third Parties. Asana may receive additional information about you, such as demographic information, from affiliates under common ownership and control, and from third parties, such as business partners, marketers, researchers, analysts, and other parties that we may use to supplement the information that we collect directly from you.

C. Use of Free User Information

Asana may use the information collected from Free Users to:

  • Maintain, provide, and improve the Service
  • Respond to your requests for information
  • Prevent or address technical or security issues and resolve support requests
  • Investigate in good faith alleged violations of our User Terms of Service
  • Comply with a valid legal subpoena, request, or other lawful process that meets the requirements of our Law Enforcement Guidelines
  • Help us better understand user interests and needs, and customize the Service for our users
  • Engage in analysis, research, and reports regarding use of the Service
  • Protect the Service and our users
  • Communicate with you via email and through the Service about important notices and updates regarding the Service, such as to inform you about changes in the Service, our service offerings, and important services-related notices, such as about security and fraud. Because these communications are an important part of the Service, you may not opt out of them
  • In accordance with applicable legal obligations, communicate with you about promotions, offers, and news about Asana. You have the ability to unsubscribe from such promotional communications
  • Provide cross-device management of your account. For example, we may locate or try to locate the same unique users across multiple browsers or devices (such as smartphones or tablets), or work with service providers that do this, in order to save your preferences across devices and analyze usage of the Service. If you wish to opt out of the ability of one our service providers, Google Analytics, to locate you across devices in this way, you may install the Google Analytics Opt-out Browser Add-on by clicking here

D. Legal Bases for Use of Your Information

If you are located in the EU, please note that the legal bases under the EU General Data Protection Regulation (“GDPR”) for using the information we collect through your use of the Service as a Free User are as follows:

  • Where use of your information is necessary to perform our obligations under a contract with you (for example, to comply with the User Terms of Service which you accept by using the Service)
  • Where use of your information is necessary for our legitimate interests or the legitimate interests of others (for example, to provide security for our Service; operate our Service; prevent fraud, analyze use of and improve our Service, and for similar purposes)
  • Where use of your information is necessary to comply with a legal obligation
  • Where we have your consent to process data in a certain way

E. Sharing of Free User Information

We share the information we collect through the Service about Free Users with the following:

  • Affiliates and Subsidiaries. We may share the information we collect within the Asana family of companies.
  • Service Providers. We may provide access to or share your information with select third parties that use the information only to perform services on our behalf. These third parties provide a variety of services to us, including without limitation sales, marketing, provision of content and features, advertising, analytics, research, data storage, security, fraud prevention, and other services.
  • Business Transfers. If the ownership of all or substantially all of our business changes, we may transfer your information to the new owner so that the Websites can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Policy until such time as this Policy is updated or amended by the acquiring party upon notice to you. If such transfer is subject to additional mandatory restrictions under applicable laws, Asana will comply with such restrictions.
  • Consent. We may also disclose your information to third parties with your consent to do so.
  • Consistent with your settings within the Service. Please note that the Workspace Content you submit through the Service may be viewable by other users in your Workspace, depending on the specific settings you have selected.

F. Aggregate De-Identified Data

We may aggregate and/or de-identify information collected through the Service so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, sponsors, event promoters, and/or others.

G. Combined Information

For the purposes discussed in this Policy, we may combine the information that we collect through the Service with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Policy.

H. Data Retention

We will retain your information for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or permitted by law.

I. Data Subject Rights

Local legal requirements (such as those in the EU) may afford you additional rights. If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please contact us at any time using this form. Your local laws (such as those in the EU) may permit you to request that we:

  • provide access to and/or a copy of certain information we hold about you
  • prevent the processing of your information for direct-marketing purposes (including any direct marketing processing based on profiling)
  • update information which is out of date or incorrect
  • delete certain information which we are holding about you
  • restrict the way that we process and disclose certain of your information
  • transfer your information to a third party provider of services
  • revoke your consent for the processing of your information

We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. We may request you provide us with information necessary to confirm your identity before responding to your request.

IV. Privacy Terms for Site Visitors

A. Overview

Section IV of this Policy applies only to Site Visitors.

If you visit the Websites, regardless of whether you are also a user of the Service, the following rules apply to you. To eliminate any confusion, please note that the terms in this section apply only to use of Asana’s Websites, not to use of the Service.

If you are a Site Visitor located in the European Union, Asana is the data controller with respect to the processing of your personal data pursuant to the EU General Data Protection Regulation (“GDPR”).

B. Collection and Use of Site Visitor Information

  1. Information Collected from Site Visitors

    When you use the Websites, we collect the following information about you:

  • Contact Information – if you submit a request for information or a question through the Websites, you may be asked to provide us with basic information including your name, email address, phone number, and postal address. We will also keep records of the communication, the question/request you raised, and how it was resolved. If you choose to participate in an Asana sweepstakes, contest, or research study offered through the Websites, we will also collect basic contact information from you in connection with such activity.
  • Websites Usage Information – as you browse the Websites, we and our service providers (which are third party companies that work on our behalf to provide and enhance the Websites) use a variety of technologies, including cookies and similar tools, to assist in collecting information about how you use the Websites. For example, our servers automatically record certain information in server logs. These server logs may include information such as your web request, IP address, browser type and settings, referring / exit pages and URLs, number of clicks and how you interact with links on the Websites, domain names, landing pages, pages viewed, mobile carrier, mobile device identifiers and information about the device you are using to access the Websites, date and time stamp information and other such information.
  • Location Information – We collect and process general information about the location of the device from which you are accessing the Service (e.g., approximate geographic location inferred from an IP address).
  1. Cookies and Similar Technologies

    To collect the Websites Usage Information discussed above, we and our service providers use Internet server logs, cookies, tags, SDKs, tracking pixels, and other similar tracking technologies. A web server log is a file where website activity is stored. An SDK is a section of code that we embed in our applications and software to allow third parties to collect information about how users interact with the Websites. A cookie is a small text file that is placed on your computer or mobile device when you visit a site, that enables us to: (i) recognize your computer and login session; (ii) store your preferences and settings; (iii) understand which pages of the Websites you have visited; (iv), enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests; (v) perform analytics; and (vi) assist with security and administrative functions. Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads and/or email, and that are designed to provide usage information like ad impressions or clicks, email open rates, measure popularity of the Websites and associated advertising, and to access user cookies. As we adopt additional technologies, we may also gather information through other methods. Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari).

  2. Use of Information Collected from Site Visitors

    We use the information collected from Site Visitors for a variety of purposes including to:

  • Maintain, provide, and improve the Websites and the Service
  • Respond to your requests for information
  • In accordance with applicable legal obligations, communicate with you about promotions, offers, and news about Asana. You have the ability to unsubscribe from such promotional communications
  • Prevent or address technical or security issues
  • Investigate in good faith alleged violations of our User Terms of Service
  • Help us better understand Site Visitor interests and needs, and customize the advertising and content you see on the Websites
  • Engage in analysis and research regarding use of the Websites and the Service

C. Legal Bases

If you are located in the EU, please note that the legal bases under the GDPR for using the information we collect through your use of the Websites as a Site Visitor are as follows:

  • Where use of your information is necessary to perform our obligations under a contract with you (for example, to comply with the User Terms of Service which you accept by browsing the Websites)
  • Where use of your information is necessary for our legitimate interests or the legitimate interests of others (for example, to provide security for our Websites; operate our Websites; prevent fraud, analyze use of and improve our Websites, and for similar purposes)
  • Where use of your information is necessary to comply with a legal obligation
  • Where we have your consent to process data in a certain way

D. Aggregate/De-Identified Data

We may aggregate and/or de-identify information collected through the Websites so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, sponsors, event promoters, and/or others.

E. Combined Information

You agree that, for the purposes discussed in this Policy, we may combine the information that we collect through the Websites with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Policy. If, however, the collection of any information about you is governed by a Customer Agreement, information will only be combined and used in accordance with such Customer Agreement and the sections of this Policy applicable to Subscribers.

F. Website Analytics and Advertising

  1. Website Analytics We may use third-party web analytics services on our Websites to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; and provide certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here.

  2. Online Advertising The Websites may integrate third-party advertising technologies that allow for the delivery of relevant content and advertising on the Websites, as well as on other websites you visit. The ads may be based on various factors such as the content of the page you are visiting, information you enter such as your age and gender, your searches, demographic data, and other information we collect from you. These ads may be based on your current activity or your activity over time and across other websites and online services and may be tailored to your interests.

    Third parties, whose products or services are accessible or advertised via the Websites, may also place cookies or other tracking technologies on your computer, mobile phone, or other device to collect information about you as discussed above. We also allow other third parties (e.g., ad networks and ad servers such as Google Analytics, DoubleClick and others) to serve tailored ads to you on our Websites and other websites and to access their own cookies or other tracking technologies on your computer, mobile phone, or other device you use to access the Websites. We sometimes provide Site Visitor information (such as email addresses) to service providers, who may “match” this information in de-identified form to cookies (or mobile ad identifiers) and other proprietary IDs, in order to provide you with more relevant ads when you visit other websites.

    We neither have access to, nor does this Policy govern, the use of cookies or other tracking technologies that may be placed on your device you use to access the Websites by such non-affiliated third parties. If you are interested in more information about tailored browser advertising and how you can generally control cookies from being put on your computer to deliver tailored advertising, you may visit the Network Advertising Initiative’s Consumer Opt-Out link, the Digital Advertising Alliance’s Consumer Opt-Out link, or Your Online Choices to opt-out of receiving tailored advertising from companies that participate in those programs. To opt out of Google Analytics for display advertising or customize Google display network ads, visit the Google Ads Settings page. We do not control these opt-out links or whether any particular company chooses to participate in these opt-out programs. We are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms.

