Asana Privacy Policy

Effective Date: November 1, 2018

Asana offers a variety of team productivity, collaboration, and organizational tools available online, including via a mobile application (collectively, the “Service”), and websites, including but not limited to www.asana.com, wavelength.com, blog.asana.com, community.asana.com (the “Websites”). As you use the Service and interact with the Websites, Asana collects and processes information from and about you in order to provide you with access to the Service, enhance your experience while using the Service, and interact with you. This Privacy Policy (the “Policy”) describes how Asana collects, uses, and discloses information collected through the Service and Websites, and what choices you have with respect to such information. The first section below explains which privacy terms are applicable to you depending on what type of user you are.

References to “Asana” throughout the Policy mean the Asana entity that acts as the data controller or data processor of your information, as explained in more detail below. If you do not agree with this Policy, do not access or use the Service, Websites, or any other part of Asana’s business.

If you have any questions about this Privacy Policy, please contact Asana at: 1550 Bryant Street, Suite 200, San Francisco, CA 94103 or by emailing us at privacy@asana.com.

This Privacy Policy contains the following sections:

• I What Type of User am I and What Privacy Terms are Applicable to Me?
• II Privacy Terms for Subscribers
• III Privacy Terms for Free Users
• IV Privacy Terms for Site Visitors
• V Additional Privacy Terms for All Users
• VI Asana Contact Info

I. What Type of User am I and Which Privacy Terms Are Applicable to Me?

Asana has three different types of users depending on the Asana products used. Please see the bullets below to determine which type of user you are, and then click the internal link to visit the privacy terms applicable to you. It is possible that you may use Asana in different ways. If so, please review all applicable privacy terms. Also, don’t forget to review Section V, which contains privacy terms applicable to all users.

• Subscribers. We call users who use the Service as part of any tier of a paid Asana subscription plan “Subscribers.” The Service features and functionalities available to Subscribers are determined by the specific terms agreed to between Asana and the organization (e.g., your employer or another entity or person, called the “Customer”) that entered into a separate agreement that governs delivery, access, and use of the Service (for purpose of this Policy, the “Customer Agreement”). The Customer controls its instance of the Service and is the data controller of the information collected through the Service about Subscribers, and Asana is a data processor of such information. To go directly to the terms applicable to Subscribers, please click here.
• Free Users. We call users who use a non-paid version of the Service “Free Users.” While Free Users can access and use the Service, they have access to a more limited set of Service features and functionality than Subscribers. Asana is the data controller of the information collected through the Service about Free Users. To go directly to the terms applicable to Free Users, please click here.
• Site Visitors. We call users of the Websites “Site Visitors.” Site Visitors can be individuals who are simply browsing the Websites but who do not use the Asana Service; or, Site Visitors can be Free Users or Subscribers who visit the Websites to seek additional information about Asana. Asana is the data controller of the information collected through the Website about Site Visitors. To go directly to the terms applicable to Site Visitors please click here.

II. Privacy Terms for Subscribers

A. Overview

Section II of this Policy applies only to Subscribers. If you are a Subscriber, the “Customer Agreement” governs the collection and processing of information collected from you through the Customer’s instance of the Service (e.g. a Customer’s organization or workspace, but for purposes of this Policy referred to as the “Workspace”), including all associated messages, attachments, files, tasks, projects and project names, team names, channels, conversations, and other content submitted through the Service (“Workspace Content”). In the event of a conflict between this Privacy Policy and the Customer Agreement, the Customer Agreement governs. Because the Customer controls the Workspace used by Subscribers, if you have any questions about the Customer’s specific Workspace settings and privacy practices, please contact the Customer whose Workspace you use. If you are a Subscriber located in the European Union, please note that the Customer is the data controller with respect to the processing of your Workspace Content pursuant to the EU General Data Protection Regulation (“GDPR”). When processing Workspace Content of EU data subjects governed by the Customer Agreement, Asana is the data processor, meaning that we collect and process such information solely on behalf of the Customer.

B. Collection and Use of Subscriber Information

This section explains the information we collect from Subscribers. We do not require Subscribers to provide us with information. However, certain information, such as account log-in data, is required to provide you with access to the Service, and other information may be collected automatically as you use the Service.

1. Workspace Content. Workspace Content is collected, used, and shared by Asana in accordance with the Customer’s instructions, including any applicable terms in the Customer Agreement, or as required by applicable law. The Customer, and not Asana, determines its own, internal policies regarding storage, access, modification, deletion, sharing, and retention of Workspace Content which may apply to your use of the Service. For example, a Customer may provide or remove access to the Service, enable or disable third party integrations, manage permissions, retention and export settings, transfer or assign teams, or share projects. Please check with the Customer about the policies and settings that they have instituted with respect the Workspace Content that you provide when using the Service.
2. Account Information. To set up your Asana account, you or the Customer will provide us with basic information about you which may include your name, address, telephone number, email address, and password. You will then have the ability to provide optional profile information, such as a photograph or basic demographic data. With your permission, we may also upload calendar information stored on your mobile device to your account. If you submit payment information in connection with your use of the Service, we utilize a third party credit card payment processing company to collect payment information, including your credit card number, billing address, and phone number. In such circumstances, the third party service provider, and not Asana, stores your payment information on our behalf.
3. Service Usage Information. As you use the Service, we collect information about how you use and interact with the Service (“Service Usage Information”). Such information includes:
   • Device information – when you access the Service using a mobile device, we collect certain device information, including the type of device you are using, its operating system, and mobile network information, which may include your mobile phone number. We may also collect your MAC address and other unique device identifiers.
   • Log files – when you use the Service, our servers automatically record information in server log files. These log files may include information such as your web request, IP address, browser type and settings, referring/exit pages and URLs, number of clicks, date and time stamp information, language preferences, data from cookies and similar technologies, and other such information.
   • Location information – we collect and process general information about the location of the device from which you are accessing the Service (e.g., approximate geographic location inferred from an IP address).
   • Workspace Use Metadata – when you interact with the Service, metadata is generated that provides high-level (non-content) information about the way you work in your Workspace. For example, we may log the number of Workspaces you work in; the number of tasks to which you are assigned; the features and embedded Service content you interact with; the types of files you share; and what, if any, third party services and integrations you use.
4. Other Information. You may provide us with information when you interact with us in other ways, such as when you submit requests or questions to us via forms or email (e.g., support forms, sales forms, user research participation forms); information you provide in connection with Asana sweepstakes, contests, or research studies in which you choose to participate; beta testing; and requests for customer support and technical assistance (collectively, “Other Information”).
5. Information Collected from Third-Party Integrations. If you choose to use or connect to third-party integrations (e.g., OneDrive, Unito, Wufoo, Slack) through the Service, or if you are required or permitted to do so by a Customer, such third parties may allow us to have access to and store additional information about your interaction with those services as it relates to your use of the Service. If you initiate these connections, you also understand that we will share information about you that is required to enable your use of the third-party integration through the Service. If you do not wish to have this information shared, do not initiate these connections. By enabling these connections, you authorize us to connect and access the information provided through these connections, and you understand that the privacy policies of these third parties govern such connections.

C. How Does Asana Use Subscriber Information?

This section explains how Asana uses information collected from Subscribers.

1. Workspace Content. Asana may view and use Workspace Content collected from and about Subscribers only as necessary:
   • To maintain, provide and improve the Service
   • To prevent or address technical or security issues and resolve support requests
   • To investigate when we have a good faith belief, or have received a complaint alleging, that such Workspace Content is in violation of the Customer Agreement or our User Terms of Service
   • To comply with a valid legal subpoena, request, or other lawful process that meets the requirements of the Customer Agreement and our Law Enforcement Guidelines
   • As otherwise set forth in our Customer Agreement or as expressly permitted in writing by the Customer
2. Account Information, Service Usage Information, Information from Third Party Integrations, and Other Information. Asana may use these categories of information collected from and about Subscribers to:

• Maintain, provide, and improve the Service

• Respond to your requests for information

• Prevent or address technical or security issues and resolve support requests

• Investigate in good faith alleged violations of our User Terms of Service

• Comply with a valid legal subpoena, request, or other lawful process that meets the requirements of our Law Enforcement Guidelines

• Help us better understand user interests and needs, and customize the Service for our users

• Engage in analysis, research, and reports regarding use of the Service

• Protect the Service and our users

• Communicate with you via email and through the Service about important notices and updates regarding the Service, such as to inform you about changes in the Service, our service offerings, and important services-related notices, such as about security and fraud. Because these communications are an important part of the Service, you may not opt out of them

• In accordance with applicable legal obligations, communicate with you about promotions, offers, and news about Asana. You have the ability to unsubscribe from such promotional communications

• Provide cross-device management of your account. For example, we may locate or try to locate the same unique users across multiple browsers or devices (such as smartphones or tablets), or work with service providers that do this, in order to save your preferences across devices and analyze usage of the Service. If you wish to opt out of the ability of one our service providers, Google Analytics, to locate you across devices in this way, you may install the Google Analytics Opt-out Browser Add-on by clicking here

D. Sharing of Subscriber Information

In accordance with the applicable Customer Agreement, we may share the information we collect from Subscribers as follows:

• Affiliates and Subsidiaries. We may share the information we collect within the Asana family of companies.
• Service Providers. We may provide access to or share your information with select third parties that use the information only to perform services on our behalf. These third parties provide a variety of services to us, including without limitation sales, marketing, provision of content and features, analytics, data storage, security, fraud prevention, and other services.
• Business Transactions. If the ownership of all or substantially all of our business changes, we may transfer your information to the new owner so that the Service can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Policy until such time as the acquiring party modifies it. If such transfer is subject to additional mandatory restrictions under applicable laws, Asana will comply with such restrictions.
• Consistent with your settings within the Service. Please note that the Workspace Content you submit through the Service may be viewable by other users in your Workspace and within your organization, depending on the specific settings you and your organization have selected.

E. Aggregate De-Identified Data

We may aggregate and/or de-identify information collected through the Service so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and analytics, and may also share such data with any third parties, including partners, affiliates, services providers, and others.

F. Combined Information

We may combine the information that we collect through the Service with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Policy and the Customer Agreement.

G. Data Retention

We will retain your information for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or permitted by law, or where the Customer Agreement requires or permits specific retention or deletion periods.

H. Data Subject Rights

Please contact your Workspace owner(s) or administrator(s) to exercise any data subject rights you have under applicable local laws, including your ability to access, delete, rectify, transfer, or object under the GDPR.

III. Privacy Terms for Free Users

A. Overview

Section III of this Policy applies only to Free Users of the Service. If you are a Free User located in the European Union, Asana is the data controller with respect to the processing of your personal data pursuant to the GDPR.

B. Collection and Use of Free User Information

This section explains how we collect, process, and use the information collected from Free Users. We do not require Free Users to provide us with information. However, certain information, such as account log-in data, is required to provide you with access to the Service, and other information may be collected automatically as discussed below.

1. Information You Provide to Asana. Asana collects the following information submitted directly through the Service by Free Users:
   • The messages, attachments, files, tasks, project names, team names, channels, conversations, and other content submitted through the Service (collectively, the “Workspace Content”);
   • Information you provide as part of your account registration with Asana, which may include your name, organization name, address, telephone number, email address, username and password; optional information that you may choose to provide, such as a photograph or basic demographic data; and, with your permission, calendar information stored on your mobile device that you may elect to upload to your account (collectively, the “Account Information”); and
   • Information you provide in other interactions with us, such as requests or questions you submit to us via forms or email (e.g., support forms, sales forms, user research participation forms), information you provide in connection with Asana sweepstakes, contests, or research studies in which you choose to participate; beta testing; and requests for customer support and technical assistance (collectively, “Other Information”).
2. Service Usage Information. As you use the Service, we collect a variety of information about how you use and interact with the Service (“Service Usage Information”). Such information includes:
   • Device information – when you access the Service using a mobile device, we collect certain device information, including the type of device you are using, its operating system, and mobile network information, which may include your mobile phone number. We may also collect your MAC address and other unique device identifiers.
   • Log files – when you use the Service, our servers automatically record certain information in server log files. These log files may include information such as your web request, IP address, browser type and settings, referring / exit pages and URLs, number of clicks, date and time stamp information, language preferences, data from cookies and similar technologies, and other such information.
   • Location information – we collect and process general information about the location of the device from which you are accessing the Service (e.g., approximate geographic location inferred from an IP address).
   • Workspace Use Metadata – when you interact with the Service, metadata is generated that provides high-level (non-content) information about the way you work in your Workspace. For example, we may log the number of Workspaces you work in; the number of tasks to which you are assigned; the features and embedded Service content you interact with; the types of files you share; and what, if any, third party services and integrations you use.
3. Information Collected from Third Party Integrations. If you choose to use or connect to third-party integrations (e.g., OneDrive, Unito, Wufoo, Slack) through the Service, such third parties may allow us to have access to and store additional information about your interaction with those services as it relates to your use of the Service. Moreover, if you initiate these connections, you also understand that we will share information about you that is required to enable your use of the third-party integration through the Service. If you do not wish to have this information shared, do not initiate these connections. By enabling these connections, you authorize us to connect and access the information provided through these connections, and you understand that the privacy policies of these third parties govern such connections.
4. Information Collected from Other Third Parties. Asana may receive additional information about you, such as demographic information, from affiliates under common ownership and control, and from third parties, such as business partners, marketers, researchers, analysts, and other parties that we may use to supplement the information that we collect directly from you.

C. Use of Free User Information

Asana may use the information collected from Free Users to: - Maintain, provide, and improve the Service - Respond to your requests for information - Prevent or address technical or security issues and resolve support requests - Investigate in good faith alleged violations of our User Terms of Service - Comply with a valid legal subpoena, request, or other lawful process that meets the requirements of our Law Enforcement Guidelines - Help us better understand user interests and needs, and customize the Service for our users - Engage in analysis, research, and reports regarding use of the Service - Protect the Service and our users - Communicate with you via email and through the Service about important notices and updates regarding the Service, such as to inform you about changes in the Service, our service offerings, and important services-related notices, such as about security and fraud. Because these communications are an important part of the Service, you may not opt out of them - In accordance with applicable legal obligations, communicate with you about promotions, offers, and news about Asana. You have the ability to unsubscribe from such promotional communications - Provide cross-device management of your account. For example, we may locate or try to locate the same unique users across multiple browsers or devices (such as smartphones or tablets), or work with service providers that do this, in order to save your preferences across devices and analyze usage of the Service. If you wish to opt out of the ability of one our service providers, Google Analytics, to locate you across devices in this way, you may install the Google Analytics Opt-out Browser Add-on by clicking here

D. Legal Bases for Use of Your Information

If you are located in the EU, please note that the legal bases under the EU General Data Protection Regulation (“GDPR”) for using the information we collect through your use of the Service as a Free User are as follows:

• Where use of your information is necessary to perform our obligations under a contract with you (for example, to comply with the User Terms of Service which you accept by using the Service)
• Where use of your information is necessary for our legitimate interests or the legitimate interests of others (for example, to provide security for our Service; operate our Service; prevent fraud, analyze use of and improve our Service, and for similar purposes)
• Where use of your information is necessary to comply with a legal obligation
• Where we have your consent to process data in a certain way

E. Sharing of Free User Information

We share the information we collect through the Service about Free Users with the following:

• Affiliates and Subsidiaries. We may share the information we collect within the Asana family of companies.
• Service Providers. We may provide access to or share your information with select third parties that use the information only to perform services on our behalf. These third parties provide a variety of services to us, including without limitation sales, marketing, provision of content and features, advertising, analytics, research, data storage, security, fraud prevention, and other services.
• Business Transfers. If the ownership of all or substantially all of our business changes, we may transfer your information to the new owner so that the Websites can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Policy until such time as this Policy is updated or amended by the acquiring party upon notice to you. If such transfer is subject to additional mandatory restrictions under applicable laws, Asana will comply with such restrictions.
• Consent. We may also disclose your information to third parties with your consent to do so.
• Consistent with your settings within the Service. Please note that the Workspace Content you submit through the Service may be viewable by other users in your Workspace, depending on the specific settings you have selected.

F. Aggregate De-Identified Data

We may aggregate and/or de-identify information collected through the Service so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, sponsors, event promoters, and/or others.

G. Combined Information

For the purposes discussed in this Policy, we may combine the information that we collect through the Service with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Policy.

H. Data Retention

We will retain your information for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or permitted by law.