    Please note that if you exercise the opt-out choices above, you will still see advertising when you use the Websites, but it will not be tailored to you based on your online behavior over time.

  3. Notice Concerning Do Not Track Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our Websites for third party purposes, and that is why we provide the variety of opt-out mechanisms listed above. However, we do not currently recognize or respond to browser-initiated DNT signals. To learn more about Do Not Track, you can do so here.

G. Sharing of Site Visitor Information

We share the information we collect through the Websites with the following:

  • Affiliates and Subsidiaries. We may share the information we collect within the Asana family of companies.
  • Service Providers. We may provide access to or share your information with select third parties that use the information only to perform services on our behalf. These third parties provide a variety of services to us, including without limitation sales, marketing, provision of content and features, advertising, analytics, research, data storage, security, fraud prevention, and other services.
  • Business Transfers. If the ownership of all or substantially all of our business changes, we may transfer your information to the new owner so that the Websites can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Policy until such time as this Policy is updated or amended by the acquiring party upon notice to you. If such transfer is subject to additional mandatory restrictions under applicable laws, Asana will comply with such restrictions.
  • Public Forums. The Websites makes it possible for you to upload and share comments or feedback publicly with other users, such as on the Asana community forum. Any information that you submit through such public features is not confidential, and Asana may use it for any purpose (including in testimonials or other Asana marketing materials). Any information you post openly in these ways will be available to the public at large and potentially accessible through third-party search engines. Such information can be read, collected and/or used by other users, and it could be used to send you unsolicited messages. Accordingly, please take care when using these features of the Websites.
  • Consent. We may also disclose your information to third parties with your consent to do so.

H. Retention of Your Information

We will retain your information for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or permitted by law.

I. Data Subject Rights

Local legal requirements (such as those in the EU) may afford you additional rights. If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please contact us at any time using this form. Your local laws (such as those in the EU) may permit you to request that we:

  • provide access to and/or a copy of certain information we hold about you
  • prevent the processing of your information for direct-marketing purposes (including any direct marketing processing based on profiling)
  • update information which is out of date or incorrect
  • delete certain information which we are holding about you
  • restrict the way that we process and disclose certain of your information
  • transfer your information to a third party provider of services
  • revoke your consent for the processing of your information

We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. We may request you provide us with information necessary to confirm your identity before responding to your request.

J. Third Party Links And Services

The Websites may contain links to third-party websites and functionalities. If you choose to use these third party services, you may disclose your information not just to those third-parties, but also to their users and the public more generally depending on how their services function. Because these third-party websites and services are not operated by Asana, Asana is not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your information will be subject to the privacy policies of the third party websites or services, and not this Policy. We urge you to read the privacy and security policies of these third-parties.

V. Additional Privacy Terms for All Users

The following additional information about Asana’s privacy practices apply to all users of Asana (Subscribers, Free Users, and Site Visitors).

A. International Users

Asana complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from the European Union and Switzerland to the United States, respectively. Asana has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement and Liability. If there is any conflict between the policies in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/. In compliance with the EU-US Privacy Shield and Swiss-US Privacy Shield Principles, Asana commits to resolve complaints about your privacy and our collection or use of your personal data. European Union or Swiss citizens with inquiries or complaints regarding this privacy policy should first contact Asana at: privacy@asana.com. Asana has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU Privacy Shield, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Asana, please visit the BBB EU Privacy Shield web site at https://www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. Asana is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with respect to its compliance with the provisions of the EU-US and Swiss-US Privacy Shield.

We may transfer information that we collect about you to third party processors across borders and from your country or jurisdiction to other countries or jurisdictions around the world. If you are located in the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that you are transferring information to a country and jurisdiction that does not have the same data protection laws as your jurisdiction. Asana will take reasonable and appropriate steps necessary to ensure that any third party who is acting as a “data processor” under EU and Swiss terminology is processing the personal data we entrust to them in a manner that is consistent with the EU-US and Swiss-US Privacy Shield Principles. Asana is potentially liable in cases of onward transfer to third parties of data of EU and Swiss individuals received pursuant to the EU-US and Swiss-US Privacy Shield, respectively.

B. Changes To Our Privacy Policy

We reserve the right to amend this Policy at any time to reflect changes in the law, our data collection and use practices, the features of our Service or Websites, or advances in technology. We will make the revised Policy accessible through the Service and Websites, so you should review the Policy periodically. If we make a material change to the Policy, we will comply with applicable legal requirements regarding providing you with notice and/or consent.

C. How We Protect Your Information

Asana takes technical and organizational measures to protect your information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. However, no method of transmission over the Internet, and no means of electronic or physical storage, is absolutely secure, and thus we cannot ensure or warrant the security of that information.

D. Marketing Practices and Choices

If you receive email from us, we may use certain analytics tools, such as clear GIFs, to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns. You may instruct us not to use your contact information to contact you by email, postal mail, or phone regarding products, services, promotions and special events that might appeal to your interests by contacting us at the “Asana Contact Info” section below. In commercial email messages, you can also opt out by following the instructions located at the bottom of such emails. Please note that, regardless of your request, we may still use and share certain information as permitted by this Policy or as required by applicable law. For example, you may not opt out of certain operational or service-related emails, such as those reflecting our relationship or transactions with you.

VI. Privacy Information for California Residents

If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”)).

A. Categories of personal information we collect

Throughout this Policy, we discuss in detail the specific pieces of personal information we collect from and about our users. Under the CCPA, we are also required to provide you with the “categories” of personal information we collect. The categories we collect are:

  • identifiers (such as name, address, email address);
  • commercial information (such as transaction data);
  • financial data (such as credit card information collected by our payment processors on our behalf);
  • internet or other network or device activity (such as browsing history or Service usage);
  • general geolocation information (e.g., your approximate location based on IP address);
  • professional or employment related data (e.g., your business contact information);
  • biometric information (e.g., if you participate in a sales call and do not opt out of call recording);
  • inference data about you (e.g., the additional Service features we think would be of most interest to you);
  • legally protected classifications (such as gender);
  • physical characteristics or description (e.g., if you voluntarily submit a photo when creating your profile on the Service); and
  • other information that identifies or can be reasonably associated with you.

B. How we use and share these categories of personal information

We use and share the categories of personal information we collect from and about you consistent with the various business purposes we discuss throughout this Policy, and depending on which type of Asana user you are (i.e., Subscriber, Free User, or Site Visitor). See the relevant section(s) above for more information.

Please note that the CCPA sets forth certain obligations for businesses that “sell” personal information to third parties. We do not engage in such activity and have not engaged in such activity in the past twelve months from the effective date of this Policy.

C. Your California Privacy Rights

CCPA Rights Disclosure. If you are a California resident, the CCPA allows you to make certain requests about your personal information. Specifically, the CCPA allows you to request us to:

  • Inform you about the categories of personal information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting your personal information; and the categories of third parties with whom we share/disclose personal information. Such information is also set forth in this Policy.
  • Provide access to and/or a copy of certain personal information we hold about you.
  • Delete certain personal information we have about you.
  • Provide you with information about the financial incentives that we offer to you, if any.

The CCPA further provides you with the right to not be discriminated against (as provided for in applicable law) for exercising your rights. Please note that certain information may be exempt from such requests under California law. For example, we need certain information in order to provide the Service to you. We also will take reasonable steps to verify your identity before responding to a request, which may include, at a minimum, verifying your name and email address. You are also permitted to designate an authorized agent to submit certain requests on your behalf. We may also follow up with you to verify your identity before processing the authorized agent’s request.

  • If you are a Free User or a Site Visitor, and you would like to exercise any of your rights under California law with respect to your personal information, please submit your request by completing Asana’s CCPA Consumer Rights Form or by contacting us at privacy@asana.com.
  • If you are a Subscriber, please contact your Workspace owner(s) or administrator(s) for more information about exercising these rights.

Shine the Light Disclosure. The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.

VII. Privacy Information for Nevada Residents

Under Nevada law, certain Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration (as such terms are defined under Nevada law) to a person for that person to license or sell such information to additional persons. We do not engage in such activity; however, if you are a Nevada resident and also an Asana Subscriber, you may submit a request to opt out of any potential future sales under Nevada law by completing Asana’s Nevada Opt-out Form. Please note we may take reasonable steps to verify your identity and the authenticity of the request. Once verified, we will maintain your request in the event our practices change.

VIII. Asana Contact Info

Asana is located at 1550 Bryant Street, Suite 200, San Francisco, CA 94103. If you wish to contact us or have any questions about or complaints in relation to this Policy, please contact us at privacy@asana.com.

Subscriber Agreement

Last Updated: July 31, 2019

This Subscriber Agreement (the “Agreement”) is entered into by and between Asana, Inc. (“Asana”) and the organization agreeing to the terms of this Agreement (“Customer”). This Agreement shall be effective on the earliest of (a) the date Customer clicks a button indicating its agreement with the terms of this Agreement; (b) Customer entering into an Order Form or similar form referencing or otherwise incorporating this Agreement; or (c) Customer’s use of the Service (the “Effective Date”). If you are entering into this Agreement on behalf of your organization, that organization is deemed to be the Customer and you represent that you have the power and authority bind that organization to this Agreement.

1 The Service.

1.1 Provision of the Service. Asana shall make the Service purchased under an Order Form available to Customer and its End Users pursuant to this Agreement during the applicable Subscription Term. The Service includes the features and functionality applicable to the version of the Service ordered by Customer. Asana may update the content, functionality, and user interface of the Service from time to time in its sole discretion.

1.2 Access Rights. Customer has a non-exclusive, non-sublicenseable, non-transferable (except as specifically permitted in this Agreement) right to access and use the Service pursuant to this Agreement during the applicable Subscription Term, solely for Customer’s internal business purposes subject to the limitations set forth in the Order Form.

1.3 Usage Restrictions. Customer shall not (a) make the Service available to, or use any Service for the benefit of, anyone other than Customer and its Affiliates; (b) rent, sublicense, re-sell, assign, transfer, distribute, time share, or similarly exploit the Service; (c) reverse engineer, copy, modify, adapt, hack the Service, or otherwise attempt to gain unauthorized access to the Service or its related systems or networks; (d) access the Service, the Documentation, or Asana’s Confidential Information to build a competitive product or service; (e) alter or remove, or permit any third party to alter or remove, any proprietary trademark or copyright markings incorporated in, marked on, or affixed to the Service; (f) allow End User Subscriptions to be shared or used by more than one individual End User (except that End User Subscriptions may be reassigned to new End Users replacing individuals who no longer use the Service for any purpose, whether by termination of employment or other change in job status or function); or (g) access or use the Service: (i) to send or store infringing, obscene, threatening, or otherwise unlawful material, including material violative of third-party privacy rights; (ii) in violation of applicable laws; (iii) to send or store material knowingly or intentionally containing software viruses, worms, Trojan horses or other harmful computer code, files, or scripts; or (iv) in a manner that interferes with or disrupts the integrity or performance of the Service (or the data contained therein).

1.4 Protection of Customer Data. Asana shall implement and maintain administrative, organizational, and technical safeguards designed for the protection, confidentiality, and integrity of Customer Data. If Customer Data includes personal data defined by EU Regulation 2016/679 (the General Data Protection Regulation or “GDPR”) and/or if such Customer Data is transferred outside the European Economic Area or Switzerland to any country not deemed by the European Commission as providing an adequate level of protection for personal data, the terms of the Asana Data Processing Addendum shall apply to such personal data and be incorporated into this Agreement upon the execution and submission of the Data Processing Addendum by Customer to Asana in accordance with its terms. Asana’s Data Processing Addendum may be accessed at https://asana.com/terms#data-processing.

1.5 Administration of Customer’s Account. Customer acknowledges that it retains administrative control over to whom it grants access to Customer Data hosted in the Service. Customer may specify an End User to be the billing owner and, depending on the Subscription, one or more End Users to be administrators (each an “Administrator”) to manage its account, and Asana is entitled to rely on communications from an Administrator when servicing Customer’s account. Depending on the version purchased by Customer, Customer’s Administrator(s) may have the ability to access, monitor, use, and/or export Customer Data. Customer is responsible for maintaining the security of End User accounts and passwords.

1.6 Compliance. Customer is responsible for use of the Service by its End Users and for their compliance with this Agreement. Customer is solely responsible for the accuracy, quality, legality, reliability, and appropriateness of all Customer Data. Customer shall ensure that it is entitled to transfer the relevant Customer Data to Asana so that Asana and its service providers may lawfully use, process, and transfer the Customer Data in accordance with this Agreement on Customer’s behalf. Customer shall promptly notify Asana if it becomes aware of any unauthorized use of or access to Customer’s account or the Service.

1.7 Suspension. Asana may request that Customer suspend the account of any End User who (a) violates this Agreement or Asana’s User Terms of Service; or (b) is using the Service in a manner that Asana reasonably believes may cause a security risk, a disruption to others’ use of the Service, or liability for Asana. If Customer fails to promptly suspend or terminate such End User’s account, Asana reserves the right to do so.

1.8 Customer’s Use of Third Party Services. Customer may install or enable third party services for use with the Service, such as online applications, offline software products, or services that utilize the Asana API in connection with Customer’s use of the Service (“Third Party Services”). Any acquisition and use by Customer or its End Users of such Third Party Services is solely the responsibility of Customer and the applicable third party provider. Customer acknowledges that providers of such Third Party Services may have access to Customer Data in connection with the interoperation and support of such Third Party Services with the Service. To the extent Customer authorizes the access or transmission of Customer Data through a Third Party Service, Asana shall not be responsible for any use, disclosure, modification, or deletion of such Customer Data or for any act or omission on the part of the third party provider or its service.

1.9 Trial Subscriptions. Customer may access a version of the Service on a trial basis (a “Trial”) subject to the terms of this Agreement; provided, however, the following additional terms shall apply to its Trial notwithstanding anything to the contrary herein: (a) Asana shall have the right to terminate a Trial at any time and for any reason; (b) Asana is providing the Service “as is” and makes no warranties (express or implied) of any kind with respect to the Service during the Trial; and (c) Asana shall have no obligation to indemnify Customer. CUSTOMER ACKNOWLEDGES THAT ITS TRIAL WILL AUTOMATICALLY CONVERT TO A SUBSCRIPTION AT THE END OF THE TRIAL AND THAT ASANA MAY CHARGE CUSTOMER FOR THE APPLICABLE SUBSCRIPTION FEES UNLESS CUSTOMER HAS NOTIFIED ASANA IN WRITING OF ITS DECISION TO OPT OUT DURING THE TRIAL.

2 Warranties.

2.1 By Asana. Asana warrants that during the applicable Subscription Term (a) the Service shall perform materially in accordance with the applicable Documentation; and (b) Asana shall not materially decrease the functionality of the Service.

2.2 By Customer. Customer warrants that (a) this Agreement is legally binding upon it and enforceable in accordance with its terms; (b) it has obtained all legally required consents and permissions from End Users for the submission and processing of personal data through the Service; and (c) the transfer and processing of Customer Data under the Agreement is lawful.

2.3 Disclaimer. EXCEPT AS EXPRESSLY PROVIDED FOR IN THIS SECTION, TO THE FULLEST EXTENT PERMITTED BY LAW, THE PROFESSIONAL SERVICES, SERVICE, AND ALL RELATED COMPONENTS AND INFORMATION ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT ANY WARRANTIES OF ANY KIND, AND ASANA AND ITS AFFILIATES EXPRESSLY DISCLAIM ANY AND ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. CUSTOMER ACKNOWLEDGES THAT ASANA DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE. ASANA IS NOT RESPONSIBLE FOR AND DISCLAIMS ALL LIABILITY RELATED TO DELAYS, DELIVERY FAILURES, INTERCEPTION, ALTERATION, OR OTHER DAMAGE RESULTING FROM MATTERS OUTSIDE OF ITS CONTROL, INCLUDING PROBLEMS INHERENT IN THE USE OF THE INTERNET, MOBILE AND PERSONAL COMPUTING DEVICES, TRANSMISSION OF ELECTRONIC COMMUNICATIONS OVER THE INTERNET OR OTHER NETWORKS, AND THIRD PARTY HOSTING SERVICE PROVIDERS.

3 Fees and Payment.

3.1 Subscription Fees. Customer’s Subscription fees are set forth in the applicable Order Form and are based on the number of End Users and version of the Service purchased. Customer shall pay all fees when due and is responsible for providing complete and accurate billing information to Asana. If such fees are being paid via credit card or other electronic means, Customer authorizes Asana to charge such fees using Customer’s selected payment method. Payment obligations are non-cancelable and fees paid are non-refundable unless otherwise provided herein. The number of End Users purchased under a Subscription cannot be decreased during the applicable Subscription Term. If Customer requires the use of a purchase order or purchase order number, Customer shall provide the purchase order number at the time of purchase. Where Customer designates use of a third-party payment processor network (such as a payment agent, for example), Customer shall be responsible for payment of all fees and charges associated with use of such network. Asana reserves the right to suspend Customer’s account, in addition to all of its other available rights and remedies, in the event that Customer’s account becomes overdue. Suspension shall not relieve Customer’s obligation to pay amounts due.

3.2 Auto-renewal. Customer agrees that its Subscription will automatically renew on an annual or monthly basis depending on Customer’s Subscription (the “Renewal Date”). Customer authorizes Asana to automatically charge Customer for the applicable fees on or after the Renewal Date unless the Subscription has been terminated or cancelled in accordance with this Agreement. If Customer wishes to reduce the number of End Users in its Subscription, it must do so prior to the Renewal Date. Customer must cancel its Subscription prior to the Renewal Date in order to avoid billing of the next period’s Subscription fees. Customer can cancel its Subscription anytime online by going into its account settings and following the instructions provided. If Customer chooses to cancel its Subscription during the Subscription Term, Customer may use the Service until the end of Customer’s then-current Subscription Term or renewal period, but will not be issued a refund for the most recently (or any previously) charged fees.

3.3 Calculation. Subscription fees are based on annual or monthly periods (or pro rata portions thereof, calculated on a daily basis) that begin on the Subscription start date and each annual or monthly anniversary thereof. Subscriptions to the Service are sold on a tiered basis based on the number of End Users. Customer shall purchase a Subscription to the Service for each End User, and the initial number of End Users and tier is reflected in the applicable Order Form. Customer may add End Users to its Subscription at any time on written notice to Asana (email notice acceptable). Asana reserves the right to calculate the total number of End Users periodically and, if the number of End Users exceeds Customer’s current Subscription, then Asana reserves the right to invoice Customer for the applicable tier on a pro rata basis for the remaining period in Customer’s Subscription Term, so that all End User Subscription Terms coincide and are co-terminus. Asana reserves the right to revise fee rates and/or the billable amount structure for the Service at any time and will provide Customer with notice pursuant to Section 11.4 below) of any such changes at least twenty (20) days prior. Asana may charge Customer the then-current pricing for the applicable Subscription if the number of End Users is modified and/or if Customer changes its Subscription plan.