I. Data Subject Rights

Local legal requirements (such as those in the EU) may afford you additional rights. If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please contact us using the information in the “Asana Contact Info” section below at any time. Your local laws (such as those in the EU) may permit you to request that we:

• provide access to and/or a copy of certain information we hold about you
• prevent the processing of your information for direct-marketing purposes (including any direct marketing processing based on profiling)
• update information which is out of date or incorrect
• delete certain information which we are holding about you
• restrict the way that we process and disclose certain of your information
• transfer your information to a third party provider of services
• revoke your consent for the processing of your information

We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. We may request you provide us with information necessary to confirm your identity before responding to your request.

IV. Privacy Terms for Site Visitors

A. Overview

Section IV of this Policy applies only to Site Visitors.

If you visit the Websites, regardless of whether you are also a user of the Service, the following rules apply to you. To eliminate any confusion, please note that the terms in this section apply only to use of Asana’s Websites, not to use of the Service.

If you are a Site Visitor located in the European Union, Asana is the data controller with respect to the processing of your personal data pursuant to the EU General Data Protection Regulation (“GDPR”).

B. Collection and Use of Site Visitor Information

1. Information Collected from Site Visitors

   When you use the Websites, we collect the following information about you:

   • Contact Information – if you submit a request for information or a question through the Websites, you may be asked to provide us with basic information including your name, email address, phone number, and postal address. We will also keep records of the communication, the question/request you raised, and how it was resolved. If you choose to participate in an Asana sweepstakes, contest, or research study offered through the Websites, we will also collect basic contact information from you in connection with such activity.
   • Websites Usage Information – as you browse the Websites, we and our service providers (which are third party companies that work on our behalf to provide and enhance the Websites) use a variety of technologies, including cookies and similar tools, to assist in collecting information about how you use the Websites. For example, our servers automatically record certain information in server logs. These server logs may include information such as your web request, IP address, browser type and settings, referring / exit pages and URLs, number of clicks and how you interact with links on the Websites, domain names, landing pages, pages viewed, mobile carrier, mobile device identifiers and information about the device you are using to access the Websites, date and time stamp information and other such information.
   • Location Information – We collect and process general information about the location of the device from which you are accessing the Service (e.g., approximate geographic location inferred from an IP address).

2. Cookies and Similar Technologies

   To collect the Websites Usage Information discussed above, we and our service providers use Internet server logs, cookies, tags, SDKs, tracking pixels, and other similar tracking technologies. A web server log is a file where website activity is stored. An SDK is a section of code that we embed in our applications and software to allow third parties to collect information about how users interact with the Websites. A cookie is a small text file that is placed on your computer or mobile device when you visit a site, that enables us to: (i) recognize your computer and login session; (ii) store your preferences and settings; (iii) understand which pages of the Websites you have visited; (iv), enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests; (v) perform analytics; and (vi) assist with security and administrative functions. Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads and/or email, and that are designed to provide usage information like ad impressions or clicks, email open rates, measure popularity of the Websites and associated advertising, and to access user cookies. As we adopt additional technologies, we may also gather information through other methods. Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari).

3. Use of Information Collected from Site Visitors

   We use the information collected from Site Visitors for a variety of purposes including to:

   • Maintain, provide, and improve the Websites and the Service
   • Respond to your requests for information
   • In accordance with applicable legal obligations, communicate with you about promotions, offers, and news about Asana. You have the ability to unsubscribe from such promotional communications
   • Prevent or address technical or security issues
   • Investigate in good faith alleged violations of our User Terms of Service
   • Help us better understand Site Visitor interests and needs, and customize the advertising and content you see on the Websites
   • Engage in analysis and research regarding use of the Websites and the Service

C. Legal Bases

If you are located in the EU, please note that the legal bases under the GDPR for using the information we collect through your use of the Websites as a Site Visitor are as follows:

• Where use of your information is necessary to perform our obligations under a contract with you (for example, to comply with the User Terms of Service which you accept by browsing the Websites)
• Where use of your information is necessary for our legitimate interests or the legitimate interests of others (for example, to provide security for our Websites; operate our Websites; prevent fraud, analyze use of and improve our Websites, and for similar purposes)
• Where use of your information is necessary to comply with a legal obligation
• Where we have your consent to process data in a certain way

D. Aggregate/De-Identified Data

We may aggregate and/or de-identify information collected through the Websites so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, sponsors, event promoters, and/or others.

E. Combined Information

You agree that, for the purposes discussed in this Policy, we may combine the information that we collect through the Websites with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Policy. If, however, the collection of any information about you is governed by a Customer Agreement, information will only be combined and used in accordance with such Customer Agreement and the sections of this Policy applicable to Subscribers.

F. Website Analytics and Advertising

1. Website Analytics We may use third-party web analytics services on our Websites to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; and provide certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here.

2. Online Advertising The Websites may integrate third-party advertising technologies that allow for the delivery of relevant content and advertising on the Websites, as well as on other websites you visit. The ads may be based on various factors such as the content of the page you are visiting, information you enter such as your age and gender, your searches, demographic data, and other information we collect from you. These ads may be based on your current activity or your activity over time and across other websites and online services and may be tailored to your interests.

   Third parties, whose products or services are accessible or advertised via the Websites, may also place cookies or other tracking technologies on your computer, mobile phone, or other device to collect information about you as discussed above. We also allow other third parties (e.g., ad networks and ad servers such as Google Analytics, DoubleClick and others) to serve tailored ads to you on our Websites and other websites and to access their own cookies or other tracking technologies on your computer, mobile phone, or other device you use to access the Websites. We sometimes provide Site Visitor information (such as email addresses) to service providers, who may “match” this information in de-identified form to cookies (or mobile ad identifiers) and other proprietary IDs, in order to provide you with more relevant ads when you visit other websites.

   We neither have access to, nor does this Policy govern, the use of cookies or other tracking technologies that may be placed on your device you use to access the Websites by such non-affiliated third parties. If you are interested in more information about tailored browser advertising and how you can generally control cookies from being put on your computer to deliver tailored advertising, you may visit the Network Advertising Initiative’s Consumer Opt-Out link, the Digital Advertising Alliance’s Consumer Opt-Out link, or Your Online Choices to opt-out of receiving tailored advertising from companies that participate in those programs. To opt out of Google Analytics for display advertising or customize Google display network ads, visit the Google Ads Settings page. We do not control these opt-out links or whether any particular company chooses to participate in these opt-out programs. We are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms.

   Please note that if you exercise the opt-out choices above, you will still see advertising when you use the Websites, but it will not be tailored to you based on your online behavior over time.

3. Notice Concerning Do Not Track Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our Websites for third party purposes, and that is why we provide the variety of opt-out mechanisms listed above. However, we do not currently recognize or respond to browser-initiated DNT signals. To learn more about Do Not Track, you can do so here.

G. Sharing of Site Visitor Information

We share the information we collect through the Websites with the following:

• Affiliates and Subsidiaries. We may share the information we collect within the Asana family of companies.
• Service Providers. We may provide access to or share your information with select third parties that use the information only to perform services on our behalf. These third parties provide a variety of services to us, including without limitation sales, marketing, provision of content and features, advertising, analytics, research, data storage, security, fraud prevention, and other services.
• Business Transfers. If the ownership of all or substantially all of our business changes, we may transfer your information to the new owner so that the Websites can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Policy until such time as this Policy is updated or amended by the acquiring party upon notice to you. If such transfer is subject to additional mandatory restrictions under applicable laws, Asana will comply with such restrictions.
• Public Forums. The Websites makes it possible for you to upload and share comments or feedback publicly with other users, such as on the Asana community forum. Any information that you submit through such public features is not confidential, and Asana may use it for any purpose (including in testimonials or other Asana marketing materials). Any information you post openly in these ways will be available to the public at large and potentially accessible through third-party search engines. Such information can be read, collected and/or used by other users, and it could be used to send you unsolicited messages. Accordingly, please take care when using these features of the Websites.
• Consent. We may also disclose your information to third parties with your consent to do so.

H. Retention of Your Information

We will retain your information for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or permitted by law.

I. Data Subject Rights

Local legal requirements (such as those in the EU) may afford you additional rights. If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please contact us using the information in the “Asana Contact Info” section below at any time. Your local laws (such as those in the EU) may permit you to request that we:

• provide access to and/or a copy of certain information we hold about you
• prevent the processing of your information for direct-marketing purposes (including any direct marketing processing based on profiling)
• update information which is out of date or incorrect
• delete certain information which we are holding about you
• restrict the way that we process and disclose certain of your information
• transfer your information to a third party provider of services
• revoke your consent for the processing of your information

We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. We may request you provide us with information necessary to confirm your identity before responding to your request.

J. Third Party Links And Services

The Websites may contain links to third-party websites and functionalities. If you choose to use these third party services, you may disclose your information not just to those third-parties, but also to their users and the public more generally depending on how their services function. Because these third-party websites and services are not operated by Asana, Asana is not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your information will be subject to the privacy policies of the third party websites or services, and not this Policy. We urge you to read the privacy and security policies of these third-parties.

V. Additional Privacy Terms for All Users

The following additional information about Asana’s privacy practices apply to all users of Asana (Subscribers, Free Users, and Site Visitors).

A. International Users

Asana complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from the European Union and Switzerland to the United States, respectively. Asana has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement and Liability. If there is any conflict between the policies in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/. In compliance with the EU-US Privacy Shield and Swiss-US Privacy Shield Principles, Asana commits to resolve complaints about your privacy and our collection or use of your personal data. European Union or Swiss citizens with inquiries or complaints regarding this privacy policy should first contact Asana at: privacy@asana.com. Asana has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU Privacy Shield, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Asana, please visit the BBB EU Privacy Shield web site at https://www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. Asana is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with respect to its compliance with the provisions of the EU-US and Swiss-US Privacy Shield.

We may transfer information that we collect about you to third party processors across borders and from your country or jurisdiction to other countries or jurisdictions around the world. If you are located in the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that you are transferring information to a country and jurisdiction that does not have the same data protection laws as your jurisdiction. Asana will take reasonable and appropriate steps necessary to ensure that any third party who is acting as a “data processor” under EU and Swiss terminology is processing the personal data we entrust to them in a manner that is consistent with the EU-US and Swiss-US Privacy Shield Principles. Asana is potentially liable in cases of onward transfer to third parties of data of EU and Swiss individuals received pursuant to the EU-US and Swiss-US Privacy Shield, respectively.

B. Changes To Our Privacy Policy

We reserve the right to amend this Policy at any time to reflect changes in the law, our data collection and use practices, the features of our Service or Websites, or advances in technology. We will make the revised Policy accessible through the Service and Websites, so you should review the Policy periodically. If we make a material change to the Policy, we will comply with applicable legal requirements regarding providing you with notice and/or consent.

C. How We Protect Your Information

Asana takes technical and organizational measures to protect your information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. However, no method of transmission over the Internet, and no means of electronic or physical storage, is absolutely secure, and thus we cannot ensure or warrant the security of that information.

D. Marketing Practices and Choices

If you receive email from us, we may use certain analytics tools, such as clear GIFs, to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns. You may instruct us not to use your contact information to contact you by email, postal mail, or phone regarding products, services, promotions and special events that might appeal to your interests by contacting us at the “Asana Contact Info” section below. In commercial email messages, you can also opt out by following the instructions located at the bottom of such emails. Please note that, regardless of your request, we may still use and share certain information as permitted by this Policy or as required by applicable law. For example, you may not opt out of certain operational or service-related emails, such as those reflecting our relationship or transactions with you.

E. California Privacy Rights

California law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined by applicable California law) with third parties for their direct marketing purposes. However, Asana does not share your personal information with third parties for their own direct marketing purposes.

VI. Asana Contact Info

Asana is located at 1550 Bryant Street, Suite 200, San Francisco, CA 94103. If you wish to contact us or have any questions about or complaints in relation to this Policy, please contact us at privacy@asana.com.

Subscriber Agreement

Last Updated: July 31, 2019

This Subscriber Agreement (the “Agreement”) is entered into by and between Asana, Inc. (“Asana”) and the organization agreeing to the terms of this Agreement (“Customer”). This Agreement shall be effective on the earliest of (a) the date Customer clicks a button indicating its agreement with the terms of this Agreement; (b) Customer entering into an Order Form or similar form referencing or otherwise incorporating this Agreement; or (c) Customer’s use of the Service (the “Effective Date”). If you are entering into this Agreement on behalf of your organization, that organization is deemed to be the Customer and you represent that you have the power and authority bind that organization to this Agreement.

1 The Service.

1.1 Provision of the Service. Asana shall make the Service purchased under an Order Form available to Customer and its End Users pursuant to this Agreement during the applicable Subscription Term. The Service includes the features and functionality applicable to the version of the Service ordered by Customer. Asana may update the content, functionality, and user interface of the Service from time to time in its sole discretion.

1.2 Access Rights. Customer has a non-exclusive, non-sublicenseable, non-transferable (except as specifically permitted in this Agreement) right to access and use the Service pursuant to this Agreement during the applicable Subscription Term, solely for Customer’s internal business purposes subject to the limitations set forth in the Order Form.

1.3 Usage Restrictions. Customer shall not (a) make the Service available to, or use any Service for the benefit of, anyone other than Customer and its Affiliates; (b) rent, sublicense, re-sell, assign, transfer, distribute, time share, or similarly exploit the Service; (c) reverse engineer, copy, modify, adapt, hack the Service, or otherwise attempt to gain unauthorized access to the Service or its related systems or networks; (d) access the Service, the Documentation, or Asana’s Confidential Information to build a competitive product or service; (e) alter or remove, or permit any third party to alter or remove, any proprietary trademark or copyright markings incorporated in, marked on, or affixed to the Service; (f) allow End User Subscriptions to be shared or used by more than one individual End User (except that End User Subscriptions may be reassigned to new End Users replacing individuals who no longer use the Service for any purpose, whether by termination of employment or other change in job status or function); or (g) access or use the Service: (i) to send or store infringing, obscene, threatening, or otherwise unlawful material, including material violative of third-party privacy rights; (ii) in violation of applicable laws; (iii) to send or store material knowingly or intentionally containing software viruses, worms, Trojan horses or other harmful computer code, files, or scripts; or (iv) in a manner that interferes with or disrupts the integrity or performance of the Service (or the data contained therein).

1.4 Protection of Customer Data. Asana shall implement and maintain administrative, organizational, and technical safeguards designed for the protection, confidentiality, and integrity of Customer Data. If Customer Data includes personal data defined by EU Regulation 2016/679 (the General Data Protection Regulation or “GDPR”) and/or if such Customer Data is transferred outside the European Economic Area or Switzerland to any country not deemed by the European Commission as providing an adequate level of protection for personal data, the terms of the Asana Data Processing Addendum shall apply to such personal data and be incorporated into this Agreement upon the execution and submission of the Data Processing Addendum by Customer to Asana in accordance with its terms. Asana’s Data Processing Addendum may be accessed at https://asana.com/terms#data-processing.

1.5 Administration of Customer’s Account. Customer acknowledges that it retains administrative control over to whom it grants access to Customer Data hosted in the Service. Customer may specify an End User to be the billing owner and, depending on the Subscription, one or more End Users to be administrators (each an “Administrator”) to manage its account, and Asana is entitled to rely on communications from an Administrator when servicing Customer’s account. Depending on the version purchased by Customer, Customer’s Administrator(s) may have the ability to access, monitor, use, and/or export Customer Data. Customer is responsible for maintaining the security of End User accounts and passwords.

1.6 Compliance. Customer is responsible for use of the Service by its End Users and for their compliance with this Agreement. Customer is solely responsible for the accuracy, quality, legality, reliability, and appropriateness of all Customer Data. Customer shall ensure that it is entitled to transfer the relevant Customer Data to Asana so that Asana and its service providers may lawfully use, process, and transfer the Customer Data in accordance with this Agreement on Customer’s behalf. Customer shall promptly notify Asana if it becomes aware of any unauthorized use of or access to Customer’s account or the Service.

1.7 Suspension. Asana may request that Customer suspend the account of any End User who (a) violates this Agreement or Asana’s User Terms of Service; or (b) is using the Service in a manner that Asana reasonably believes may cause a security risk, a disruption to others’ use of the Service, or liability for Asana. If Customer fails to promptly suspend or terminate such End User’s account, Asana reserves the right to do so.