3.4 Taxes. Any fees charged to Customer are exclusive of taxes. Except for those taxes based on Asana’s net income, Customer shall be responsible for all applicable taxes in connection with this Agreement including, but not limited to, sales, use, excise, value-added, goods and services, consumption, and other similar taxes or duties. Should any payment for the Service be subject to withholding tax by any government, Customer shall reimburse Asana for such withholding tax.

3.5 Future Features and Functionality. Customer agrees that any purchases under this Agreement are not contingent on the delivery of any future feature or functionality or dependent on any oral or written public or private comments made by Asana regarding future features or functionality. Asana may release Improvements and other features and functionality in its discretion. Some features and functionality may be available only with certain versions of the Service.

4 Term and Termination. This Agreement commences on the Effective Date and shall remain in effect until all Subscriptions to the Service granted in accordance with this Agreement have expired or been terminated. Either party may terminate this Agreement if the other party: (a) is in material breach of this Agreement and fails to cure such breach within twenty (20) days following receipt of written notice from the non-breaching party, except that termination will take effect on notice in the event of a breach of Section 1.3 (“Usage Restrictions”); or (b) ceases its business operations or becomes subject to insolvency proceedings and the proceedings are not dismissed within sixty (60) days. Upon expiration or termination of this Agreement for any reason, all Subscriptions and any other rights granted to Customer under this Agreement shall immediately terminate, and Asana may immediately deactivate Customer’s account(s) associated with the Agreement. In no event will any termination relieve Customer of the obligation to pay any fees accrued or payable to Asana. The following sections shall survive expiration or termination of this Agreement: Sections 1.3 (“Usage Restrictions”), 2 (“Warranties”), 3.1 (“Subscription Fees”), 3.4 (“Taxes”), 4 (“Term and Termination”), 5 (“Confidentiality”), 6 (“Intellectual Property Rights”), 7 (“Indemnification”), 8 (“Liability”), 9 (“Export Compliance”), 10 (“Use Outside the United States of America”), 11 (“Miscellaneous”), and 12 (“Definitions”).

5 Confidentiality.

5.1 Definition of Confidential Information. During the course of performance under this Agreement, each party may make available to the other party information that is not generally known to the public and at the time of disclosure is either identified as, or should reasonably be understood by the receiving party to be, proprietary or confidential (the “Confidential Information”). Confidential Information specifically includes, but is not limited to, the Service, any Order Form(s) entered into by the parties, Customer Data, Results, business plans, product plans and roadmaps, strategies, forecasts, projects and analyses, financial information and fee structures, business processes, methods and models, and technical documentation. Confidential Information does not include information that (a) is or becomes publicly available without breach of this Agreement by the receiving party; (b) was known to the receiving party prior to its disclosure by the disclosing party; (c) is or was independently developed by the receiving party without the use of any Confidential Information of the disclosing party; or (d) is or was lawfully received by the receiving party from a third party under no obligation of confidentiality.

5.2 Protection of Confidential Information. Except as otherwise expressly permitted under this Agreement, with the express prior written consent of the disclosing party, or as required by law, the receiving party will not disclose, transmit, or otherwise disseminate to a third party any Confidential Information of the disclosing party. The receiving party will use the same care and discretion with respect to the Confidential Information received from the disclosing party as it uses with its own similar information, but in no event less than a reasonable degree of care. The receiving party may disclose the disclosing party’s Confidential Information to its employees, Affiliates, consultants, subcontractors, agents, or advisors (“Representatives”) who have a strict need to access the Confidential Information for the purpose of performing under this Agreement and only to those who are obligated to maintain the confidentiality of such Confidential Information upon terms at least as protective as those contained in this Agreement. Either party may disclose the terms of this Agreement to potential parties to a bona fide fundraising, acquisition, or similar transaction solely for purposes of the proposed transaction, provided that any such potential party is subject to written non-disclosure obligations and limitations on use no less protective than those set forth herein.

5.3 Equitable Relief. The receiving party acknowledges that the remedy at law for breach of this Section 5 may be inadequate and that, in addition to any other remedy the disclosing party may have, it shall be entitled to seek equitable relief, including, without limitation, an injunction or injunctions (without the requirement of posting a bond, other security or any similar requirement or proving any actual damages), to prevent breaches or threatened breaches of this Section 5 by the receiving party or any of its Representatives and to enforce the terms and provisions of this Section 5 in addition to any other remedy to which the disclosing party is entitled at law or in equity.

5.4 Compelled Disclosure. The receiving party may access and disclose Confidential Information of the disclosing party if legally required to do so in connection with any legal or regulatory proceeding; provided, however, that in such event the receiving party will, if lawfully permitted to do so, notify the disclosing party within a reasonable time prior to such access or disclosure so as to allow the disclosing party an opportunity to seek appropriate protective measures. If the receiving party is compelled by law to access or disclose the disclosing party’s Confidential Information as part of a civil proceeding to which the disclosing party is a party, the disclosing party will reimburse the receiving party for the reasonable costs of compiling and providing secure access to such Confidential Information. Receiving party will furnish only that portion of the Confidential Information that is legally required to be disclosed, and any Confidential Information so disclosed shall maintain its confidentiality protection for all purposes other than such legally compelled disclosure.

5.5 Sensitive/Personal Information. Customer agrees that it shall not use the Service to send or store personal information subject to special regulatory or contractual handling requirements (e.g., Payment Card Industry Data Security Standards, the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, and any similar data protection laws) including without limitation: credit card information, credit card numbers and magnetic stripe information, social security numbers, driver’s license numbers, passport numbers, government issued identification numbers, health-related information, biometric data, financial account information, personally identifiable information collected from children under the age of 13 or from online services directed toward children, and real time geo-location data which can identify an individual, or information deemed “sensitive” under applicable law (such as racial or ethnic origin, political opinions, or religious or philosophical beliefs).

6 Intellectual Property Rights.

6.1 By Customer. Customer owns all right, title, and interest in and to Customer Confidential Information and Customer Data, including all related Intellectual Property Rights. Customer grants Asana and its authorized third party service providers a worldwide, non-exclusive license to host, copy, access, process, transmit, and display Customer Data: (a) to maintain, provide, and improve the Service and perform under this Agreement; (b) to prevent or address technical or security issues and resolve support requests; (c) to investigate in good faith an allegation that an End User is in violation of this Agreement or the Asana User Terms of Service; or (d) at Customer's direction or request or as permitted in writing by Customer.

6.2 By Asana. Asana owns and will continue to own all right, title, and interest, including all related Intellectual Property Rights, in and to its Confidential Information, Results, and the Service, including any enhancements, customizations, or modifications thereto. Where Customer purchases Professional Services hereunder, Asana grants to Customer a non-sublicensable, non-exclusive license to use any reports and other materials developed by Asana as a result of the Professional Services (“Results”) solely in conjunction with Customer’s authorized use of the Service and in accordance with this Agreement.

6.3 Suggestions. Asana welcomes feedback from its customers about the Service and Professional Services. If Customer (including any End User) provides Asana with any feedback or suggestions regarding the Service or Professional Services (“Feedback”), Asana may use, disclose, reproduce, sublicense, or otherwise distribute and exploit the Feedback without restriction or any obligation to Customer or any End User provided that Asana shall not identify Customer or any End User as the source of such Feedback.

7 Indemnification.

7.1 By Customer. Customer shall defend Asana, its Affiliates, and their employees, officers, and directors (together, the “Asana Indemnified Parties”) from and against third party claims, actions, and demands arising from allegations that Customer Data, unauthorized use of the Service by Customer or its End Users, or Asana’s processing of data pursuant to Customer’s instructions infringes a third party’s Intellectual Property Right or privacy right (each, a “Claim Against Asana”), and Customer shall indemnify and hold the Asana Indemnified Parties harmless against any damages, reasonable attorneys’ fees, and costs finally awarded against Asana Indemnified Parties as a result of, or for any amounts paid by the Asana Indemnified Parties under a Customer-approved settlement of, a Claim Against Asana.

7.2 By Asana. Asana shall defend Customer, its Affiliates, and their employees, officers, and directors (together the “Customer Indemnified Parties”) from and against third party claims, actions, and demands alleging that Customer’s authorized use of the Service infringes or misappropriates any copyright, trade secret, U.S. patent, or trademark right of that third party (each, a “Claim Against Customer”), and Asana shall indemnify and hold the Customer Indemnified Parties harmless against any damages, reasonable attorneys’ fees, and costs finally awarded against Customer Indemnified Parties as a result of, or for any amounts paid by the Customer Indemnified Parties under an Asana-approved settlement of, a Claim Against Customer; provided, however, in no event will Asana have any obligations or liability under this Section 7.2 to the extent a Claim Against Customer arises from: (a) Customer or any End User’s use of the Service other than as permitted under this Agreement; or (b) use of the Service in a modified form or in combination with products, services, content, or data not furnished to Customer by Asana.