1.8 Customer’s Use of Third Party Services. Customer may install or enable third party services for use with the Service, such as online applications, offline software products, or services that utilize the Asana API in connection with Customer’s use of the Service (“Third Party Services”). Any acquisition and use by Customer or its End Users of such Third Party Services is solely the responsibility of Customer and the applicable third party provider. Customer acknowledges that providers of such Third Party Services may have access to Customer Data in connection with the interoperation and support of such Third Party Services with the Service. To the extent Customer authorizes the access or transmission of Customer Data through a Third Party Service, Asana shall not be responsible for any use, disclosure, modification, or deletion of such Customer Data or for any act or omission on the part of the third party provider or its service.

1.9 Trial Subscriptions. Customer may access a version of the Service on a trial basis (a “Trial”) subject to the terms of this Agreement; provided, however, the following additional terms shall apply to its Trial notwithstanding anything to the contrary herein: (a) Asana shall have the right to terminate a Trial at any time and for any reason; (b) Asana is providing the Service “as is” and makes no warranties (express or implied) of any kind with respect to the Service during the Trial; and (c) Asana shall have no obligation to indemnify Customer. CUSTOMER ACKNOWLEDGES THAT ITS TRIAL WILL AUTOMATICALLY CONVERT TO A SUBSCRIPTION AT THE END OF THE TRIAL AND THAT ASANA MAY CHARGE CUSTOMER FOR THE APPLICABLE SUBSCRIPTION FEES UNLESS CUSTOMER HAS NOTIFIED ASANA IN WRITING OF ITS DECISION TO OPT OUT DURING THE TRIAL.

2 Warranties.

2.1 By Asana. Asana warrants that during the applicable Subscription Term (a) the Service shall perform materially in accordance with the applicable Documentation; and (b) Asana shall not materially decrease the functionality of the Service.

2.2 By Customer. Customer warrants that (a) this Agreement is legally binding upon it and enforceable in accordance with its terms; (b) it has obtained all legally required consents and permissions from End Users for the submission and processing of personal data through the Service; and (c) the transfer and processing of Customer Data under the Agreement is lawful.

2.3 Disclaimer. EXCEPT AS EXPRESSLY PROVIDED FOR IN THIS SECTION, TO THE FULLEST EXTENT PERMITTED BY LAW, THE PROFESSIONAL SERVICES, SERVICE, AND ALL RELATED COMPONENTS AND INFORMATION ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT ANY WARRANTIES OF ANY KIND, AND ASANA AND ITS AFFILIATES EXPRESSLY DISCLAIM ANY AND ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. CUSTOMER ACKNOWLEDGES THAT ASANA DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE. ASANA IS NOT RESPONSIBLE FOR AND DISCLAIMS ALL LIABILITY RELATED TO DELAYS, DELIVERY FAILURES, INTERCEPTION, ALTERATION, OR OTHER DAMAGE RESULTING FROM MATTERS OUTSIDE OF ITS CONTROL, INCLUDING PROBLEMS INHERENT IN THE USE OF THE INTERNET, MOBILE AND PERSONAL COMPUTING DEVICES, TRANSMISSION OF ELECTRONIC COMMUNICATIONS OVER THE INTERNET OR OTHER NETWORKS, AND THIRD PARTY HOSTING SERVICE PROVIDERS.

3 Fees and Payment.

3.1 Subscription Fees. Customer’s Subscription fees are set forth in the applicable Order Form and are based on the number of End Users and version of the Service purchased. Customer shall pay all fees when due and is responsible for providing complete and accurate billing information to Asana. If such fees are being paid via credit card or other electronic means, Customer authorizes Asana to charge such fees using Customer’s selected payment method. Payment obligations are non-cancelable and fees paid are non-refundable unless otherwise provided herein. The number of End Users purchased under a Subscription cannot be decreased during the applicable Subscription Term. If Customer requires the use of a purchase order or purchase order number, Customer shall provide the purchase order number at the time of purchase. Where Customer designates use of a third-party payment processor network (such as a payment agent, for example), Customer shall be responsible for payment of all fees and charges associated with use of such network. Asana reserves the right to suspend Customer’s account, in addition to all of its other available rights and remedies, in the event that Customer’s account becomes overdue. Suspension shall not relieve Customer’s obligation to pay amounts due.

3.2 Auto-renewal. Customer agrees that its Subscription will automatically renew on an annual or monthly basis depending on Customer’s Subscription (the “Renewal Date”). Customer authorizes Asana to automatically charge Customer for the applicable fees on or after the Renewal Date unless the Subscription has been terminated or cancelled in accordance with this Agreement. If Customer wishes to reduce the number of End Users in its Subscription, it must do so prior to the Renewal Date. Customer must cancel its Subscription prior to the Renewal Date in order to avoid billing of the next period’s Subscription fees. Customer can cancel its Subscription anytime online by going into its account settings and following the instructions provided. If Customer chooses to cancel its Subscription during the Subscription Term, Customer may use the Service until the end of Customer’s then-current Subscription Term or renewal period, but will not be issued a refund for the most recently (or any previously) charged fees.

3.3 Calculation. Subscription fees are based on annual or monthly periods (or pro rata portions thereof, calculated on a daily basis) that begin on the Subscription start date and each annual or monthly anniversary thereof. Subscriptions to the Service are sold on a tiered basis based on the number of End Users. Customer shall purchase a Subscription to the Service for each End User, and the initial number of End Users and tier is reflected in the applicable Order Form. Customer may add End Users to its Subscription at any time on written notice to Asana (email notice acceptable). Asana reserves the right to calculate the total number of End Users periodically and, if the number of End Users exceeds Customer’s current Subscription, then Asana reserves the right to invoice Customer for the applicable tier on a pro rata basis for the remaining period in Customer’s Subscription Term, so that all End User Subscription Terms coincide and are co-terminus. Asana reserves the right to revise fee rates and/or the billable amount structure for the Service at any time and will provide Customer with notice pursuant to Section 11.4 below) of any such changes at least twenty (20) days prior. Asana may charge Customer the then-current pricing for the applicable Subscription if the number of End Users is modified and/or if Customer changes its Subscription plan.

3.4 Taxes. Any fees charged to Customer are exclusive of taxes. Except for those taxes based on Asana’s net income, Customer shall be responsible for all applicable taxes in connection with this Agreement including, but not limited to, sales, use, excise, value-added, goods and services, consumption, and other similar taxes or duties. Should any payment for the Service be subject to withholding tax by any government, Customer shall reimburse Asana for such withholding tax.

3.5 Future Features and Functionality. Customer agrees that any purchases under this Agreement are not contingent on the delivery of any future feature or functionality or dependent on any oral or written public or private comments made by Asana regarding future features or functionality. Asana may release Improvements and other features and functionality in its discretion. Some features and functionality may be available only with certain versions of the Service.

4 Term and Termination. This Agreement commences on the Effective Date and shall remain in effect until all Subscriptions to the Service granted in accordance with this Agreement have expired or been terminated. Either party may terminate this Agreement if the other party: (a) is in material breach of this Agreement and fails to cure such breach within twenty (20) days following receipt of written notice from the non-breaching party, except that termination will take effect on notice in the event of a breach of Section 1.3 (“Usage Restrictions”); or (b) ceases its business operations or becomes subject to insolvency proceedings and the proceedings are not dismissed within sixty (60) days. Upon expiration or termination of this Agreement for any reason, all Subscriptions and any other rights granted to Customer under this Agreement shall immediately terminate, and Asana may immediately deactivate Customer’s account(s) associated with the Agreement. In no event will any termination relieve Customer of the obligation to pay any fees accrued or payable to Asana. The following sections shall survive expiration or termination of this Agreement: Sections 1.3 (“Usage Restrictions”), 2 (“Warranties”), 3.1 (“Subscription Fees”), 3.4 (“Taxes”), 4 (“Term and Termination”), 5 (“Confidentiality”), 6 (“Intellectual Property Rights”), 7 (“Indemnification”), 8 (“Liability”), 9 (“Export Compliance”), 10 (“Use Outside the United States of America”), 11 (“Miscellaneous”), and 12 (“Definitions”).

5 Confidentiality.

5.1 Definition of Confidential Information. During the course of performance under this Agreement, each party may make available to the other party information that is not generally known to the public and at the time of disclosure is either identified as, or should reasonably be understood by the receiving party to be, proprietary or confidential (the “Confidential Information”). Confidential Information specifically includes, but is not limited to, the Service, any Order Form(s) entered into by the parties, Customer Data, Results, business plans, product plans and roadmaps, strategies, forecasts, projects and analyses, financial information and fee structures, business processes, methods and models, and technical documentation. Confidential Information does not include information that (a) is or becomes publicly available without breach of this Agreement by the receiving party; (b) was known to the receiving party prior to its disclosure by the disclosing party; (c) is or was independently developed by the receiving party without the use of any Confidential Information of the disclosing party; or (d) is or was lawfully received by the receiving party from a third party under no obligation of confidentiality.

5.2 Protection of Confidential Information. Except as otherwise expressly permitted under this Agreement, with the express prior written consent of the disclosing party, or as required by law, the receiving party will not disclose, transmit, or otherwise disseminate to a third party any Confidential Information of the disclosing party. The receiving party will use the same care and discretion with respect to the Confidential Information received from the disclosing party as it uses with its own similar information, but in no event less than a reasonable degree of care. The receiving party may disclose the disclosing party’s Confidential Information to its employees, Affiliates, consultants, subcontractors, agents, or advisors (“Representatives”) who have a strict need to access the Confidential Information for the purpose of performing under this Agreement and only to those who are obligated to maintain the confidentiality of such Confidential Information upon terms at least as protective as those contained in this Agreement. Either party may disclose the terms of this Agreement to potential parties to a bona fide fundraising, acquisition, or similar transaction solely for purposes of the proposed transaction, provided that any such potential party is subject to written non-disclosure obligations and limitations on use no less protective than those set forth herein.

5.3 Equitable Relief. The receiving party acknowledges that the remedy at law for breach of this Section 5 may be inadequate and that, in addition to any other remedy the disclosing party may have, it shall be entitled to seek equitable relief, including, without limitation, an injunction or injunctions (without the requirement of posting a bond, other security or any similar requirement or proving any actual damages), to prevent breaches or threatened breaches of this Section 5 by the receiving party or any of its Representatives and to enforce the terms and provisions of this Section 5 in addition to any other remedy to which the disclosing party is entitled at law or in equity.

5.4 Compelled Disclosure. The receiving party may access and disclose Confidential Information of the disclosing party if legally required to do so in connection with any legal or regulatory proceeding; provided, however, that in such event the receiving party will, if lawfully permitted to do so, notify the disclosing party within a reasonable time prior to such access or disclosure so as to allow the disclosing party an opportunity to seek appropriate protective measures. If the receiving party is compelled by law to access or disclose the disclosing party’s Confidential Information as part of a civil proceeding to which the disclosing party is a party, the disclosing party will reimburse the receiving party for the reasonable costs of compiling and providing secure access to such Confidential Information. Receiving party will furnish only that portion of the Confidential Information that is legally required to be disclosed, and any Confidential Information so disclosed shall maintain its confidentiality protection for all purposes other than such legally compelled disclosure.

5.5 Sensitive/Personal Information. Customer agrees that it shall not use the Service to send or store personal information subject to special regulatory or contractual handling requirements (e.g., Payment Card Industry Data Security Standards, the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, and any similar data protection laws) including without limitation: credit card information, credit card numbers and magnetic stripe information, social security numbers, driver’s license numbers, passport numbers, government issued identification numbers, health-related information, biometric data, financial account information, personally identifiable information collected from children under the age of 13 or from online services directed toward children, and real time geo-location data which can identify an individual, or information deemed “sensitive” under applicable law (such as racial or ethnic origin, political opinions, or religious or philosophical beliefs).

6 Intellectual Property Rights.

6.1 By Customer. Customer owns all right, title, and interest in and to Customer Confidential Information and Customer Data, including all related Intellectual Property Rights. Customer grants Asana and its authorized third party service providers a worldwide, non-exclusive license to host, copy, access, process, transmit, and display Customer Data: (a) to maintain, provide, and improve the Service and perform under this Agreement; (b) to prevent or address technical or security issues and resolve support requests; (c) to investigate in good faith an allegation that an End User is in violation of this Agreement or the Asana User Terms of Service; or (d) at Customer’s direction or request or as permitted in writing by Customer.

6.2 By Asana. Asana owns and will continue to own all right, title, and interest, including all related Intellectual Property Rights, in and to its Confidential Information, Results, and the Service, including any enhancements, customizations, or modifications thereto. Where Customer purchases Professional Services hereunder, Asana grants to Customer a non-sublicensable, non-exclusive license to use any reports and other materials developed by Asana as a result of the Professional Services (“Results”) solely in conjunction with Customer’s authorized use of the Service and in accordance with this Agreement.

6.3 Suggestions. Asana welcomes feedback from its customers about the Service and Professional Services. If Customer (including any End User) provides Asana with any feedback or suggestions regarding the Service or Professional Services (“Feedback”), Asana may use, disclose, reproduce, sublicense, or otherwise distribute and exploit the Feedback without restriction or any obligation to Customer or any End User provided that Asana shall not identify Customer or any End User as the source of such Feedback.

7 Indemnification.

7.1 By Customer. Customer shall defend Asana, its Affiliates, and their employees, officers, and directors (together, the “Asana Indemnified Parties”) from and against third party claims, actions, and demands arising from allegations that Customer Data, unauthorized use of the Service by Customer or its End Users, or Asana’s processing of data pursuant to Customer’s instructions infringes a third party’s Intellectual Property Right or privacy right (each, a “Claim Against Asana”), and Customer shall indemnify and hold the Asana Indemnified Parties harmless against any damages, reasonable attorneys’ fees, and costs finally awarded against Asana Indemnified Parties as a result of, or for any amounts paid by the Asana Indemnified Parties under a Customer-approved settlement of, a Claim Against Asana.

7.2 By Asana. Asana shall defend Customer, its Affiliates, and their employees, officers, and directors (together the “Customer Indemnified Parties”) from and against third party claims, actions, and demands alleging that Customer’s authorized use of the Service infringes or misappropriates any copyright, trade secret, U.S. patent, or trademark right of that third party (each, a “Claim Against Customer”), and Asana shall indemnify and hold the Customer Indemnified Parties harmless against any damages, reasonable attorneys’ fees, and costs finally awarded against Customer Indemnified Parties as a result of, or for any amounts paid by the Customer Indemnified Parties under an Asana-approved settlement of, a Claim Against Customer; provided, however, in no event will Asana have any obligations or liability under this Section 7.2 to the extent a Claim Against Customer arises from: (a) Customer or any End User’s use of the Service other than as permitted under this Agreement; or (b) use of the Service in a modified form or in combination with products, services, content, or data not furnished to Customer by Asana.

7.3 Potential Infringement. If the Service becomes, or in Asana’s reasonable judgment is likely to become, the subject of a claim of infringement, then Asana may in its sole discretion: (a) obtain the right, at Asana’s expense, for Customer to continue using the Service; (b) provide a non-infringing functionally equivalent replacement; or (c) modify the Service so that it is no longer infringing. If Asana, in its sole and reasonable judgment, determines that none of the above options are commercially reasonable, then Asana may suspend or terminate Customer’s use of the Service, in which case Asana’s sole liability (in addition to its obligations under Section 7.2) shall be to provide Customer with a prorated refund of any prepaid, unused fees applicable to the remaining portion of the Subscription Term. Sections 7.2 and 7.3 state Asana’s sole liability and the Customer Indemnified Parties’ exclusive remedy for infringement claims.

7.4 Indemnification Process. The party seeking indemnification shall provide prompt notice to the indemnifying party concerning the existence of an indemnifiable claim and shall promptly provide the indemnifying party with all information and assistance reasonably requested and otherwise cooperate fully with the indemnifying party in defending the claim. Failure to give prompt notice shall not constitute a waiver of a party’s right to indemnification and shall affect the indemnifying party’s obligations under this Agreement only to the extent that the indemnifying party’s rights are materially prejudiced by such failure or delay. The indemnifying party shall have full control and authority over the defense of any claim; provided, however, that any settlement requiring the party seeking indemnification to admit liability or make any financial payment shall require such party’s prior written consent, not to be unreasonably withheld or delayed.

8 Liability.

8.1 Limitation of Liability. EXCEPT FOR A PARTY’S INDEMNIFICATION OBLIGATIONS UNDER SECTION 7 (“INDEMNIFICATION”), IN NO EVENT SHALL EITHER PARTY’S OR ITS AFFILIATES’ AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT (WHETHER IN CONTRACT, TORT, NEGLIGENCE OR UNDER ANY OTHER THEORY OF LIABILITY) EXCEED THE TOTAL AMOUNT PAID OR PAYABLE BY CUSTOMER HEREUNDER IN THE 12 MONTHS IMMEDIATELY PRECEDING THE FIRST EVENT GIVING RISE TO LIABILITY.

8.2 Exclusion of Consequential and Related Damages. IN NO EVENT SHALL EITHER PARTY OR ITS AFFILIATES HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY LOST PROFITS, REVENUES, OR LOSS OF USE, OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY AND WHETHER OR NOT A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE. THE FOREGOING DISCLAIMER SHALL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.

8.3 The provisions of this Section 8 allocate the risks under this Agreement between the parties, and the parties have relied on these limitations in determining whether to enter into this Agreement.

9 Export Compliance. The Service may be subject to export laws and regulations of the United States and other jurisdictions. Customer represents that neither it nor any of its End Users are named on any U.S. government denied-party list. Customer shall not permit any End User to access or use any Service in a U.S.-embargoed country or region or in violation of any U.S. export law or regulation. Customer and its End Users shall not use the Service to export, re-export, transfer, or make available, whether directly or indirectly, any regulated item or information to anyone outside the U.S. in connection with this Agreement without first complying with all export control laws and regulations that may be imposed by the U.S. Government and any country or organization of nations within whose jurisdiction Customer operates or does business.

10 Use Outside the United States of America. The Service is controlled and operated by Asana from its offices in the United States of America. Except as explicitly set forth herein, Asana makes no representations that the Services are appropriate for use in other jurisdictions. Those who access or use the Service from other jurisdictions do so at their own risk and are responsible for compliance with local laws. Asana may offer services in other jurisdictions that are subject to different terms and conditions. In such instances, the terms and conditions governing those non-U.S. services shall take precedence over any conflicting provisions in this Agreement.

11 Miscellaneous.

11.1 Governing Law; Venue. This Agreement and any disputes arising under it will be governed by the laws of the State of California without regard to its conflict of laws provisions, and each party consents to the personal jurisdiction and venue of the state or federal courts located in San Francisco, California. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded.

11.2 Informal Dispute Resolution and Arbitration. The parties agree that most disputes can be resolved without resort to litigation. The parties agree to use their best efforts to settle any dispute directly through consultation with each other before initiating a lawsuit or arbitration. If, after good faith negotiations the parties are unable to resolve the dispute, the parties agree that any and all disputes arising out of or in any way relating to this Agreement, including without limitation its existence, validity or termination, shall be resolved according to California law and exclusively by binding arbitration before a single arbitrator with the Judicial Arbitration and Mediation Service (JAMS) and pursuant to the then existing arbitration rules at JAMS. If the parties cannot agree upon selection of an arbitrator, then JAMS shall appoint an arbitrator experienced in the enterprise software industry. The place of the arbitration will be San Francisco, California unless otherwise agreed upon by the parties. The arbitration will be conducted in English. The arbitrator shall provide detailed written findings of fact and conclusions of law in support of any award. Judgment upon any such award may be enforced in any court of competent jurisdiction. The parties further agree that the arbitration shall be conducted in their individual capacities only and not as a class action or other representative action, and the parties expressly waive their right to file a class action or seek relief on a class basis. If any court or arbitrator determines that the class action waiver set forth herein is void or unenforceable for any reason or that an arbitration can proceed on a class basis, then the portions of Section 11.3 mandating arbitration shall be deemed null and void in its entirety and the parties shall be deemed to have not agreed to arbitrate disputes. Customer may opt out and not be bound by the arbitration and class action waiver provisions by sending written notice to Asana. The notice must be sent within thirty (30) days of the Effective Date of this Agreement between Customer and Asana. If Customer opts out of arbitration, Asana also will not be bound to arbitrate. Notwithstanding the foregoing, either party shall be entitled to seek injunctive relief as set forth in Section 5.3 (“Equitable Relief”) above and to stop unauthorized use of the Service or infringement of Intellectual Property Rights. Disputes, claims, or controversies concerning either party’s Intellectual Property Rights or claims of piracy or unauthorized use of the Service shall not be subject to arbitration. The parties further agree that the prevailing party in any action or proceeding to enforce any right or provisions under this Agreement, including any arbitration or court proceedings, will be entitled to recover its reasonable costs and attorneys’ fees.

11.3 Notice. Asana may give general notices related to the Service that are applicable to all customers by email, text, in-app notifications, or by posting them on the Asana website or through the Service and such electronic notices shall be deemed to satisfy any legal requirement that such notices be made in writing. Other notices must be sent via email, first class, airmail, or overnight courier to the addresses of the parties provided herein or via an Order Form and are deemed given when received. Notices to Asana must be sent to Asana Legal at legal@asana.com with a copy to Asana, Inc., 1550 Bryant Street, Suite 200, San Francisco, CA 94103, Attn: Legal Dept.

11.4 Publicity. Asana may include Customer’s name and logo in Asana’s online customer list and in print and electronic marketing materials.

11.5 Beta Access. Customer may be invited to participate in review and testing of pre-release versions of new and beneficial tools and Service enhancements which may be identified to Customer as “alpha,” “beta,” “preview,” “pre-release,” “early access,” or “evaluation” product or services (collectively, the “Beta Tests” and such pre-release functionality, the “Beta Product”). Customer acknowledges and understands that its participation in Beta Tests is not required and is at Customer’s own risk, and that Beta Products are made available on an “as is” basis without warranties (express or implied) of any kind, and may be discontinued or modified at any time. Beta Products are for evaluation and testing purposes, not for production use, not supported, not subject to availability or security obligations, and may be subject to additional terms. Asana shall have no liability for any harm or damage arising out of or in connection with Beta Products. The Beta Products, including without limitation Customer’s assessment of any Beta Product, are Confidential Information of Asana.

11.6 Relationship of the Parties. The parties are and shall be independent contractors with respect to all services provided under this Agreement. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties. There are no third-party beneficiaries to this Agreement. Without limiting this Section, a Customer’s End Users are not third-party beneficiaries to Customer’s rights under this Agreement.

11.7 Force Majeure. Asana shall not be liable for delayed or inadequate performance of its obligations hereunder to the extent caused by a condition that is beyond Asana’s reasonable control, including but not limited to natural disaster, civil disturbance, acts of terrorism or war, labor conditions, governmental actions, interruption or failure of the Internet or any utility service, failures in third-party hosting services, and denial of service attacks (each a “Force Majeure Event”). Asana shall be relieved from its obligations (or part thereof) as long as the Force Majeure Event lasts and hinders the performance of said obligations (or part thereof). Asana shall promptly notify Customer and make reasonable efforts to mitigate the effects of the Force Majeure Event.

11.8 Severability; No Waiver. In the event that any provision of this Agreement is found to be invalid or unenforceable pursuant to any judicial decree or decision, such provision shall be limited or eliminated to the minimum extent necessary so that this Agreement shall otherwise remain in full force and effect and remain enforceable between the parties. No waiver of any term of this Agreement shall be deemed a further or continuing waiver of such term or any other term, and a party’s failure to assert any right or provision under this Agreement shall not constitute a waiver of such right or provision.

11.9 Assignment. Neither this Agreement nor any of the rights and licenses granted under this Agreement may be transferred or assigned by either party without the other party’s express written consent (not to be unreasonably withheld or delayed); provided, however, that either party may assign this Agreement and all Order Forms under this Agreement upon written notice without the other party’s consent to an Affiliate or to its successor in interest in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets not involving a direct competitor of the non-assigning party. Any other attempt to transfer or assign this Agreement will be null and void. Subject to the foregoing, this Agreement shall bind and inure to the benefit of the parties, their respective successors, and permitted assigns.

11.10 U.S. Government Agencies. If Customer is a U.S. Government agency utilizing Asana’s Service in an official capacity, Customer’s use of the Service shall be subject to this Subscriber Agreement and the Amendment to Asana Subscriber Agreement Applicable to U.S. Government Customers.

11.11 Modifications. Asana may revise this Agreement from time to time by posting the modified version on its website. If, in Asana’s sole discretion, the modifications proposed are material, Asana shall provide Customer with notice in accordance with Section 11.4 at least twenty (20) days prior to the effective date of the modifications being made. By continuing to access or use the Service after the posted effective date of modifications to this Agreement, Customer agrees to be bound by the revised version of the Agreement.

11.12 Entire Agreement. This Agreement, including all attachments, exhibits, addendums, and any Order Form(s) hereunder, constitutes the entire agreement between the parties concerning the subject matter hereof and supersedes and replaces any prior or contemporaneous representations, understandings and agreements, whether written or oral, with respect to its subject matter. The parties are not relying and have not relied on any representations or warranties whatsoever regarding the subject matter of this agreement, express or implied, except for the representations and warranties set forth in this Agreement. To the extent of any conflict or inconsistency between the provisions of the Agreement and any Order Form, the Agreement shall prevail. Notwithstanding any language to the contrary therein, no terms or conditions stated in a Customer purchase order, vendor onboarding process, web portal, or any other Customer order documentation shall be incorporated into or form any part of this Agreement, and all such terms or conditions shall be null and void.

11.13 Applicability. This Agreement applies to you if: (a) you are a new Customer or have become a new Customer on or after November 30, 2018; (b) you enter into a Trial of Asana that is subject to this Agreement; or (c) you click a button indicating your agreement with the terms of this Agreement or enter into an Order Form or similar form referencing or otherwise incorporating this Agreement.

12 Definitions.

12.1 “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means either: (a) ownership or control of more than 50% of the voting interests of the subject entity; or (b) the power to direct or cause the direction of the management and policies of an entity, whether through ownership, by contract, or otherwise.

12.2 “Customer Data” means information submitted by an End User through the Service, including all associated messages, attachments, files, tasks, project names, team names, channels, conversations, and other similar content.

12.3 “Documentation” means Asana’s then-current online user guides, as updated from time to time, and made accessible from within the “Help” feature of the Service.

12.4 “End User” means an individual who is authorized by Customer to use the Service under Customer’s account. End Users may include, without limitation, Customer’s or its Affiliates’ employees, consultants, contractors and agents.

12.5 “Intellectual Property Rights” means unpatented inventions, patent applications, patents, design rights, copyrights, trademarks, service marks, trade names, domain name rights, mask work rights, know-how and other trade secret rights, and all other intellectual property rights, derivatives thereof, and forms of protection of a similar nature anywhere in the world.

12.6 “Improvements” means new features, functionality, enhancements, upgrades, error corrections and bug fixes to the Service made generally available by Asana at no additional charge.

12.7 “Order Form” means an ordering document or an online order set forth in the Service interface entered into between Customer and Asana (or Affiliates of either party) specifying the Service or Professional Services (if any) to be provided under this Agreement.

12.8 “Professional Services” means the customer success services provided by Asana, as specified in the applicable Order Form.

12.9 “Service” means Asana’s collaboration work management software as a service platform, including any Improvements, as described in the applicable Order Form.

12.10 “Subscription” means the access to the Service purchased by Customer on a per End User basis.

12.11 “Subscription Term” means the period identified in the Order Form during which Customer’s End Users are permitted to use or access the Service pursuant to the terms set forth in this Agreement.

Asana Cookies Policy

Effective Date: October 19, 2017

We use and allow certain other companies to use cookies, web beacons, and other similar technologies (collectively “Cookies”) on our Services. We do this to understand your use of our Services; improve your user experience and enable personalized features and content; optimize our advertisements and marketing; and to enable third-party advertising companies to assist us in serving ads specific to your interests across the Internet. You can find more information about Cookies at: www.allaboutcookies.org.

What are Cookies?

Cookies are text files containing small amounts of information which are downloaded to the browser that you use when you visit a site. The entity that places cookies on your browser can then read the information on that cookie that it set. Cookies are typically classified as either “session cookies” which do not stay on your device after you close your browser or “persistent cookies” which will usually remain on your device until you delete them or they expire. Different cookies are used to perform different functions:

• Essential Cookies: Some cookies are essential and enable you to move around the Services and use their features, such as accessing secure areas of the Services. Without these cookies, we cannot enable appropriate content based on the type of device you are using. Functionality Cookies: These cookies allow us to remember choices you make on our websites (such as your preferred language or the region you are in).
• Personalization Cookies: We also use cookies to change the way our Services behave or look in order to personalize your experience from information we infer from your behavior on our Services or information we may already know about you because, for example, you are a registered user. These cookies may be used to tailor the Services or the content, look and feel delivered to you on subsequent sessions to our Services. For example, if you personalize webpages, or use specific parts of the Services, a cookie helps our webpage server recall your specific information. When you next use the Services, the information you previously provided can be retrieved, so you can easily use the Services features that you previously chose.
• Analytics Cookies: We use our own cookies and/or third-party cookies and other identifiers (such as web beacons) to see how you use our Services in order to enhance their performance and develop them according to the preferences of our customers and visitors. For example, cookies and web beacons may be used to: maintain a consistent look and feel across our Services; track and provide trend analysis on how our users interact with our Services; track errors and measure the effectiveness of our promotional campaigns.
• Advertising Cookies: These cookies record your visit to our Services, your opening and review of our emails, the pages you have visited, and the links you have clicked. They gather information about your browsing habits and remember that you have visited a website. We or our service providers may use this information to make advertisements more relevant to you.
• Cross-Device Cookies: Sometimes, we may use cookies in combination with the information we collect — for instance, usernames, IP addresses and unique mobile device identifiers — to locate or try to locate the same unique users across multiple browsers or devices (such as smartphones or tablets), or work with service providers that do this, in order to save your preferences across devices and analyze usage of the Services.

Third-Party Cookies

Please note that third parties (including for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies on our Services. We used trusted partners like DoubleClick and Google AdWords to help us service advertising. We also use Google Analytics on our Services to help us analyze how our Services are used. Google Analytics uses performance cookies to track visitor interactions. For example, by using cookies, Google can tell us which pages our users view, which are most popular, what time of day our websites are visited, whether visitors have been to our websites before, what website referred the visitor to our websites, and other similar information.
We have little control over these “third party” cookies, so we suggest that you check the respective privacy policies for these external services to help you understand what data these organizations hold about you and what they do with it.

• DoubleClick: http://www.google.com/policies/technologies/ads/
• Facebook: https://www.facebook.com/policy.php
• Google AdWords: https://support.google.com/adwords/answer/2549116?hl=en
• Google Analytics: http://www.google.com/analytics/learn/privacy.html
• Google Tag Manager: https://www.google.com/analytics/tag-manager/faq/
• Google+: https://www.google.com/policies/privacy/
• Twitter: https://twitter.com/privacy?lang=en
• YouTube: https://www.youtube.com/static?template=privacy_guidelines

Web Beacons

We may also use electronic images known as web beacons on our Services - sometimes called “clear GIFs”, “single-pixel GIFs”, or “web bugs”. Web beacons are used to deliver cookies on our Services, count clicks/users/visitors, and deliver co-branded content or services. We may include web beacons in our promotional e-mail messages or newsletters to determine whether messages have been opened and acted upon. Our Services may also contain web beacons from third parties to help us compile aggregated statistics regarding the effectiveness of our promotional campaigns or other website operations. These web beacons may allow the third parties to set or read cookies on your device.

Controlling Cookies

There are a number of ways you can manage what cookies are set on you devices. Essential cookies, however, cannot be disabled. If you do not allow certain cookies to be installed, the Services may not be accessible to you and/or the performance, features, or Services of the website may be compromised.

1. Advertising Cookies

If you would like to disable advertising cookies, you can visit http://www.youronlinechoices.com. If you choose to turn off these cookies you will still see advertising on the internet but it may not be tailored to your interests. It does not mean that you won’t be served any advertisements while online. You can also manage this type of cookie in the privacy settings on the web browser you are using. Please see below for more information.

2. Browser Settings

You can disable and/or delete most types of cookies by using your browser settings. Please note that if you use your browser settings to block all cookies you may not be able to access parts of our or others’ services. The following links provide information on how to modify the cookies settings on some popular browsers:

• Apple Safari http://support.apple.com/kb/PH5042
• Google Chrome https://support.google.com/chrome/bin/answer.py?hl=en&answer=95647&p=cpn_cookies
• Microsoft Internet Explorer http://windows.microsoft.com/en-US/windows7/How-to-manage-cookies-in-Internet-Explorer-9
• Mozilla Firefox http://support.mozilla.org/en-US/kb/Cookies

3. Cross-Device Cookies

If you wish to opt out of our ability to track you across devices, you may install the Google Analytics Opt-out Browser Add-on by clicking here.