7.3 Potential Infringement. If the Service becomes, or in Asana’s reasonable judgment is likely to become, the subject of a claim of infringement, then Asana may in its sole discretion: (a) obtain the right, at Asana’s expense, for Customer to continue using the Service; (b) provide a non-infringing functionally equivalent replacement; or (c) modify the Service so that it is no longer infringing. If Asana, in its sole and reasonable judgment, determines that none of the above options are commercially reasonable, then Asana may suspend or terminate Customer’s use of the Service, in which case Asana’s sole liability (in addition to its obligations under Section 7.2) shall be to provide Customer with a prorated refund of any prepaid, unused fees applicable to the remaining portion of the Subscription Term. Sections 7.2 and 7.3 state Asana’s sole liability and the Customer Indemnified Parties’ exclusive remedy for infringement claims.

7.4 Indemnification Process. The party seeking indemnification shall provide prompt notice to the indemnifying party concerning the existence of an indemnifiable claim and shall promptly provide the indemnifying party with all information and assistance reasonably requested and otherwise cooperate fully with the indemnifying party in defending the claim. Failure to give prompt notice shall not constitute a waiver of a party’s right to indemnification and shall affect the indemnifying party’s obligations under this Agreement only to the extent that the indemnifying party’s rights are materially prejudiced by such failure or delay. The indemnifying party shall have full control and authority over the defense of any claim; provided, however, that any settlement requiring the party seeking indemnification to admit liability or make any financial payment shall require such party’s prior written consent, not to be unreasonably withheld or delayed.

8 Liability.

8.1 Limitation of Liability. EXCEPT FOR A PARTY’S INDEMNIFICATION OBLIGATIONS UNDER SECTION 7 (“INDEMNIFICATION”), IN NO EVENT SHALL EITHER PARTY’S OR ITS AFFILIATES’ AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT (WHETHER IN CONTRACT, TORT, NEGLIGENCE OR UNDER ANY OTHER THEORY OF LIABILITY) EXCEED THE TOTAL AMOUNT PAID OR PAYABLE BY CUSTOMER HEREUNDER IN THE 12 MONTHS IMMEDIATELY PRECEDING THE FIRST EVENT GIVING RISE TO LIABILITY.

8.2 Exclusion of Consequential and Related Damages. IN NO EVENT SHALL EITHER PARTY OR ITS AFFILIATES HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY LOST PROFITS, REVENUES, OR LOSS OF USE, OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY AND WHETHER OR NOT A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE. THE FOREGOING DISCLAIMER SHALL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.

8.3 The provisions of this Section 8 allocate the risks under this Agreement between the parties, and the parties have relied on these limitations in determining whether to enter into this Agreement.

9 Export Compliance. The Service may be subject to export laws and regulations of the United States and other jurisdictions. Customer represents that neither it nor any of its End Users are named on any U.S. government denied-party list. Customer shall not permit any End User to access or use any Service in a U.S.-embargoed country or region or in violation of any U.S. export law or regulation. Customer and its End Users shall not use the Service to export, re-export, transfer, or make available, whether directly or indirectly, any regulated item or information to anyone outside the U.S. in connection with this Agreement without first complying with all export control laws and regulations that may be imposed by the U.S. Government and any country or organization of nations within whose jurisdiction Customer operates or does business.

10 Use Outside the United States of America. The Service is controlled and operated by Asana from its offices in the United States of America. Except as explicitly set forth herein, Asana makes no representations that the Services are appropriate for use in other jurisdictions. Those who access or use the Service from other jurisdictions do so at their own risk and are responsible for compliance with local laws. Asana may offer services in other jurisdictions that are subject to different terms and conditions. In such instances, the terms and conditions governing those non-U.S. services shall take precedence over any conflicting provisions in this Agreement.

11 Miscellaneous.

11.1 Governing Law; Venue. This Agreement and any disputes arising under it will be governed by the laws of the State of California without regard to its conflict of laws provisions, and each party consents to the personal jurisdiction and venue of the state or federal courts located in San Francisco, California. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded.

11.2 Informal Dispute Resolution and Arbitration. The parties agree that most disputes can be resolved without resort to litigation. The parties agree to use their best efforts to settle any dispute directly through consultation with each other before initiating a lawsuit or arbitration. If, after good faith negotiations the parties are unable to resolve the dispute, the parties agree that any and all disputes arising out of or in any way relating to this Agreement, including without limitation its existence, validity or termination, shall be resolved according to California law and exclusively by binding arbitration before a single arbitrator with the Judicial Arbitration and Mediation Service (JAMS) and pursuant to the then existing arbitration rules at JAMS. If the parties cannot agree upon selection of an arbitrator, then JAMS shall appoint an arbitrator experienced in the enterprise software industry. The place of the arbitration will be San Francisco, California unless otherwise agreed upon by the parties. The arbitration will be conducted in English. The arbitrator shall provide detailed written findings of fact and conclusions of law in support of any award. Judgment upon any such award may be enforced in any court of competent jurisdiction. The parties further agree that the arbitration shall be conducted in their individual capacities only and not as a class action or other representative action, and the parties expressly waive their right to file a class action or seek relief on a class basis. If any court or arbitrator determines that the class action waiver set forth herein is void or unenforceable for any reason or that an arbitration can proceed on a class basis, then the portions of Section 11.3 mandating arbitration shall be deemed null and void in its entirety and the parties shall be deemed to have not agreed to arbitrate disputes. Customer may opt out and not be bound by the arbitration and class action waiver provisions by sending written notice to Asana. The notice must be sent within thirty (30) days of the Effective Date of this Agreement between Customer and Asana. If Customer opts out of arbitration, Asana also will not be bound to arbitrate. Notwithstanding the foregoing, either party shall be entitled to seek injunctive relief as set forth in Section 5.3 (“Equitable Relief”) above and to stop unauthorized use of the Service or infringement of Intellectual Property Rights. Disputes, claims, or controversies concerning either party’s Intellectual Property Rights or claims of piracy or unauthorized use of the Service shall not be subject to arbitration. The parties further agree that the prevailing party in any action or proceeding to enforce any right or provisions under this Agreement, including any arbitration or court proceedings, will be entitled to recover its reasonable costs and attorneys’ fees.

11.3 Notice. Asana may give general notices related to the Service that are applicable to all customers by email, text, in-app notifications, or by posting them on the Asana website or through the Service and such electronic notices shall be deemed to satisfy any legal requirement that such notices be made in writing. Other notices must be sent via email, first class, airmail, or overnight courier to the addresses of the parties provided herein or via an Order Form and are deemed given when received. Notices to Asana must be sent to Asana Legal at legal@asana.com with a copy to Asana, Inc., 1550 Bryant Street, Suite 200, San Francisco, CA 94103, Attn: Legal Dept.

11.4 Publicity. Asana may include Customer’s name and logo in Asana’s online customer list and in print and electronic marketing materials.

11.5 Beta Access. Customer may be invited to participate in review and testing of pre-release versions of new and beneficial tools and Service enhancements which may be identified to Customer as “alpha,” “beta,” “preview,” “pre-release,” “early access,” or “evaluation” product or services (collectively, the “Beta Tests” and such pre-release functionality, the “Beta Product”). Customer acknowledges and understands that its participation in Beta Tests is not required and is at Customer’s own risk, and that Beta Products are made available on an “as is” basis without warranties (express or implied) of any kind, and may be discontinued or modified at any time. Beta Products are for evaluation and testing purposes, not for production use, not supported, not subject to availability or security obligations, and may be subject to additional terms. Asana shall have no liability for any harm or damage arising out of or in connection with Beta Products. The Beta Products, including without limitation Customer’s assessment of any Beta Product, are Confidential Information of Asana.

11.6 Relationship of the Parties. The parties are and shall be independent contractors with respect to all services provided under this Agreement. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties. There are no third-party beneficiaries to this Agreement. Without limiting this Section, a Customer's End Users are not third-party beneficiaries to Customer's rights under this Agreement.

11.7 Force Majeure. Asana shall not be liable for delayed or inadequate performance of its obligations hereunder to the extent caused by a condition that is beyond Asana’s reasonable control, including but not limited to natural disaster, civil disturbance, acts of terrorism or war, labor conditions, governmental actions, interruption or failure of the Internet or any utility service, failures in third-party hosting services, and denial of service attacks (each a “Force Majeure Event”). Asana shall be relieved from its obligations (or part thereof) as long as the Force Majeure Event lasts and hinders the performance of said obligations (or part thereof). Asana shall promptly notify Customer and make reasonable efforts to mitigate the effects of the Force Majeure Event.

11.8 Severability; No Waiver. In the event that any provision of this Agreement is found to be invalid or unenforceable pursuant to any judicial decree or decision, such provision shall be limited or eliminated to the minimum extent necessary so that this Agreement shall otherwise remain in full force and effect and remain enforceable between the parties. No waiver of any term of this Agreement shall be deemed a further or continuing waiver of such term or any other term, and a party’s failure to assert any right or provision under this Agreement shall not constitute a waiver of such right or provision.

11.9 Assignment. Neither this Agreement nor any of the rights and licenses granted under this Agreement may be transferred or assigned by either party without the other party’s express written consent (not to be unreasonably withheld or delayed); provided, however, that either party may assign this Agreement and all Order Forms under this Agreement upon written notice without the other party’s consent to an Affiliate or to its successor in interest in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets not involving a direct competitor of the non-assigning party. Any other attempt to transfer or assign this Agreement will be null and void. Subject to the foregoing, this Agreement shall bind and inure to the benefit of the parties, their respective successors, and permitted assigns.

11.10 Government Agencies. If Customer is a Government agency utilizing Asana’s Service in an official capacity, Customer’s use of the Service shall be subject to this Subscriber Agreement and the Amendment to Asana Subscriber Agreement Applicable to U.S. Government Customers.

11.11 Modifications. Asana may revise this Agreement from time to time by posting the modified version on its website. If, in Asana’s sole discretion, the modifications proposed are material, Asana shall provide Customer with notice in accordance with Section 11.4 at least twenty (20) days prior to the effective date of the modifications being made. By continuing to access or use the Service after the posted effective date of modifications to this Agreement, Customer agrees to be bound by the revised version of the Agreement.

11.12 Entire Agreement. This Agreement, including all attachments, exhibits, addendums, and any Order Form(s) hereunder, constitutes the entire agreement between the parties concerning the subject matter hereof and supersedes and replaces any prior or contemporaneous representations, understandings and agreements, whether written or oral, with respect to its subject matter. The parties are not relying and have not relied on any representations or warranties whatsoever regarding the subject matter of this agreement, express or implied, except for the representations and warranties set forth in this Agreement. To the extent of any conflict or inconsistency between the provisions of the Agreement and any Order Form, the Agreement shall prevail. Notwithstanding any language to the contrary therein, no terms or conditions stated in a Customer purchase order, vendor onboarding process, web portal, or any other Customer order documentation shall be incorporated into or form any part of this Agreement, and all such terms or conditions shall be null and void.

11.13 Applicability. This Agreement applies to you if: (a) you are a new Customer or have become a new Customer on or after November 30, 2018; (b) you enter into a Trial of Asana that is subject to this Agreement; or (c) you click a button indicating your agreement with the terms of this Agreement or enter into an Order Form or similar form referencing or otherwise incorporating this Agreement.

12 Definitions.

12.1 “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means either: (a) ownership or control of more than 50% of the voting interests of the subject entity; or (b) the power to direct or cause the direction of the management and policies of an entity, whether through ownership, by contract, or otherwise.

12.2 “Customer Data” means information submitted by an End User through the Service, including all associated messages, attachments, files, tasks, project names, team names, channels, conversations, and other similar content.

12.3 “Documentation” means Asana’s then-current online user guides, as updated from time to time, and made accessible from within the “Help” feature of the Service.

12.4 “End User” means an individual who is authorized by Customer to use the Service under Customer’s account. End Users may include, without limitation, Customer’s or its Affiliates’ employees, consultants, contractors and agents.

12.5 “Intellectual Property Rights” means unpatented inventions, patent applications, patents, design rights, copyrights, trademarks, service marks, trade names, domain name rights, mask work rights, know-how and other trade secret rights, and all other intellectual property rights, derivatives thereof, and forms of protection of a similar nature anywhere in the world.

12.6 “Improvements” means new features, functionality, enhancements, upgrades, error corrections and bug fixes to the Service made generally available by Asana at no additional charge.

12.7 “Order Form” means an ordering document or an online order set forth in the Service interface entered into between Customer and Asana (or Affiliates of either party) specifying the Service or Professional Services (if any) to be provided under this Agreement.

12.8 “Professional Services” means the customer success services provided by Asana, as specified in the applicable Order Form.

12.9 “Service” means Asana’s collaboration work management software as a service platform, including any Improvements, as described in the applicable Order Form.

12.10 “Subscription” means the access to the Service purchased by Customer on a per End User basis.

12.11 “Subscription Term” means the period identified in the Order Form during which Customer’s End Users are permitted to use or access the Service pursuant to the terms set forth in this Agreement.

Asana meddelande om kakor

Senast uppdaterat: 4 februari 2021

Det här meddelandet om kakor beskriver vilka typer av kakor och liknande spårningsteknologier vi använder i tjänsterna via våra webbplatser och appar, samt även hur vi använder dem och vad du du kan göra för att kontrollera kakor.

Vad är kakor?

Kakor är små textfiler som en webbplats via din webbläsare eller mobilapp laddar ned till din dator eller mobila enhet när du besöker en webbplats eller annan onlinetjänst. Kakor lagrar information om hur du använder en onlinetjänst så att webbplatsen kan känna igen din enhet, tillhandahålla funktioner, förbättra din upplevelse (som att komma ihåg ditt språk), analysera användningsmönster och anpassa innehåll och reklam.

När vi säger ”kaka” menar vi inte smarriga kakor med choklad, utan online-spårningsverktyg och -tekniker, såsom webb-beacons (även kallade spårningspixlar). Webb-beacons, precis som kakor, hjälper oss att analysera hur besökare på våra webbplatser använder Asana och att leverera personligt innehåll. Webb-beacons kan även inkluderas i utskickade e-postmeddelanden för att avgöra om de har lästs eller lett till handling. För ytterligare information om kakor, besök [www.allaboutcookies.org] (http://www.allaboutcookies.org/)

Hur använder Asana kakor?

Asana använder kakor för att samla in en mängd information för olika ändamål. Här är exempel på de typer av information som vi samlar in via kakor:

  • Information relaterad till din inloggning, så att webbplatsen kommer ihåg att du har loggat in tidigare eller så att du kan fortsätta vara inloggad när du lämnar webbplatsen
  • Antal besökare, användningsfrekvens för webbplatser och appar, besökta sidor, klick och den totala användningstiden
  • Vilka webbplatser du har besökt innan du besöker våra webbplatser och mobilappar
  • Information om din webbläsare, IP-adress, surfinställningar
  • Huruvida du besöker sidan för första gången
  • Dina visningsinställningar (t.ex. layout, storlek, språk, etc.)

Här är några exempel på hur vi använder den information vi samlar in via kakor:

  • Komma ihåg vilka uppgifter du deltar i i för att ge åtkomst till dessa uppgifter varje gång du loggar in
  • Anpassa ditt besök på våra webbplatser och mobilappar baserat på dina tidigare preferenser
  • Skräddarsy våra reklam- och marknadsföringsmeddelanden till dig, baserat på vår information eller information från våra tredjepartsleverantörer, för att lyfta fram funktioner vi erbjuder som kan intressera dig
  • Analysera användartrender över hela vår användarbas för att förbättra vår webbplats och våra mobilappar och tjänster, och därmed bättre förstå hur vi kan erbjuda dig nya tjänster

Besök vår [kaktabell] (#cookies-list) för information om de specifika kakorna vi använder för dessa ändamål.

Vissa av de kakor vi använder är förstapartskakor, som vi skapar för att få Asana att fungera korrekt och analysera användningen. Vi tillåter även vissa underleverantörer att placera tredjepartskakor för att möjliggöra tredjepartsfunktioner eller för att underlätta våra analys- och reklamaktiviteter.

  • Absolut nödvändiga kakor: Dessa kakor är absolut nödvändiga för att förse dig med vissa funktioner. Med dessa kakor får du till exempel åtkomst till säkra områden som kräver registrering och där du kan ställa in dina sekretesspreferenser. Eftersom dessa kakor är nödvändiga för att vi ska kunna tillhandahålla tjänster till dig kan du inte inaktivera dem.

  • Prestandakakor (även kända som analyskakor): Dessa kakor tillåter oss eller våra analysleverantörer (tredje part) att samla in information och statistik kring användningen av våra tjänster från dig och andra besökare. Den informationen hjälper oss att förbättra våra tjänster och produkter till förmån för dig och andra.

  • Funktionskakor: Dessa kakor ger förbättrad funktionalitet, ger chattstöd, gör det lättare att fylla i formulär, anpassar innehåll efter dina preferenser och väljer dina kommunikationspreferenser. Om du inte aktiverar dessa kakor eller väljer att inaktivera dem i framtiden kan det påverka din användning av vissa funktioner.

  • Riktade kakor: Dessa kakor tillhandahålls av våra annonseringspartner (tredje part) och samlar in information om dina surfvanor samt dina preferenser för olika funktioner och tjänster. Deras granskning, forskning och rapportering påverkar vilket reklaminnehåll som visas och hur framgångsrikt innehållet har varit. Den här informationen tillåter oss och våra reklamleverantörer (tredje part) att visa relevant reklaminnehåll.

  • Sociala medier-kakor: Dessa kakor används när information delas via en delningsknapp för sociala medier (t.ex. en ”gilla”-knapp), eller när du länkar ditt konto eller använder vårt innehåll på eller via en social nätverkssajt såsom Facebook, Twitter eller Snapchat.

Hur länge kakor lagras på din enhet varierar beroende på om kakor är tillfälliga eller bestående.

Sessionskakor. Vi använder tillfälliga kakor, även kallade sessionskakor, på våra säkra sidor för att tilldela och registrera ett sessions-ID. Detta gör att du kan besöka och använda våra webbplatser och tjänster utan avbrott och de förser oss med intern rapportering. Dessa kakor upphör när du stänger webbläsaren.

Bestående kakor. Vi och våra tredjepartsleverantörer använder bestående kakor för att förstå användarnas surfbeteende under en längre tid eller för att tillhandahålla ytterligare funktioner eller anpassning. De kan lagras på din enhet olika länge – allt från 24 timmar, till en vecka eller flera år – beroende på deras funktion. Dessa kakor finns kvar efter att din webbläsare stängs och kan användas för att känna igen din enhet när du öppnar webbläsaren och återbesöker våra webbplatser och appar.

Alla besökare. Du kan kontrollera inställda kakor i dina enheter på olika sätt. Som vi tidigare nämnde kan radering eller inaktivering av kakor påverka din användning av vissa funktioner. Vi svarar för närvarande inte på DNT-signaler (Do Not Track).