Do Not Track Signals

There is no uniform or consistent standard or definition for responding to, processing, or communicating Do Not Track signals. At this time the Services do not function differently based a user’s Do Not Track signal. For more information on Do Not Track signals, see All About Do Not Track.

More Information

If you have any questions about how we use cookies, you can contact us at terms-questions@asana.com.

DMCA Policy

We respect artist and content owner rights and we expect our users to do the same. It is our policy to respond to claims of infringement in compliance with the Digital Millennium Copyright Act of 1998 (“DMCA”). If you are a copyright owner, or authorized on behalf of one, and you believe that the copyrighted work has been copied in a way that constitutes copyright infringement that is taking place through the Service, please complete the following DMCA Notice and deliver it to our Designated DMCA Agent at the contact information provided below.

You must provide the following information in writing in your DMCA Notice:

1. Identify the copyrighted work that you claim has been infringed;
2. Identify the material that is claimed to be infringing and where it is located on the Service;
3. Provide reasonably sufficient information to permit us to contact you, such as your address, telephone number, and, e-mail address;
4. Provide a statement that you have a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or law;
5. Provide a statement, made under penalty of perjury, that the above information is accurate, and that you are the copyright owner or are authorized to act on behalf of the owner; and
6. Provide an electronic or physical signature of a person authorized to act on behalf of the copyright owner;

Deliver the DMCA Notice, with the above information completed, to our Designated DMCA Agent at:

UNDER FEDERAL LAW, IF YOU KNOWINGLY MISREPRESENT THAT ONLINE MATERIAL IS INFRINGING, YOU MAY BE SUBJECT TO CRIMINAL PROSECUTION FOR PERJURY AND CIVIL PENALTIES, INCLUDING MONETARY DAMAGES, COURT COSTS, AND ATTORNEYS’ FEES.

Please be aware that this procedure is only for notifying us that your copyrighted material has been infringed. The preceding requirements are intended to comply with our rights and obligations under the DMCA, including 17 U.S.C. §512(c), but do not constitute legal advice.

In accordance with the DMCA and other applicable law, we have adopted a policy of terminating, in appropriate circumstances, users who are deemed to be repeat infringers. We may also limit access to the Service and/or terminate the accounts of any users who infringe any intellectual property rights of others, whether or not there is any repeat infringement.

For questions about these or any Asana terms or policies, email us at terms-questions@asana.com.

Asana API Terms and Conditions

Last Updated: May 1, 2019

Thank you for using the Asana Application Programming Interfaces (the “Asana APIs”). These API Terms and Conditions (the “API Terms”), together with the Asana Terms of Service, form a binding contract between you, or the company or legal entity that you represent, and Asana. As used in these API Terms, “we,” “our” and “us” refers to Asana, and “you,” and “your,” refers to the individual, company or legal entity that you represent.

By agreeing to these API Terms, you agree to abide by these API Terms and any and all guidelines or other documentation provided by Asana for use in connection with the Asana APIs (the “API Documentation”). In the event of any inconsistency between these API Terms and the Terms of Service, these API Terms shall control.

Some of these API Terms apply to your own use of the Asana APIs to develop, test, and support Your Application, while others apply to your access and use of the Asana APIs to receive, modify, use, and display User Content from the Asana Service in Your Application or to distribute Your Application to end users and allow such end users to access your integration of the Asana APIs within Your Application. Not all of the provisions of these API Terms may apply to your specific use of the Asana APIs in each instance.

If you are accepting these API Terms on behalf of a company or other legal entity, you represent and warrant that you have the legal authority to bind such entity to these API Terms.

1. License Grants and Restrictions.
   1. API License Grant. Subject to your compliance with these API Terms, we grant you a non-exclusive, revocable, non-transferable and non-sublicensable license to (i) access and use the Asana APIs and API Documentation to receive, modify, use, and display user content (the “User Content”) from the Asana service (the “Asana Service”) in your website or native application for mobile devices (“Your Application”) subject to the permissions of the relevant users’ accounts; (ii) use the Asana APIs, API Documentation, or User Content to develop, test, and support Your Application, and (iii) distribute Your Application to end users and to allow such end users to access your integration of the Asana APIs within Your Application. You may not use the Asana APIs for any other purpose without Asana’s prior written consent. If you are integrating the Asana APIs in Your App, you may charge for Your Application; however, you may not sell, rent, lease, sublicense, redistribute, or syndicate access to the Asana APIs.
   2. Trademark License Grant. Subject to your compliance with these API Terms, we grant you a non-exclusive, revocable, non-transferable and non-sublicensable license to reproduce and display the Asana name and logo (the “Asana Marks”) in accordance with the Asana Trademark Guidelines and solely to promote or advertise your integration of the Asana APIs in Your Application.
   3. All of our rights not expressly granted by these API Terms are hereby retained.
   4. In connection with your use of the Asana APIs, you must:
      1. Obtain the explicit consent of the user before collecting, using, posting, or sharing any User Content obtained through the Asana APIs on a user’s behalf. Mere authorization of your application by the user does not constitute consent.
      2. Comply with the Asana Terms of Service
      3. Comply with any requirements or restrictions imposed on usage of User Content by the owner of such content. Although the Asana APIs can be used to provide you with access to User Content, neither Asana’s provision of the Asana APIs to you nor your use of the Asana APIs overrides any requirements or restrictions placed on such User Content by the user or a third party with a legal interest in the User Content.
      4. Maintain a user agreement and privacy policy for Your Application, which is prominently identified or located where users download or access Your Application. Your privacy policy must meet applicable legal standards and describe the collection, use, storage and sharing of data in clear, understandable and accurate terms. You must promptly notify us in writing via email to terms-questions@asana.com of any breaches of your user agreement or privacy policy that impact or may impact users of the Asana APIs, the Service, or the Website.
      5. Obtain the consent of a user prior to deleting or destroying any of the content associated with their Asana account.
      6. Provide attribution to Asana as the source of data in accordance with the following guidelines:
         1. Display an Asana Mark so it is clear to the user that the data is from Asana.
         2. Link the logo in such Asana Mark to https://asana.com.
         3. Comply at all times with trademark guidelines provided by Asana when using or displaying the Asana Marks.
   5. You (and Your App) May Not:
      1. Access, store, or share User Content to which the user has not granted you explicit access rights, or user’s login credentials.
      2. Make requests that exceed our rate limits or use the Asana APIs in a manner that impacts the stability of Asana’s servers or impacts the behavior of other applications using the Asana APIs.
      3. Engage in any activity that (i) compromises, breaks, or circumvents any of our technical processes or security measures associated with the Asana APIs, the Service, or the Website or (ii) poses a security vulnerability to other users.
      4. Use “nofollow” tags on your links to Asana. All links back to Asana should be followable.
      5. Request or publish information impersonating an Asana user or misrepresent any user or other third party in requesting or publishing information.
      6. Create or disclose metrics about, or perform any statistical analysis of, the Asana APIs.
      7. Display Asana’s Marks or User Content in a manner that could reasonably imply an endorsement, relationship or affiliation with or sponsorship between you or a third party and Asana, other than your permitted use of the Asana APIs under these API terms.
      8. Display the User Content on any site that disparages Asana or its products or services, or infringes any Asana intellectual property or other rights.
      9. Copy, sell, rent, lease, transfer, assign, sublicense, disassemble, reverse engineer or decompile (except to the limited extent expressly authorized under applicable statutory law), modify or alter any part of the Asana APIs.
      10. Sell, rent, lease, share, transfer, assign, or sublicense any User Content or other information or data obtained through the Asana APIs, directly or indirectly, to or with any third party, including any data broker, ad network, ad exchange, or other advertising or monetization-related party.
      11. Use the User Content in any advertisements or for purposes of targeting advertisements (whether such advertisements appear in Your Application or elsewhere).
      12. Attempt to cloak or conceal your identity or your application’s identity when requesting authorization to use the Asana APIs.
      13. Use the Asana APIs for any application that constitutes, promotes or is used primarily for the purpose of dealing in: 1. spyware or any other malicious programs or code; 2. activities that violate any law or regulation, or any rights of any person, including but not limited to intellectual property rights; 3. activities that, in Asana’s sole judgment, are offensive or might harm Asana’s business or its reputation.
      14. Access the Asana APIs or API Documentation in order to replicate or compete with the Asana APIs, the Service, or the Website.
2. Usage Limitations. Asana may limit the maximum User Content that may be accessed, the rate at which such User Content may be accessed, and/or the number of network calls that Your Application may make via the Asana APIs. Asana may change such usage limits at any time, and/or may utilize technical measures to prevent over-usage and/or stop usage of the Asana APIs by an application after any usage limitations are exceeded.
3. Fees and Payment. The Asana APIs are currently provided for free, but Asana reserves the right to charge fees for the future use of or access to the Asana APIs. If we do charge a fee for use of the Asana APIs, we will provide you with reasonable notice and you can stop using the Asana APIs at any time.
4. Suspension and Termination. Your license to utilize the Asana APIs and the Asana Marks shall continue until it is terminated by either party as set forth herein. You may terminate this license at any time by discontinuing use of the Asana APIs. Asana may suspend or terminate your right and license to use all or any of the Asana APIs or the API Documentation at any time, with or without cause, and without notice to you. Upon termination of your license for any reason, you shall destroy and remove from all computers, hard drives, networks, and other storage media all copies of User Content and Asana Marks.
5. Disclaimer of Any Warranty. Asana does not represent or warrant that any Asana APIs are free of inaccuracies, errors, bugs or interruptions, or are reliable, accurate, complete or otherwise valid. THE ASANA APIs ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITH NO WARRANTY OF ANY KIND AND ASANA EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES AND CONDITIONS, INCLUDING, BUT NOT LIMITED TO, ANY AND ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AVAILABILITY, SECURITY, TITLE AND/OR NON-INFRINGEMENT. WE DO NOT WARRANT THAT THE ASANA APIs WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE. YOUR USE OF THE ASANA APIs IS AT YOUR OWN DISCRETION AND RISK, AND YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE THAT RESULTS FROM THE USE OF ANY ASANA APIs INCLUDING, BUT NOT LIMITED TO, ANY DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS OF DATA.
6. Limitation of Liability. ASANA SHALL NOT, UNDER ANY CIRCUMSTANCES, BE LIABLE TO YOU FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL OR EXEMPLARY DAMAGES ARISING OUT OF OR IN CONNECTION WITH USE OF THE ASANA APIs, WHETHER BASED ON BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE, PRODUCT LIABILITY OR OTHERWISE), OR ANY OTHER PECUNIARY LOSS, WHETHER OR NOT ASANA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT WILL OUR AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE API TERMS (WHETHER IN CONTRACT OR TORT OR UNDER ANY OTHER THEORY OF LIABILITY) EXCEED $100. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES OR THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES. ACCORDINGLY, SOME OF THE LIMITATIONS IN SECTIONS 5-7 MAY NOT APPLY TO YOU. IF YOU ARE A NEW JERSEY RESIDENT, OR A RESIDENT OF ANOTHER STATE THAT PERMITS THE EXCLUSION OF THESE WARRANTIES AND LIABILITIES, THEN THE ABOVE LIMITATIONS SPECIFICALLY DO APPLY TO YOU.
7. Release and Waiver. To the maximum extent permitted by applicable law, you hereby release and waive all claims against Asana, and its subsidiaries, affiliates, officers, agents, licensors, co-branders or other partners, and employees from any and all liability for claims, damages (actual and/or consequential), costs and expenses (including litigation costs and attorneys’ fees) of every kind and nature, arising from or in any way related to your use of the Asana APIs, the User Content or the Asana Marks. If you are a California resident, you waive your rights under California Civil Code 1542, which states, “A general release does not extend to claims which the creditor does not know or suspect to exist in his favor at the time of executing the release, which if known by him must have materially affected his settlement with the debtor.” You understand that any fact relating to any matter covered by this release may be found to be other than now believed to be true and you accept and assume the risk of such possible differences in fact. In addition, you expressly waive and relinquish any and all rights and benefits that you may have under any other state or federal statute or common law principle of similar effect, to the fullest extent permitted by law.
8. Indemnification. To the maximum extent permitted by applicable law, you agree to indemnify and hold harmless Asana and its subsidiaries, affiliates, officers, agents, licensors, co-branders or other partners, and employees from any and all third party claims arising from or in any way related to your use of the Asana APIs, including any liability or expense arising from all claims, losses, damages, liabilities, costs and fees (including reasonable attorneys’ fees) of every kind and nature. Notwithstanding anything contained in the preceding sentence, (a) we will always be free to choose our own counsel if we pay for the cost of such counsel; and (b) no settlement may be entered into by you, without our express written consent (such consent not to be unreasonably withheld), if: (i) the third party asserting the claim is a government agency, (ii) the settlement arguably involves the making of admissions, (iii) the settlement does not include a full release of liability, or (iv) the settlement includes terms other than a full release of liability and the payment of money.
9. Remedies. You acknowledge that your breach of these API terms may cause irreparable harm to Asana, the extent of which would be difficult to ascertain. Accordingly, you agree that, in addition to any other remedies to which Asana may be legally entitled, Asana shall have the right to seek immediate injunctive relief in the event of a breach of these API terms by you or any of your officers, employees, consultants or other agents.
10. General Terms.
    1. Publicity. You grant us the right to use your company name and logo as a reference for marketing or promotional purposes on our website and in other public or private communications with our existing or potential developers and customers, subject to your standard trademark usage guidelines as provided to us from time-to-time.
    2. Relationship of the Parties. You and Asana are independent contractors and these API Terms do not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties. You shall not have any authority to assume or create any obligation for or on behalf of Asana, express or implied, and you shall not attempt to bind Asana to any contract without its express consent.
    3. Severability. If any provision of these API Terms is found by a court of competent jurisdiction to be invalid, the parties nevertheless agree that the court should endeavor to give effect to the parties’ intentions as reflected in the provision and that the other provisions remain in full force and effect.
    4. Governing Law. These API Terms and the relationship between you and Asana shall be governed by the laws of the State of California without regard to its conflict of law provisions. You and Asana agree to submit to the personal jurisdiction of the courts located within the city and county of San Francisco, CA.
    5. No Waiver. Asana’s failure to exercise or enforce any right or provision of these API Terms shall not constitute a waiver of such right or provision.
    6. Survival. Sections 1.3, 4, 5, 6, 7, 8, and all of the subsections of Section 10 will survive any termination or expiration of the API Terms.
    7. Entire Agreement. These API Terms, together with the Asana Terms of Service, constitute the entire agreement between the parties and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. In the event of any inconsistency between these API Terms and the Asana Terms of Service, these API Terms shall control.

For questions about these or any Asana terms or policies, email us at terms-questions@asana.com.

Law Enforcement Data Request Guidelines

These guidelines are intended to provide law enforcement authorities with information regarding the process for requesting records from Asana. So that we can ensure compliance with our user Terms of Service and Privacy Policy, we respond only to law enforcement requests that adhere to established legal process and applicable law.