Webbläsarinställningar. Du kan inaktivera och/eller radera de flesta typerna av kakor med hjälp av dina webbläsarinställningar. Eftersom metoden för att aktivera eller inaktivera kakor varierar från en webbläsare till en annan (t.ex. Safari, Chrome, Mozilla Firefox), bör du se efter i din specifika webbläsares hjälpmeny för att få mer information om kakpreferenser. Du kan när som helst konfigurera din webbläsare att avisera när den mottar en kaka, så att du kan välja att acceptera den eller inte. Observera att det för närvarande är tekniskt omöjligt för dig att synkronisera dina inställningar över de olika webbläsarna och enheterna du använder. Du måste därför ställa in dem separat för varje webbläsare/enhet du använder och ställa in dem på nytt varje gång du använder en ny webbläsare eller enhet.

Beroende på region kan du bli ombedd att godkänna kakor när du besöker en av våra webbplatser. Du kan justera dina kakinställningar i vårt kakorpreferenscenter här: Kakinställningar

Inaktivering av kakor

Om du väljer att inaktivera kakor kan du fortsätta använda vissa delar av våra tjänster och webbplatser. Vissa användbara funktioner kan dock sluta fungera, beroende på vilka kakor du inaktiverar. Du kanske till exempel inte kan använda vår chattfunkion för att ställa frågor, och innehållet kanske inte blir lika anpassat efter dina preferenser.

Observera att vi, efter inaktivering, kan fortsätta att använda information som inaktiverade kakor redan hade samlat in. Vi kommer dock inte att samla in ny information via den bortvalda kakan när den är inaktiverad.

Ändringar av meddelandet

Vi kan uppdatera meddelandet vid ändringar i vår praxis eller våra skyldigheter. Besöka meddelandet regelbundet för att hålla dig underrättad om vår användning av kakor.

Kontakta oss

Skriv till privacy@asana.com om du har frågor om hur vi använder kakor.

Asana API Terms and Conditions

Last Updated: May 1, 2019

Thank you for using the Asana Application Programming Interfaces (the "Asana APIs"). These API Terms and Conditions (the “API Terms”), together with the Asana Terms of Service, form a binding contract between you, or the company or legal entity that you represent, and Asana. As used in these API Terms, "we," "our" and "us" refers to Asana, and "you," and "your," refers to the individual, company or legal entity that you represent.

By agreeing to these API Terms, you agree to abide by these API Terms and any and all guidelines or other documentation provided by Asana for use in connection with the Asana APIs (the “API Documentation”). In the event of any inconsistency between these API Terms and the Terms of Service, these API Terms shall control.

Some of these API Terms apply to your own use of the Asana APIs to develop, test, and support Your Application, while others apply to your access and use of the Asana APIs to receive, modify, use, and display User Content from the Asana Service in Your Application or to distribute Your Application to end users and allow such end users to access your integration of the Asana APIs within Your Application. Not all of the provisions of these API Terms may apply to your specific use of the Asana APIs in each instance.

If you are accepting these API Terms on behalf of a company or other legal entity, you represent and warrant that you have the legal authority to bind such entity to these API Terms.

  1. License Grants and Restrictions.
    1. API License Grant. Subject to your compliance with these API Terms, we grant you a non-exclusive, revocable, non-transferable and non-sublicensable license to (i) access and use the Asana APIs and API Documentation to receive, modify, use, and display user content (the "User Content") from the Asana service (the “Asana Service”) in your website or native application for mobile devices ("Your Application") subject to the permissions of the relevant users’ accounts; (ii) use the Asana APIs, API Documentation, or User Content to develop, test, and support Your Application, and (iii) distribute Your Application to end users and to allow such end users to access your integration of the Asana APIs within Your Application. You may not use the Asana APIs for any other purpose without Asana’s prior written consent. If you are integrating the Asana APIs in Your App, you may charge for Your Application; however, you may not sell, rent, lease, sublicense, redistribute, or syndicate access to the Asana APIs.
    2. Trademark License Grant. Subject to your compliance with these API Terms, we grant you a non-exclusive, revocable, non-transferable and non-sublicensable license to reproduce and display the Asana name and logo (the "Asana Marks") in accordance with the Asana Trademark Guidelines and solely to promote or advertise your integration of the Asana APIs in Your Application.
    3. All of our rights not expressly granted by these API Terms are hereby retained.
    4. In connection with your use of the Asana APIs, you must:
      1. Obtain the explicit consent of the user before collecting, using, posting, or sharing any User Content obtained through the Asana APIs on a user’s behalf. Mere authorization of your application by the user does not constitute consent.
      2. Comply with the Asana Terms of Service
      3. Comply with any requirements or restrictions imposed on usage of User Content by the owner of such content. Although the Asana APIs can be used to provide you with access to User Content, neither Asana’s provision of the Asana APIs to you nor your use of the Asana APIs overrides any requirements or restrictions placed on such User Content by the user or a third party with a legal interest in the User Content.
      4. Maintain a user agreement and privacy policy for Your Application, which is prominently identified or located where users download or access Your Application. Your privacy policy must meet applicable legal standards and describe the collection, use, storage and sharing of data in clear, understandable and accurate terms. You must promptly notify us in writing via email to terms-questions@asana.com of any breaches of your user agreement or privacy policy that impact or may impact users of the Asana APIs, the Service, or the Website.
      5. Obtain the consent of a user prior to deleting or destroying any of the content associated with their Asana account.
      6. Provide attribution to Asana as the source of data in accordance with the following guidelines:
        1. Display an Asana Mark so it is clear to the user that the data is from Asana.
        2. Link the logo in such Asana Mark to https://asana.com.
        3. Comply at all times with trademark guidelines provided by Asana when using or displaying the Asana Marks.
    5. You (and Your App) May Not:
      1. Access, store, or share User Content to which the user has not granted you explicit access rights, or user’s login credentials.
      2. Make requests that exceed our rate limits or use the Asana APIs in a manner that impacts the stability of Asana's servers or impacts the behavior of other applications using the Asana APIs.
      3. Engage in any activity that (i) compromises, breaks, or circumvents any of our technical processes or security measures associated with the Asana APIs, the Service, or the Website or (ii) poses a security vulnerability to other users.
      4. Use "nofollow" tags on your links to Asana. All links back to Asana should be followable.
      5. Request or publish information impersonating an Asana user or misrepresent any user or other third party in requesting or publishing information.
      6. Create or disclose metrics about, or perform any statistical analysis of, the Asana APIs.
      7. Display Asana’s Marks or User Content in a manner that could reasonably imply an endorsement, relationship or affiliation with or sponsorship between you or a third party and Asana, other than your permitted use of the Asana APIs under these API terms.
      8. Display the User Content on any site that disparages Asana or its products or services, or infringes any Asana intellectual property or other rights.
      9. Copy, sell, rent, lease, transfer, assign, sublicense, disassemble, reverse engineer or decompile (except to the limited extent expressly authorized under applicable statutory law), modify or alter any part of the Asana APIs.
      10. Sell, rent, lease, share, transfer, assign, or sublicense any User Content or other information or data obtained through the Asana APIs, directly or indirectly, to or with any third party, including any data broker, ad network, ad exchange, or other advertising or monetization-related party.
      11. Use the User Content in any advertisements or for purposes of targeting advertisements (whether such advertisements appear in Your Application or elsewhere).
      12. Attempt to cloak or conceal your identity or your application's identity when requesting authorization to use the Asana APIs.
      13. Use the Asana APIs for any application that constitutes, promotes or is used primarily for the purpose of dealing in:
        1. spyware or any other malicious programs or code;
        2. activities that violate any law or regulation, or any rights of any person, including but not limited to intellectual property rights;
        3. activities that, in Asana’s sole judgment, are offensive or might harm Asana’s business or its reputation.
      14. Access the Asana APIs or API Documentation in order to replicate or compete with the Asana APIs, the Service, or the Website.
  2. Usage Limitations. Asana may limit the maximum User Content that may be accessed, the rate at which such User Content may be accessed, and/or the number of network calls that Your Application may make via the Asana APIs. Asana may change such usage limits at any time, and/or may utilize technical measures to prevent over-usage and/or stop usage of the Asana APIs by an application after any usage limitations are exceeded.
  3. Fees and Payment. The Asana APIs are currently provided for free, but Asana reserves the right to charge fees for the future use of or access to the Asana APIs. If we do charge a fee for use of the Asana APIs, we will provide you with reasonable notice and you can stop using the Asana APIs at any time.
  4. Suspension and Termination. Your license to utilize the Asana APIs and the Asana Marks shall continue until it is terminated by either party as set forth herein. You may terminate this license at any time by discontinuing use of the Asana APIs. Asana may suspend or terminate your right and license to use all or any of the Asana APIs or the API Documentation at any time, with or without cause, and without notice to you. Upon termination of your license for any reason, you shall destroy and remove from all computers, hard drives, networks, and other storage media all copies of User Content and Asana Marks.
  5. Disclaimer of Any Warranty. Asana does not represent or warrant that any Asana APIs are free of inaccuracies, errors, bugs or interruptions, or are reliable, accurate, complete or otherwise valid. THE ASANA APIs ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITH NO WARRANTY OF ANY KIND AND ASANA EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES AND CONDITIONS, INCLUDING, BUT NOT LIMITED TO, ANY AND ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AVAILABILITY, SECURITY, TITLE AND/OR NON-INFRINGEMENT. WE DO NOT WARRANT THAT THE ASANA APIs WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE. YOUR USE OF THE ASANA APIs IS AT YOUR OWN DISCRETION AND RISK, AND YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE THAT RESULTS FROM THE USE OF ANY ASANA APIs INCLUDING, BUT NOT LIMITED TO, ANY DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS OF DATA.
  6. Limitation of Liability. ASANA SHALL NOT, UNDER ANY CIRCUMSTANCES, BE LIABLE TO YOU FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL OR EXEMPLARY DAMAGES ARISING OUT OF OR IN CONNECTION WITH USE OF THE ASANA APIs, WHETHER BASED ON BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE, PRODUCT LIABILITY OR OTHERWISE), OR ANY OTHER PECUNIARY LOSS, WHETHER OR NOT ASANA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT WILL OUR AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE API TERMS (WHETHER IN CONTRACT OR TORT OR UNDER ANY OTHER THEORY OF LIABILITY) EXCEED $100. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES OR THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES. ACCORDINGLY, SOME OF THE LIMITATIONS IN SECTIONS 5-7 MAY NOT APPLY TO YOU. IF YOU ARE A NEW JERSEY RESIDENT, OR A RESIDENT OF ANOTHER STATE THAT PERMITS THE EXCLUSION OF THESE WARRANTIES AND LIABILITIES, THEN THE ABOVE LIMITATIONS SPECIFICALLY DO APPLY TO YOU.
  7. Release and Waiver. To the maximum extent permitted by applicable law, you hereby release and waive all claims against Asana, and its subsidiaries, affiliates, officers, agents, licensors, co-branders or other partners, and employees from any and all liability for claims, damages (actual and/or consequential), costs and expenses (including litigation costs and attorneys' fees) of every kind and nature, arising from or in any way related to your use of the Asana APIs, the User Content or the Asana Marks. If you are a California resident, you waive your rights under California Civil Code 1542, which states, "A general release does not extend to claims which the creditor does not know or suspect to exist in his favor at the time of executing the release, which if known by him must have materially affected his settlement with the debtor." You understand that any fact relating to any matter covered by this release may be found to be other than now believed to be true and you accept and assume the risk of such possible differences in fact. In addition, you expressly waive and relinquish any and all rights and benefits that you may have under any other state or federal statute or common law principle of similar effect, to the fullest extent permitted by law.
  8. Indemnification. To the maximum extent permitted by applicable law, you agree to indemnify and hold harmless Asana and its subsidiaries, affiliates, officers, agents, licensors, co-branders or other partners, and employees from any and all third party claims arising from or in any way related to your use of the Asana APIs, including any liability or expense arising from all claims, losses, damages, liabilities, costs and fees (including reasonable attorneys' fees) of every kind and nature. Notwithstanding anything contained in the preceding sentence, (a) we will always be free to choose our own counsel if we pay for the cost of such counsel; and (b) no settlement may be entered into by you, without our express written consent (such consent not to be unreasonably withheld), if: (i) the third party asserting the claim is a government agency, (ii) the settlement arguably involves the making of admissions, (iii) the settlement does not include a full release of liability, or (iv) the settlement includes terms other than a full release of liability and the payment of money.
  9. Remedies. You acknowledge that your breach of these API terms may cause irreparable harm to Asana, the extent of which would be difficult to ascertain. Accordingly, you agree that, in addition to any other remedies to which Asana may be legally entitled, Asana shall have the right to seek immediate injunctive relief in the event of a breach of these API terms by you or any of your officers, employees, consultants or other agents.
  10. General Terms.
    1. Publicity. You grant us the right to use your company name and logo as a reference for marketing or promotional purposes on our website and in other public or private communications with our existing or potential developers and customers, subject to your standard trademark usage guidelines as provided to us from time-to-time.
    2. Relationship of the Parties. You and Asana are independent contractors and these API Terms do not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties. You shall not have any authority to assume or create any obligation for or on behalf of Asana, express or implied, and you shall not attempt to bind Asana to any contract without its express consent.
    3. Severability. If any provision of these API Terms is found by a court of competent jurisdiction to be invalid, the parties nevertheless agree that the court should endeavor to give effect to the parties’ intentions as reflected in the provision and that the other provisions remain in full force and effect.
    4. Governing Law. These API Terms and the relationship between you and Asana shall be governed by the laws of the State of California without regard to its conflict of law provisions. You and Asana agree to submit to the personal jurisdiction of the courts located within the city and county of San Francisco, CA.
    5. No Waiver. Asana’s failure to exercise or enforce any right or provision of these API Terms shall not constitute a waiver of such right or provision.
    6. Survival. Sections 1.3, 4, 5, 6, 7, 8, and all of the subsections of Section 10 will survive any termination or expiration of the API Terms.
    7. Entire Agreement. These API Terms, together with the Asana Terms of Service, constitute the entire agreement between the parties and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. In the event of any inconsistency between these API Terms and the Asana Terms of Service, these API Terms shall control.

For questions about these or any Asana terms or policies, email us at terms-questions@asana.com.

Riktlinjer för databegäran i samband med brottsbekämpning

Dessa riktlinjer är avsedda att förse brottsbekämpande myndigheter med information kring hur man begär ut register från Asana. Vi följer rådande användarvillkor och sekretesspolicy och svarar endast på brottsbekämpande begäranden som följer etablerad rättslig process och tillämplig lag.

  1. Juridiska krav i USA Vi avslöjar användarinformation endast i enlighet med våra publicerade användarvillkor och tillämplig amerikansk lag, inklusive den federala lagen för lagrad kommunikation ("SCA"), 18 U.S.C. Avsnitt 2701-2712. I enlighet med amerikansk lag:
    1. Vi kräver en rättsligt giltig stämning, utfärdad i samband med en officiell brottsutredning, innan vi avslöjar någon information i våra användarregister, som kan innehålla namn, hur länge tjänsten har använts, kreditkortsinformation (inklusive faktureringsadress), e-postadress(er) och IP-adress, i tillgängliga fall.
    2. Det krävs ett domstolsbeslut för att vi ska avslöja vissa registerposter eller annan information som är relaterad till ett användarkonto (exklusive innehållet i kommunikationen), vilken kan innehålla meddelanderubrik och IP-adresser, utöver de grundläggande, ovan angivna användaruppgifterna.
    3. Vi kräver en korrekt utfärdad (enligt förfarandena beskrivna i Federal Rules of Criminal Procedure eller en motsvarande statlig bestämmelse) husrannsakansorder, baserad på sannolik grund, för att avslöja det lagrade innehållet på ett konto, som kan innehålla meddelanden, bifogade filer eller annat innehåll i kommunikationen.
  2. Internationella juridiska krav. Vid förfrågningar från polisiära myndigheter utanför USA kan en Mutual Legal Assistance Treaty-begäran (MLAT) eller brevförklaring krävas för att vi ska kunna avslöja innehållet på ett konto.
  3. Bevarandeåtgärder för konto. Vi kommer att vidta rimliga åtgärder för att bevara kontoposter i samband med officiella brottsutredningar under 90 dagar i väntan på en formell juridisk begäran om användardata. Du kan begära att vi bevarar uppgifterna via e-post, fax eller post enligt nedan.
  4. Information som krävs i samband med din begäran.
    1. Din kontaktinformation.
      1. Namn på begärande myndighet
      2. Namn på begärande representant
      3. ID-bricka/-nummer för begärande representant
      4. Jobb-e-postadress för begärande representant
      5. Telefonnummer, inkl. anknytning, till begärande representant
      6. Postadress till begärande representant (postbox inte tillräckligt)
      7. Begärt svarsdatum (vänta minst 3 veckor för behandling)
    2. Information om databegäran
      1. Asana-användarens fullständiga namn (för- och efternamn)
      2. E-postadress(er) associerade med användarkontot
      3. En tydlig och specifik beskrivning av de begärda uppgifterna (vi kommer inte att kunna behandla alltför breda eller vaga förfrågningar)
  5. Datatillgänglighet. Vi kommer att eftersöka och förmedla data som har specificerats i en officiell juridisk process och som vi rimligen kan hitta och hämta.
  6. Underrättelse till användare. Asanas policy är att underrätta användare om det inkommer begäranden kring deras information, samt inkludera en kopia av begäran innan vi ger ut informationen, så att användaren får möjlighet att ifrågasätta en sådan begäran om inte: (a) lagen eller ett domstolsbeslut förbjuder det; (b) det finns exceptionella omständigheter, såsom en nödsituation som medför risk för kroppsskada eller dödsfall för en person eller grupp människor eller potentiell skada för minderåriga; eller (c) en förvarning skulle vara kontraproduktiv (till exempel om vi tror att kontot i fråga är kapat). De polisiära tjänstemännen som anser att en förvarning skulle äventyra en utredning bör tillhandahålla ett domstolsbeslut eller annan tillämplig lag som fastställer att en förvarning är förbjuden. Observera att officiella förklaringar, försäkringsbrev eller liknande uttalanden inte är tillräckliga för att utesluta förvarning till våra användare. Observera att vi i situationer där en databegäran uppmärksammar en pågående överträdelse av våra användarvillkor kan – för att skydda vår tjänst och dess användare – vidta åtgärder för att förhindra ytterligare missbruk, inklusive åtgärder som kan meddela användaren/användarna som är föremål för er databegäran att vi är medvetna om deras potentiella överträdelser.
  7. Skicka din begäran. En datautbegäran kan skickas per fax till (415) 484-7702, med certifierad post, expresskurir eller lämnas in personligen på vårt huvudkontor på följande adress: Asana, Inc., 1550 Bryant Street, 8th Floor, San Francisco, CA 94103



För frågor kring detta eller andra Asana-villkor eller policy, mejla oss på terms-questions@asana.com.