1. U.S. Legal Process Requirements. We disclose user information solely in accordance with our published Terms of Service and applicable U.S. law, including the federal Stored Communications Act (“SCA”), 18 U.S.C. Sections 2701-2712. In accordance with U.S. law:
   1. A jurisdictionally valid subpoena, issued in connection with an official criminal investigation, is required to compel the disclosure of basic user records, which may include name, length of service, credit card information (including billing address), email address(es), and an IP address, if available.
   2. A court order is required to compel the disclosure of certain records or other information related to a user account (not including contents of communications), which may include message headers and IP addresses, in addition to the basic user records identified above.
   3. A search warrant properly issued under the procedures described in the Federal Rules of Criminal Procedure or equivalent state warrant procedures, based on a showing of probable cause, is required to compel the disclosure of the stored contents of any account, which may include messages, attachments, or other content of communications within a user’s account.
2. International Legal Requirements. In the case of requests from law enforcement outside of the U.S., a Mutual Legal Assistance Treaty (MLAT) request or letter rogatory may be required to compel the disclosure of the contents of an account.
3. Account Preservation Requests. We will take reasonable steps to preserve account records in connection with official criminal investigations for a period of 90 days pending our receipt of a formal legal request for user data. You may request the preservation of records via email, fax or mail as indicated below.
4. Information Required in Connection With Your Request.
   4. Your Contact Information.
      1. Requesting Agency’s name
      2. Requesting Agent’s name
      3. Requesting Agent’s badge/identification number
      4. Requesting Agent’s Agency-issued Email address
      5. Requesting Agent’s telephone number, including extension
      6. Requesting Agent’s mailing address (PO Box not acceptable)
      7. Requested response date (please allow at least 3 weeks for processing)
   5. Data Request Information
      8. Full (first and last) name of the Asana User
      9. Email address(es) associated with the User’s account
      10. A clear and specific description of the data being requested (we will be unable to process overly broad or vague requests)
5. Data Availability. We will search for and disclose data that is specified with particularity in an appropriate form of legal process and which we are reasonably able to locate and retrieve.
6. User Notification. Asana’s policy is to notify users of requests for their information, which includes a copy of the request, prior to disclosure so that they may have an opportunity to challenge such request unless: (a) we are prohibited from doing so by law or court order; (b) there are exceptional circumstances, such as an emergency involving the risk of bodily injury or death to a person or group of people or potential harm to minors; or (c) prior notice would be counterproductive (for example, if we believe that the account in question has been hijacked). Law enforcement officials who believe that notification would jeopardize an investigation should obtain a proper court order or other appropriate process establishing that notice is prohibited. Please note that Officer authored affidavits, cover letters or similar statements are not sufficient to preclude notice to our users. Please note that in situations where a data request draws attention to an ongoing violation of our Terms of Service we may, in order to protect our service and its Users, take action to prevent any further abuse, including actions that could notify the User(s) who are the subject of your data request that we are aware of their misconduct.
7. Submitting Your Request. A data request may be served by fax to (415) 484-7702, by certified mail, express courier, or in person at our corporate headquarters at the following address: Asana, Inc., 1550 Bryant Street, 8th Floor, San Francisco, CA 94103

For questions about these or any Asana terms or policies, email us at terms-questions@asana.com.

Amendment to Asana Subscriber Agreement

Applicable to U.S. Government Customers

Last Updated: May 29, 2015

This is a supplemental agreement (“Amendment”) between Asana and U.S. Government customers (the “Customer” or the “Agency”) and applies to the Agency’s use of Asana’s collaborative workplace management service (the “Service”) under Asana’s Premium Subscriber Agreement (the “Subscriber Agreement”).

The reason for this Amendment is that the Customer, a U.S. Government instrumentality, is obligated to follow federal laws, regulations, and practices, among which are those relating to ethics, advertising and endorsements, tax exemption and immunity, limitations on indemnification, fiscal law constraints, governing law and jurisdiction, dispute resolution, and assignment of contracts.

Asana and Agency (the “Parties”) agree that modifications to the Subscriber Agreement available at #subscriber-agreement are appropriate to accommodate the Agency’s legal status, its public mission, and other special circumstances. Therefore, the Subscriber Agreement is modified by this Amendment as follows.

A. Government entity: As it relates to the Agency’s usage of the Service, the word “Customer” in the Subscriber Agreement shall mean the Agency itself and shall not apply to, nor bind (i) the individual(s) who utilize the Asana Service on the Agency’s behalf, or (ii) any individual users who happen to be employed by, or otherwise associated with, the Agency. Asana will look solely to the Agency to enforce any violation or breach of the Subscriber Agreement by such individuals, subject to federal law.

B. Advertisements: Asana agrees not to serve or display any third-party commercial advertisements or solicitations on any pages within the Asana site that display content uploaded by or under the control of the Agency.

C. Taxes: With reference to Section 5 of the Subscriber Agreement, the Parties understand that the Federal Acquisition Regulation (FAR) 29.302 (48 CFR, Chapter 1, Part 29, Subpart 29.302 – Application of State and local taxes to the Government) states that “Generally, purchases and leases made by the Federal Government are immune from State and local taxation.” Therefore, Asana will include no tax in Agency billings unless the tax has been determined by the Agency to be proper for payment.

D. Indemnification, Liability, Statute of Limitations: Any provisions in the Subscriber Agreement related to indemnification by the customer, damages, attorneys fees, filing deadlines, defense of lawsuits, collection expenses, and settlement are hereby waived. Liability of either party for any breach of the Subscriber Agreement as modified by this Amendment, or any claim, demand, suit or proceeding arising from the Subscriber Agreement or this Amendment, shall be determined under the Federal Tort Claims Act, Contract Disputes Act, or other governing federal authority. Federal Statute of Limitations provisions shall apply to any claim, demand, suit or proceeding arising from the Subscriber Agreement or this Amendment.

E. Governing law and Forum: The Subscriber Agreement and this Amendment shall be governed by, and interpreted and enforced in accordance with, applicable federal laws of the United States of America without reference to conflict of laws. To the extent permitted by federal law, the laws of the State of California including its choice of law rules will apply in the absence of applicable federal law. Any arbitration, mediation or other dispute resolution provision in the Subscriber Agreement is hereby waived. The forum for purposes of resolving claims and disputes will be determined in accordance with federal law.

F. No automatic renewal: With respect to Section 5 of the Subscriber Agreement, Asana agrees to waive the provision allowing Asana to automatically charge the Agency upon a renewal date associated with Customer’s account. Asana agrees to remove the auto-renew default setting for any Agency whose account details page designates an email address that ends in .gov, .mil, or .fed.us. Instead, Asana will notify the Agency to allow the Agency to determine if funds are available and if the Service will be needed for a renewal period.

G. Continuity of service during dispute: With respect to Section 6 of the Subscriber Agreement, Asana agrees to waive the language that would otherwise permit Asana to terminate the Premium Subscription contract in the event of an alleged breach of the Agreement by the Agency. Instead, recourse against the United States for any alleged breach of the Agreement must be made under the terms of the Federal Tort Claims Act or as a dispute under the Contract Disputes Act, as applicable. During the resolution of the dispute the Contractor, Asana, shall proceed diligently with performance of the contract, pending final resolution of any request for relief, claim, appeal, or action arising under the contract, and comply with any decision of the Agency Contracting Officer.

H. Limitation of liability: The Parties agree that nothing in the limitation of liability provision in Section 10 or elsewhere in the Subscriber Agreement in any way grants Asana a waiver from, release of, or limitation of, liability pertaining to any past, current or future violation of federal law.

I. No endorsement: With reference to Section 4(d) of the Subscriber Agreement, Asana agrees that the Agency’s name, seals, logos, trademarks, service marks, trade names, and the fact that the Agency has a presence on the Asana site and uses its Services, shall not be used by Asana in such a manner as to state or imply (in the judgment of a reasonable person) that Asana’s products or services are endorsed, sponsored or recommended by the Agency or by any other element of the Federal Government, or are considered by the Agency or the Federal Government to be superior to any other products or services. Except for pages whose design and content is under the control of the Agency, Asana agrees not to display any Agency or Government names, seals, trademarks, logos, service marks, and trade names on Asana’s homepage or elsewhere on the Asana Site unless permission to do so has been granted by the Agency or by other relevant federal government authority. Asana may list the Agency’s name in a publicly available customer list on its homepage or elsewhere so long as the name is not displayed in a more prominent fashion than that of any other third-party customer.

J. Assignment: As indicated in Section 11(e) of the Subscriber Agreement, neither party may assign its obligations under the Subscriber Agreement as modified by this Amendment to any third party without prior written consent of the other. However, if Agency is using Asana’s free services only, Asana or its subsidiaries may, without the Agency’s consent, assign the Subscriber Agreement as modified by this Amendment to an affiliate or to a successor or acquirer, as the case may be, in connection with a merger, acquisition, corporate reorganization or consolidation, or the sale of all or substantially all of its assets. Any transfer of Asana assets related to the Agency’s paid subscription contract requires review and consent by the Agency, under the procedures found in the FAR Subpart 42.13 (48 CFR Chapter 1, Part 42, Subpart 42.12 - Novation).

K. Precedence; Further Amendments: If there is any conflict between this Amendment and the Subscriber Agreement, or between this Amendment and other terms, rules or policies on the Asana site or related to its Service, this Amendment shall prevail. This Amendment constitutes a mutually agreed upon amendment to the Subscriber Agreement; language in the Subscriber Agreement in Section 11(e) indicating it alone is the entire agreement between the Parties is waived. Any further amendment must be agreed to in writing by both Parties.

L. Posting of Amendment: This Amendment shall be posted with the Asana’s online Subscriber Agreement either by incorporation of its text or via an integral link.

Asana Subprocessors

Last Updated: July 15, 2019

In connection with our provision of the Services, Asana and its affiliates may engage third parties (each a “Subprocessor”) to process your Personal Data. In certain circumstances an affiliate of Asana may even be a Subprocessor. As a condition of permitting a Subprocessor to process your Personal Data, Asana (and its affiliates as applicable) will enter into a written agreement with each Subprocessor containing data protection obligations at least as protective as the technical and organizational measures Asana has put into place to protect your Personal Data from accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access. All terms capitalized above, but not defined have the meaning set forth in Asana’s User Terms of Service, Privacy Policy, and/or your applicable customer agreement with Asana.

Asana Affiliates

Data Processing Addendum

Download Download the Data Processing Addendum [PDF]

Asana’s Commitment to GDPR Compliance

The General Data Protection Regulation (“GDPR”) is a European law establishing protections for the personal data of EU residents that came into force on May 25, 2018. Under the GDPR, organizations that collect, maintain, use, or otherwise process EU residents’ personal data (regardless of the organization’s location) must implement certain privacy and security safeguards for that data. Asana has established a comprehensive GDPR compliance program and is committed to partnering with its customers and vendors on GDPR compliance efforts. Some significant steps Asana has taken to align its practices with the GDPR include:

• Revisions to our policies and contracts with our partners, vendors, and users
• Enhancements to our security practices and procedures
• Closely reviewing and mapping the data we collect, use, and share
• Creating more robust internal privacy and security documentation
• Training employees on GDPR requirements and privacy/security best practices generally
• Carefully evaluating and building a data subject rights’ policy and response process Below, we provide additional details about the core areas of Asana’s GDPR compliance program and how customers can use Asana to support their own GDPR compliance initiatives.

Data Processing Agreements

Under the GDPR, “data controllers” (i.e. entities that determine the purposes and means of processing data) are required to enter into agreements with other entities that process data on their behalf (called “data processors”). Asana offers its customers who are controllers of EU personal data the option to enter into a robust data processing agreement under which Asana commits to process and safeguard personal data in accordance with GDPR requirements. This includes Asana’s commitment to process personal data consistent with the instructions of the data controller.

International Data Transfers

As with prior EU data protection laws, the GDPR requires organizations to use a recognized legal mechanism to transfer data from the EU to other countries that do not have a similar data protection framework, including the United States. To comply with this requirement, Asana is certified under the EU-US Privacy Shield framework, which requires it to maintain certain safeguards for personal data transferred to the United States. Additionally, Asana offers customers who are data controllers of EU personal data the option to enter into EU Model Contractual Clauses with us upon request.

Data Access, Management, and Portability Tools

The GDPR gives individual data subjects in certain circumstances the rights to, among other things, access, delete, and make corrections to their data. Asana is committed to facilitating data subject requests consistent with the GDPR, as further described in our Privacy Policy.

Privacy Documentation

At its core, the GDPR is focused on transparency, fairness, and accountability. Accordingly, the law requires organizations to maintain documentation about their privacy practices and their decisions about how they handle individuals’ personal data. Asana shares the GDPR’s commitment to these principles, and has included within its ongoing GDPR compliance program documentation about its data collection and processing activities, and the various policies and guidelines it follows pursuant to the GDPR. You can learn more about how Asana collects, uses, and discloses personal data by visiting Asana’s Privacy Policy.

Data Security

The GDPR requires organizations to use appropriate technical and organizational measures to protect the security, confidentiality, and integrity of personal data. Security continues to be a priority for Asana: we are now SOC 2 Type 1 certified (read more about our certification here) and have implemented a variety of safeguards to protect the security of our platform, including encrypting web connections to protect data transmissions, replicating our databases to support reliability of the platform, and controlling access to our facilities and office network. Asana also offers customers the ability to use additional security controls to further enhance the security of their teams’ data. For more information, please see our Security Statement.

Ongoing Compliance and Communication

The GDPR’s requirements are comprehensive, but the law and regulatory guidance will evolve. As data protection authorities in Europe interpret the GDPR’s requirements and issue guidance, we will continue to follow these developments closely and evaluate our program for any changes or enhancements as needed. We value communication with our customers. If you have any questions about our GDPR compliance efforts, or if you are a data controller customer with questions about how we can help support your own GDPR compliance efforts, please contact us at privacy@asana.com.

Related Resources

• Asana Security Statement
• Asana Privacy Policy
• Asana User Terms of Service
• Asana Data Processing Addendum
• Asana EU-US and Swiss-US Privacy Shield Certification
• Full Text of the GDPR

Asana Privacy Policy

Effective Date: November 1, 2018

Asana offers a variety of team productivity, collaboration, and organizational tools available online, including via a mobile application (collectively, the “Service”), and websites, including but not limited to www.asana.com, wavelength.com, blog.asana.com, community.asana.com (the “Websites”). As you use the Service and interact with the Websites, Asana collects and processes information from and about you in order to provide you with access to the Service, enhance your experience while using the Service, and interact with you. This Privacy Policy (the “Policy”) describes how Asana collects, uses, and discloses information collected through the Service and Websites, and what choices you have with respect to such information. The first section below explains which privacy terms are applicable to you depending on what type of user you are.

References to “Asana” throughout the Policy mean the Asana entity that acts as the data controller or data processor of your information, as explained in more detail below. If you do not agree with this Policy, do not access or use the Service, Websites, or any other part of Asana’s business.

If you have any questions about this Privacy Policy, please contact Asana at: 1550 Bryant Street, Suite 200, San Francisco, CA 94103 or by emailing us at privacy@asana.com.

This Privacy Policy contains the following sections:

• What Type of User am I and What Privacy Terms are Applicable to Me?
• Privacy Terms for Subscribers
• Privacy Terms for Free Users
• Privacy Terms for Site Visitors
• Additional Privacy Terms for All Users
• Asana Contact Info

I. What Type of User am I and Which Privacy Terms Are Applicable to Me?

Asana has three different types of users depending on the Asana products used. Please see the bullets below to determine which type of user you are, and then click the internal link to visit the privacy terms applicable to you. It is possible that you may use Asana in different ways. If so, please review all applicable privacy terms. Also, don’t forget to review Section V, which contains privacy terms applicable to all users.

• Subscribers. We call users who use the Service as part of any tier of a paid Asana subscription plan “Subscribers.” The Service features and functionalities available to Subscribers are determined by the specific terms agreed to between Asana and the organization (e.g., your employer or another entity or person, called the “Customer”) that entered into a separate agreement that governs delivery, access, and use of the Service (for purpose of this Policy, the “Customer Agreement”). The Customer controls its instance of the Service and is the data controller of the information collected through the Service about Subscribers, and Asana is a data processor of such information. To go directly to the terms applicable to Subscribers, please click here.
• Free Users. We call users who use a non-paid version of the Service “Free Users.” While Free Users can access and use the Service, they have access to a more limited set of Service features and functionality than Subscribers. Asana is the data controller of the information collected through the Service about Free Users. To go directly to the terms applicable to Free Users, please click here.
• Site Visitors. We call users of the Websites “Site Visitors.” Site Visitors can be individuals who are simply browsing the Websites but who do not use the Asana Service; or, Site Visitors can be Free Users or Subscribers who visit the Websites to seek additional information about Asana. Asana is the data controller of the information collected through the Website about Site Visitors. To go directly to the terms applicable to Site Visitors please click here.

II. Privacy Terms for Subscribers

A. Overview

Section II of this Policy applies only to Subscribers. If you are a Subscriber, the “Customer Agreement” governs the collection and processing of information collected from you through the Customer’s instance of the Service (e.g. a Customer’s organization or workspace, but for purposes of this Policy referred to as the “Workspace”), including all associated messages, attachments, files, tasks, projects and project names, team names, channels, conversations, and other content submitted through the Service (“Workspace Content”). In the event of a conflict between this Privacy Policy and the Customer Agreement, the Customer Agreement governs. Because the Customer controls the Workspace used by Subscribers, if you have any questions about the Customer’s specific Workspace settings and privacy practices, please contact the Customer whose Workspace you use. If you are a Subscriber located in the European Union, please note that the Customer is the data controller with respect to the processing of your Workspace Content pursuant to the EU General Data Protection Regulation (“GDPR”). When processing Workspace Content of EU data subjects governed by the Customer Agreement, Asana is the data processor, meaning that we collect and process such information solely on behalf of the Customer.

B. Collection and Use of Subscriber Information

This section explains the information we collect from Subscribers. We do not require Subscribers to provide us with information. However, certain information, such as account log-in data, is required to provide you with access to the Service, and other information may be collected automatically as you use the Service.

1. Workspace Content. Workspace Content is collected, used, and shared by Asana in accordance with the Customer’s instructions, including any applicable terms in the Customer Agreement, or as required by applicable law. The Customer, and not Asana, determines its own, internal policies regarding storage, access, modification, deletion, sharing, and retention of Workspace Content which may apply to your use of the Service. For example, a Customer may provide or remove access to the Service, enable or disable third party integrations, manage permissions, retention and export settings, transfer or assign teams, or share projects. Please check with the Customer about the policies and settings that they have instituted with respect the Workspace Content that you provide when using the Service.
2. Account Information. To set up your Asana account, you or the Customer will provide us with basic information about you which may include your name, address, telephone number, email address, and password. You will then have the ability to provide optional profile information, such as a photograph or basic demographic data. With your permission, we may also upload calendar information stored on your mobile device to your account. If you submit payment information in connection with your use of the Service, we utilize a third party credit card payment processing company to collect payment information, including your credit card number, billing address, and phone number. In such circumstances, the third party service provider, and not Asana, stores your payment information on our behalf.
3. Service Usage Information. As you use the Service, we collect information about how you use and interact with the Service (“Service Usage Information”). Such information includes:
   • Device information – when you access the Service using a mobile device, we collect certain device information, including the type of device you are using, its operating system, and mobile network information, which may include your mobile phone number. We may also collect your MAC address and other unique device identifiers.
   • Log files – when you use the Service, our servers automatically record information in server log files. These log files may include information such as your web request, IP address, browser type and settings, referring/exit pages and URLs, number of clicks, date and time stamp information, language preferences, data from cookies and similar technologies, and other such information.
   • Location information – we collect and process general information about the location of the device from which you are accessing the Service (e.g., approximate geographic location inferred from an IP address).
   • Workspace Use Metadata – when you interact with the Service, metadata is generated that provides high-level (non-content) information about the way you work in your Workspace. For example, we may log the number of Workspaces you work in; the number of tasks to which you are assigned; the features and embedded Service content you interact with; the types of files you share; and what, if any, third party services and integrations you use.
4. Other Information. You may provide us with information when you interact with us in other ways, such as when you submit requests or questions to us via forms or email (e.g., support forms, sales forms, user research participation forms); information you provide in connection with Asana sweepstakes, contests, or research studies in which you choose to participate; beta testing; and requests for customer support and technical assistance (collectively, “Other Information”).
5. Information Collected from Third-Party Integrations. If you choose to use or connect to third-party integrations (e.g., OneDrive, Unito, Wufoo, Slack) through the Service, or if you are required or permitted to do so by a Customer, such third parties may allow us to have access to and store additional information about your interaction with those services as it relates to your use of the Service. If you initiate these connections, you also understand that we will share information about you that is required to enable your use of the third-party integration through the Service. If you do not wish to have this information shared, do not initiate these connections. By enabling these connections, you authorize us to connect and access the information provided through these connections, and you understand that the privacy policies of these third parties govern such connections.

C. How Does Asana Use Subscriber Information?

This section explains how Asana uses information collected from Subscribers.

1. Workspace Content. Asana may view and use Workspace Content collected from and about Subscribers only as necessary:
   • To maintain, provide and improve the Service
   • To prevent or address technical or security issues and resolve support requests
   • To investigate when we have a good faith belief, or have received a complaint alleging, that such Workspace Content is in violation of the Customer Agreement or our User Terms of Service
   • To comply with a valid legal subpoena, request, or other lawful process that meets the requirements of the Customer Agreement and our Law Enforcement Guidelines
   • As otherwise set forth in our Customer Agreement or as expressly permitted in writing by the Customer
2. Account Information, Service Usage Information, Information from Third Party Integrations, and Other Information. Asana may use these categories of information collected from and about Subscribers to:
   • Maintain, provide, and improve the Service
   • Respond to your requests for information
   • Prevent or address technical or security issues and resolve support requests
   • Investigate in good faith alleged violations of our User Terms of Service
   • Comply with a valid legal subpoena, request, or other lawful process that meets the requirements of our Law Enforcement Guidelines
   • Help us better understand user interests and needs, and customize the Service for our users
   • Engage in analysis, research, and reports regarding use of the Service
   • Protect the Service and our users
   • Communicate with you via email and through the Service about important notices and updates regarding the Service, such as to inform you about changes in the Service, our service offerings, and important services-related notices, such as about security and fraud. Because these communications are an important part of the Service, you may not opt out of them
   • In accordance with applicable legal obligations, communicate with you about promotions, offers, and news about Asana. You have the ability to unsubscribe from such promotional communications
   • Provide cross-device management of your account. For example, we may locate or try to locate the same unique users across multiple browsers or devices (such as smartphones or tablets), or work with service providers that do this, in order to save your preferences across devices and analyze usage of the Service. If you wish to opt out of the ability of one our service providers, Google Analytics, to locate you across devices in this way, you may install the Google Analytics Opt-out Browser Add-on by clicking here

D. Sharing of Subscriber Information

In accordance with the applicable Customer Agreement, we may share the information we collect from Subscribers as follows:

• Affiliates and Subsidiaries. We may share the information we collect within the Asana family of companies.
• Service Providers. We may provide access to or share your information with select third parties that use the information only to perform services on our behalf. These third parties provide a variety of services to us, including without limitation sales, marketing, provision of content and features, analytics, data storage, security, fraud prevention, and other services.
• Business Transactions. If the ownership of all or substantially all of our business changes, we may transfer your information to the new owner so that the Service can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Policy until such time as the acquiring party modifies it. If such transfer is subject to additional mandatory restrictions under applicable laws, Asana will comply with such restrictions.
• Consistent with your settings within the Service. Please note that the Workspace Content you submit through the Service may be viewable by other users in your Workspace and within your organization, depending on the specific settings you and your organization have selected.

E. Aggregate De-Identified Data

We may aggregate and/or de-identify information collected through the Service so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and analytics, and may also share such data with any third parties, including partners, affiliates, services providers, and others.

F. Combined Information

We may combine the information that we collect through the Service with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Policy and the Customer Agreement.

G. Data Retention

We will retain your information for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or permitted by law, or where the Customer Agreement requires or permits specific retention or deletion periods.

H. Data Subject Rights

Please contact your Workspace owner(s) or administrator(s) to exercise any data subject rights you have under applicable local laws, including your ability to access, delete, rectify, transfer, or object under the GDPR.

III. Privacy Terms for Free Users

A. Overview

Section III of this Policy applies only to Free Users of the Service. If you are a Free User located in the European Union, Asana is the data controller with respect to the processing of your personal data pursuant to the GDPR.

B. Collection and Use of Free User Information

This section explains how we collect, process, and use the information collected from Free Users. We do not require Free Users to provide us with information. However, certain information, such as account log-in data, is required to provide you with access to the Service, and other information may be collected automatically as discussed below.

1. Information You Provide to Asana. Asana collects the following information submitted directly through the Service by Free Users:
   • The messages, attachments, files, tasks, project names, team names, channels, conversations, and other content submitted through the Service (collectively, the “Workspace Content”);
   • Information you provide as part of your account registration with Asana, which may include your name, organization name, address, telephone number, email address, username and password; optional information that you may choose to provide, such as a photograph or basic demographic data; and, with your permission, calendar information stored on your mobile device that you may elect to upload to your account (collectively, the “Account Information”); and
   • Information you provide in other interactions with us, such as requests or questions you submit to us via forms or email (e.g., support forms, sales forms, user research participation forms), information you provide in connection with Asana sweepstakes, contests, or research studies in which you choose to participate; beta testing; and requests for customer support and technical assistance (collectively, “Other Information”).
2. Service Usage Information. As you use the Service, we collect a variety of information about how you use and interact with the Service (“Service Usage Information”). Such information includes:
   • Device information – when you access the Service using a mobile device, we collect certain device information, including the type of device you are using, its operating system, and mobile network information, which may include your mobile phone number. We may also collect your MAC address and other unique device identifiers.
   • Log files – when you use the Service, our servers automatically record certain information in server log files. These log files may include information such as your web request, IP address, browser type and settings, referring / exit pages and URLs, number of clicks, date and time stamp information, language preferences, data from cookies and similar technologies, and other such information.
   • Location information – we collect and process general information about the location of the device from which you are accessing the Service (e.g., approximate geographic location inferred from an IP address).
   • Workspace Use Metadata – when you interact with the Service, metadata is generated that provides high-level (non-content) information about the way you work in your Workspace. For example, we may log the number of Workspaces you work in; the number of tasks to which you are assigned; the features and embedded Service content you interact with; the types of files you share; and what, if any, third party services and integrations you use.
3. Information Collected from Third Party Integrations. If you choose to use or connect to third-party integrations (e.g., OneDrive, Unito, Wufoo, Slack) through the Service, such third parties may allow us to have access to and store additional information about your interaction with those services as it relates to your use of the Service. Moreover, if you initiate these connections, you also understand that we will share information about you that is required to enable your use of the third-party integration through the Service. If you do not wish to have this information shared, do not initiate these connections. By enabling these connections, you authorize us to connect and access the information provided through these connections, and you understand that the privacy policies of these third parties govern such connections.
4. Information Collected from Other Third Parties. Asana may receive additional information about you, such as demographic information, from affiliates under common ownership and control, and from third parties, such as business partners, marketers, researchers, analysts, and other parties that we may use to supplement the information that we collect directly from you.

C. Use of Free User Information

Asana may use the information collected from Free Users to: - Maintain, provide, and improve the Service - Respond to your requests for information - Prevent or address technical or security issues and resolve support requests - Investigate in good faith alleged violations of our User Terms of Service - Comply with a valid legal subpoena, request, or other lawful process that meets the requirements of our Law Enforcement Guidelines - Help us better understand user interests and needs, and customize the Service for our users - Engage in analysis, research, and reports regarding use of the Service - Protect the Service and our users - Communicate with you via email and through the Service about important notices and updates regarding the Service, such as to inform you about changes in the Service, our service offerings, and important services-related notices, such as about security and fraud. Because these communications are an important part of the Service, you may not opt out of them - In accordance with applicable legal obligations, communicate with you about promotions, offers, and news about Asana. You have the ability to unsubscribe from such promotional communications - Provide cross-device management of your account. For example, we may locate or try to locate the same unique users across multiple browsers or devices (such as smartphones or tablets), or work with service providers that do this, in order to save your preferences across devices and analyze usage of the Service. If you wish to opt out of the ability of one our service providers, Google Analytics, to locate you across devices in this way, you may install the Google Analytics Opt-out Browser Add-on by clicking here

D. Legal Bases for Use of Your Information

If you are located in the EU, please note that the legal bases under the EU General Data Protection Regulation (“GDPR”) for using the information we collect through your use of the Service as a Free User are as follows:

• Where use of your information is necessary to perform our obligations under a contract with you (for example, to comply with the User Terms of Service which you accept by using the Service)
• Where use of your information is necessary for our legitimate interests or the legitimate interests of others (for example, to provide security for our Service; operate our Service; prevent fraud, analyze use of and improve our Service, and for similar purposes)
• Where use of your information is necessary to comply with a legal obligation
• Where we have your consent to process data in a certain way

E. Sharing of Free User Information

We share the information we collect through the Service about Free Users with the following:

• Affiliates and Subsidiaries. We may share the information we collect within the Asana family of companies.
• Service Providers. We may provide access to or share your information with select third parties that use the information only to perform services on our behalf. These third parties provide a variety of services to us, including without limitation sales, marketing, provision of content and features, advertising, analytics, research, data storage, security, fraud prevention, and other services.
• Business Transfers. If the ownership of all or substantially all of our business changes, we may transfer your information to the new owner so that the Websites can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Policy until such time as this Policy is updated or amended by the acquiring party upon notice to you. If such transfer is subject to additional mandatory restrictions under applicable laws, Asana will comply with such restrictions.
• Consent. We may also disclose your information to third parties with your consent to do so.
• Consistent with your settings within the Service. Please note that the Workspace Content you submit through the Service may be viewable by other users in your Workspace, depending on the specific settings you have selected.

F. Aggregate De-Identified Data

We may aggregate and/or de-identify information collected through the Service so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, sponsors, event promoters, and/or others.

G. Combined Information

For the purposes discussed in this Policy, we may combine the information that we collect through the Service with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Policy.

H. Data Retention

We will retain your information for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or permitted by law.

I. Data Subject Rights

Local legal requirements (such as those in the EU) may afford you additional rights. If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please contact us using the information in the “Asana Contact Info” section below at any time. Your local laws (such as those in the EU) may permit you to request that we:

• provide access to and/or a copy of certain information we hold about you
• prevent the processing of your information for direct-marketing purposes (including any direct marketing processing based on profiling)
• update information which is out of date or incorrect
• delete certain information which we are holding about you
• restrict the way that we process and disclose certain of your information
• transfer your information to a third party provider of services
• revoke your consent for the processing of your information

We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. We may request you provide us with information necessary to confirm your identity before responding to your request.

IV. Privacy Terms for Site Visitors

A. Overview

Section IV of this Policy applies only to Site Visitors. If you visit the Websites, regardless of whether you are also a user of the Service, the following rules apply to you. To eliminate any confusion, please note that the terms in this section apply only to use of Asana’s Websites, not to use of the Service. If you are a Site Visitor located in the European Union, Asana is the data controller with respect to the processing of your personal data pursuant to the EU General Data Protection Regulation (“GDPR”).

B. Collection and Use of Site Visitor Information

1. Information Collected from Site Visitors

   When you use the Websites, we collect the following information about you:

   • Contact Information – if you submit a request for information or a question through the Websites, you may be asked to provide us with basic information including your name, email address, phone number, and postal address. We will also keep records of the communication, the question/request you raised, and how it was resolved. If you choose to participate in an Asana sweepstakes, contest, or research study offered through the Websites, we will also collect basic contact information from you in connection with such activity.
   • Websites Usage Information – as you browse the Websites, we and our service providers (which are third party companies that work on our behalf to provide and enhance the Websites) use a variety of technologies, including cookies and similar tools, to assist in collecting information about how you use the Websites. For example, our servers automatically record certain information in server logs. These server logs may include information such as your web request, IP address, browser type and settings, referring / exit pages and URLs, number of clicks and how you interact with links on the Websites, domain names, landing pages, pages viewed, mobile carrier, mobile device identifiers and information about the device you are using to access the Websites, date and time stamp information and other such information.
   • Location Information – We collect and process general information about the location of the device from which you are accessing the Service (e.g., approximate geographic location inferred from an IP address).

2. Cookies and Similar Technologies

   To collect the Websites Usage Information discussed above, we and our service providers use Internet server logs, cookies, tags, SDKs, tracking pixels, and other similar tracking technologies. A web server log is a file where website activity is stored. An SDK is a section of code that we embed in our applications and software to allow third parties to collect information about how users interact with the Websites. A cookie is a small text file that is placed on your computer or mobile device when you visit a site, that enables us to: (i) recognize your computer and login session; (ii) store your preferences and settings; (iii) understand which pages of the Websites you have visited; (iv), enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests; (v) perform analytics; and (vi) assist with security and administrative functions. Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads and/or email, and that are designed to provide usage information like ad impressions or clicks, email open rates, measure popularity of the Websites and associated advertising, and to access user cookies. As we adopt additional technologies, we may also gather information through other methods. Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari).

3. Use of Information Collected from Site Visitors

   We use the information collected from Site Visitors for a variety of purposes including to:

   • Maintain, provide, and improve the Websites and the Service
   • Respond to your requests for information
   • In accordance with applicable legal obligations, communicate with you about promotions, offers, and news about Asana. You have the ability to unsubscribe from such promotional communications
   • Prevent or address technical or security issues
   • Investigate in good faith alleged violations of our User Terms of Service
   • Help us better understand Site Visitor interests and needs, and customize the advertising and content you see on the Websites
   • Engage in analysis and research regarding use of the Websites and the Service

C. Legal Bases

If you are located in the EU, please note that the legal bases under the GDPR for using the information we collect through your use of the Websites as a Site Visitor are as follows:

• Where use of your information is necessary to perform our obligations under a contract with you (for example, to comply with the User Terms of Service which you accept by browsing the Websites)
• Where use of your information is necessary for our legitimate interests or the legitimate interests of others (for example, to provide security for our Websites; operate our Websites; prevent fraud, analyze use of and improve our Websites, and for similar purposes)
• Where use of your information is necessary to comply with a legal obligation
• Where we have your consent to process data in a certain way

D. Aggregate/De-Identified Data

We may aggregate and/or de-identify information collected through the Websites so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, sponsors, event promoters, and/or others.

E. Combined Information

You agree that, for the purposes discussed in this Policy, we may combine the information that we collect through the Websites with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Policy. If, however, the collection of any information about you is governed by a Customer Agreement, information will only be combined and used in accordance with such Customer Agreement and the sections of this Policy applicable to Subscribers.

F. Website Analytics and Advertising

1. Website Analytics

   We may use third-party web analytics services on our Websites to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; and provide certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here.

2. Online Advertising

   The Websites may integrate third-party advertising technologies that allow for the delivery of relevant content and advertising on the Websites, as well as on other websites you visit. The ads may be based on various factors such as the content of the page you are visiting, information you enter such as your age and gender, your searches, demographic data, and other information we collect from you. These ads may be based on your current activity or your activity over time and across other websites and online services and may be tailored to your interests.

   Third parties, whose products or services are accessible or advertised via the Websites, may also place cookies or other tracking technologies on your computer, mobile phone, or other device to collect information about you as discussed above. We also allow other third parties (e.g., ad networks and ad servers such as Google Analytics, DoubleClick and others) to serve tailored ads to you on our Websites and other websites and to access their own cookies or other tracking technologies on your computer, mobile phone, or other device you use to access the Websites. We sometimes provide Site Visitor information (such as email addresses) to service providers, who may “match” this information in de-identified form to cookies (or mobile ad identifiers) and other proprietary IDs, in order to provide you with more relevant ads when you visit other websites.

   We neither have access to, nor does this Policy govern, the use of cookies or other tracking technologies that may be placed on your device you use to access the Websites by such non-affiliated third parties. If you are interested in more information about tailored browser advertising and how you can generally control cookies from being put on your computer to deliver tailored advertising, you may visit the Network Advertising Initiative’s Consumer Opt-Out link, the Digital Advertising Alliance’s Consumer Opt-Out link, or Your Online Choices to opt-out of receiving tailored advertising from companies that participate in those programs. To opt out of Google Analytics for display advertising or customize Google display network ads, visit the Google Ads Settings page. We do not control these opt-out links or whether any particular company chooses to participate in these opt-out programs. We are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms.

   Please note that if you exercise the opt-out choices above, you will still see advertising when you use the Websites, but it will not be tailored to you based on your online behavior over time.

3. Notice Concerning Do Not Track Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our Websites for third party purposes, and that is why we provide the variety of opt-out mechanisms listed above. However, we do not currently recognize or respond to browser-initiated DNT signals. To learn more about Do Not Track, you can do so here.

G. Sharing of Site Visitor Information

We share the information we collect through the Websites with the following:

• Affiliates and Subsidiaries. We may share the information we collect within the Asana family of companies.
• Service Providers. We may provide access to or share your information with select third parties that use the information only to perform services on our behalf. These third parties provide a variety of services to us, including without limitation sales, marketing, provision of content and features, advertising, analytics, research, data storage, security, fraud prevention, and other services.
• Business Transfers. If the ownership of all or substantially all of our business changes, we may transfer your information to the new owner so that the Websites can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Policy until such time as this Policy is updated or amended by the acquiring party upon notice to you. If such transfer is subject to additional mandatory restrictions under applicable laws, Asana will comply with such restrictions.
• Public Forums. The Websites makes it possible for you to upload and share comments or feedback publicly with other users, such as on the Asana community forum. Any information that you submit through such public features is not confidential, and Asana may use it for any purpose (including in testimonials or other Asana marketing materials). Any information you post openly in these ways will be available to the public at large and potentially accessible through third-party search engines. Such information can be read, collected and/or used by other users, and it could be used to send you unsolicited messages. Accordingly, please take care when using these features of the Websites.
• Consent. We may also disclose your information to third parties with your consent to do so.

H. Retention of Your Information

We will retain your information for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or permitted by law.

I. Data Subject Rights

Local legal requirements (such as those in the EU) may afford you additional rights. If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please contact us using the information in the “Asana Contact Info” section below at any time. Your local laws (such as those in the EU) may permit you to request that we:

• provide access to and/or a copy of certain information we hold about you
• prevent the processing of your information for direct-marketing purposes (including any direct marketing processing based on profiling)
• update information which is out of date or incorrect
• delete certain information which we are holding about you
• restrict the way that we process and disclose certain of your information
• transfer your information to a third party provider of services
• revoke your consent for the processing of your information

We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. We may request you provide us with information necessary to confirm your identity before responding to your request.

J. Third Party Links And Services

The Websites may contain links to third-party websites and functionalities. If you choose to use these third party services, you may disclose your information not just to those third-parties, but also to their users and the public more generally depending on how their services function. Because these third-party websites and services are not operated by Asana, Asana is not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your information will be subject to the privacy policies of the third party websites or services, and not this Policy. We urge you to read the privacy and security policies of these third-parties.

V. Additional Privacy Terms for All Users

The following additional information about Asana’s privacy practices apply to all users of Asana (Subscribers, Free Users, and Site Visitors).

A. International Users

Asana complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from the European Union and Switzerland to the United States, respectively. Asana has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement and Liability. If there is any conflict between the policies in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/. In compliance with the EU-US Privacy Shield and Swiss-US Privacy Shield Principles, Asana commits to resolve complaints about your privacy and our collection or use of your personal data. European Union or Swiss citizens with inquiries or complaints regarding this privacy policy should first contact Asana at: privacy@asana.com. Asana has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU Privacy Shield, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Asana, please visit the BBB EU Privacy Shield web site at https://www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. Asana is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with respect to its compliance with the provisions of the EU-US and Swiss-US Privacy Shield.

We may transfer information that we collect about you to third party processors across borders and from your country or jurisdiction to other countries or jurisdictions around the world. If you are located in the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that you are transferring information to a country and jurisdiction that does not have the same data protection laws as your jurisdiction. Asana will take reasonable and appropriate steps necessary to ensure that any third party who is acting as a “data processor” under EU and Swiss terminology is processing the personal data we entrust to them in a manner that is consistent with the EU-US and Swiss-US Privacy Shield Principles. Asana is potentially liable in cases of onward transfer to third parties of data of EU and Swiss individuals received pursuant to the EU-US and Swiss-US Privacy Shield, respectively.

B. Changes To Our Privacy Policy

We reserve the right to amend this Policy at any time to reflect changes in the law, our data collection and use practices, the features of our Service or Websites, or advances in technology. We will make the revised Policy accessible through the Service and Websites, so you should review the Policy periodically. If we make a material change to the Policy, we will comply with applicable legal requirements regarding providing you with notice and/or consent.

C. How We Protect Your Information

Asana takes technical and organizational measures to protect your information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. However, no method of transmission over the Internet, and no means of electronic or physical storage, is absolutely secure, and thus we cannot ensure or warrant the security of that information.

D. Marketing Practices and Choices

If you receive email from us, we may use certain analytics tools, such as clear GIFs, to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns. You may instruct us not to use your contact information to contact you by email, postal mail, or phone regarding products, services, promotions and special events that might appeal to your interests by contacting us at the “Asana Contact Info” section below. In commercial email messages, you can also opt out by following the instructions located at the bottom of such emails. Please note that, regardless of your request, we may still use and share certain information as permitted by this Policy or as required by applicable law. For example, you may not opt out of certain operational or service-related emails, such as those reflecting our relationship or transactions with you.

E. California Privacy Rights

California law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined by applicable California law) with third parties for their direct marketing purposes. However, Asana does not share your personal information with third parties for their own direct marketing purposes.

VI. Asana Contact Info

Asana is located at 1550 Bryant Street, Suite 200, San Francisco, CA 94103. If you wish to contact us or have any questions about or complaints in relation to this Policy, please contact us at privacy@asana.com.

Subscriber Agreement

Last Updated: November 30, 2018

This Subscriber Agreement (the “Agreement”) is entered into by and between Asana, Inc. (“Asana”) and the organization agreeing to the terms of this Agreement (“Customer”). This Agreement shall be effective on the earliest of (a) the date Customer clicks a button indicating its agreement with the terms of this Agreement; (b) Customer entering into an Order Form or similar form referencing or otherwise incorporating this Agreement; or (c) Customer’s use of the Service (the “Effective Date”). If you are entering into this Agreement on behalf of your organization, that organization is deemed to be the Customer and you represent that you have the power and authority bind that organization to this Agreement. This Agreement applies to you if you are a new Customer on or after November 30, 2018.

1 The Service.

1.1 Provision of the Service. Asana shall make the Service purchased under an Order Form available to Customer and its End Users pursuant to this Agreement during the applicable Subscription Term. The Service includes the features and functionality applicable to the version of the Service ordered by Customer. Asana may update the content, functionality, and user interface of the Service from time to time in its sole discretion.

1.2 Access Rights. Customer has a non-exclusive, non-sublicenseable, non-transferable (except as specifically permitted in this Agreement) right to access and use the Service pursuant to this Agreement during the applicable Subscription Term, solely for Customer’s internal business purposes subject to the limitations set forth in the Order Form.

1.3 Usage Restrictions. Customer shall not (a) make the Service available to, or use any Service for the benefit of, anyone other than Customer and its Affiliates; (b) rent, sublicense, re-sell, assign, transfer, distribute, time share, or similarly exploit the Service; (c) reverse engineer, copy, modify, adapt, hack the Service, or otherwise attempt to gain unauthorized access to the Service or its related systems or networks; (d) access the Service, the Documentation, or Asana’s Confidential Information to build a competitive product or service; (e) alter or remove, or permit any third party to alter or remove, any proprietary trademark or copyright markings incorporated in, marked on, or affixed to the Service; (f) allow End User Subscriptions to be shared or used by more than one individual End User (except that End User Subscriptions may be reassigned to new End Users replacing individuals who no longer use the Service for any purpose, whether by termination of employment or other change in job status or function); or (g) access or use the Service: (i) to send or store infringing, obscene, threatening, or otherwise unlawful material, including material violative of third-party privacy rights; (ii) in violation of applicable laws; (iii) to send or store material knowingly or intentionally containing software viruses, worms, Trojan horses or other harmful computer code, files, or scripts; or (iv) in a manner that interferes with or disrupts the integrity or performance of the Service (or the data contained therein).

1.4 Protection of Customer Data. Asana shall implement and maintain administrative, organizational, and technical safeguards designed for the protection, confidentiality, and integrity of Customer Data. If Customer Data includes personal data defined by EU Regulation 2016/679 (the General Data Protection Regulation or “GDPR”) and/or if such Customer Data is transferred outside the European Economic Area or Switzerland to any country not deemed by the European Commission as providing an adequate level of protection for personal data, the terms of the Asana Data Processing Addendum shall apply to such personal data and be incorporated into this Agreement upon the execution and submission of the Data Processing Addendum by Customer to Asana in accordance with its terms. Asana’s Data Processing Addendum may be accessed at https://asana.com/terms#data-processing.

1.5 Administration of Customer’s Account. Customer acknowledges that it retains administrative control over to whom it grants access to Customer Data hosted in the Service. Customer may specify an End User to be the billing owner and, depending on the Subscription, one or more End Users to be administrators (each an “Administrator”) to manage its account, and Asana is entitled to rely on communications from an Administrator when servicing Customer’s account. Depending on the version purchased by Customer, Customer’s Administrator(s) may have the ability to access, monitor, use, and/or export Customer Data. Customer is responsible for maintaining the security of End User accounts and passwords.

1.6 Compliance. Customer is responsible for use of the Service by its End Users and for their compliance with this Agreement. Customer is solely responsible for the accuracy, quality, legality, reliability, and appropriateness of all Customer Data. Customer shall ensure that it is entitled to transfer the relevant Customer Data to Asana so that Asana and its service providers may lawfully use, process, and transfer the Customer Data in accordance with this Agreement on Customer’s behalf. Customer shall promptly notify Asana if it becomes aware of any unauthorized use of or access to Customer’s account or the Service.

1.7 Suspension. Asana may request that Customer suspend the account of any End User who (a) violates this Agreement or Asana’s User Terms of Service; or (b) is using the Service in a manner that Asana reasonably believes may cause a security risk, a disruption to others’ use of the Service, or liability for Asana. If Customer fails to promptly suspend or terminate such End User’s account, Asana reserves the right to do so.

1.8 Customer’s Use of Third Party Services. Customer may install or enable third party services for use with the Service, such as online applications, offline software products, or services that utilize the Asana API in connection with Customer’s use of the Service (“Third Party Services”). Any acquisition and use by Customer or its End Users of such Third Party Services is solely the responsibility of Customer and the applicable third party provider. Customer acknowledges that providers of such Third Party Services may have access to Customer Data in connection with the interoperation and support of such Third Party Services with the Service. To the extent Customer authorizes the access or transmission of Customer Data through a Third Party Service, Asana shall not be responsible for any use, disclosure, modification, or deletion of such Customer Data or for any act or omission on the part of the third party provider or its service.

1.9 Trial Subscriptions. Customer may access a version of the Service on a trial basis (a “Trial”) subject to the terms of this Agreement; provided, however, the following additional terms shall apply to its Trial notwithstanding anything to the contrary herein: (a) Asana shall have the right to terminate a Trial at any time and for any reason; (b) Asana is providing the Service “as is” and makes no warranties (express or implied) of any kind with respect to the Service during the Trial; and (c) Asana shall have no obligation to indemnify Customer. CUSTOMER ACKNOWLEDGES THAT ITS TRIAL WILL AUTOMATICALLY CONVERT TO A SUBSCRIPTION AT THE END OF THE TRIAL AND THAT ASANA MAY CHARGE CUSTOMER FOR THE APPLICABLE SUBSCRIPTION FEES UNLESS CUSTOMER HAS NOTIFIED ASANA IN WRITING OF ITS DECISION TO OPT OUT DURING THE TRIAL.

2 Warranties.

2.1 By Asana. Asana warrants that during the applicable Subscription Term (a) the Service shall perform materially in accordance with the applicable Documentation; and (b) Asana shall not materially decrease the functionality of the Service.

2.2 By Customer. Customer warrants that (a) this Agreement is legally binding upon it and enforceable in accordance with its terms; (b) it has obtained all legally required consents and permissions from End Users for the submission and processing of personal data through the Service; and (c) the transfer and processing of Customer Data under the Agreement is lawful.

2.3 Disclaimer. EXCEPT AS EXPRESSLY PROVIDED FOR IN THIS SECTION, TO THE FULLEST EXTENT PERMITTED BY LAW, THE PROFESSIONAL SERVICES, SERVICE, AND ALL RELATED COMPONENTS AND INFORMATION ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT ANY WARRANTIES OF ANY KIND, AND ASANA AND ITS AFFILIATES EXPRESSLY DISCLAIM ANY AND ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. CUSTOMER ACKNOWLEDGES THAT ASANA DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE. ASANA IS NOT RESPONSIBLE FOR AND DISCLAIMS ALL LIABILITY RELATED TO DELAYS, DELIVERY FAILURES, INTERCEPTION, ALTERATION, OR OTHER DAMAGE RESULTING FROM MATTERS OUTSIDE OF ITS CONTROL, INCLUDING PROBLEMS INHERENT IN THE USE OF THE INTERNET, MOBILE AND PERSONAL COMPUTING DEVICES, TRANSMISSION OF ELECTRONIC COMMUNICATIONS OVER THE INTERNET OR OTHER NETWORKS, AND THIRD PARTY HOSTING SERVICE PROVIDERS.

3 Fees and Payment.

3.1 Subscription Fees. Customer’s Subscription fees are set forth in the applicable Order Form and are based on the number of End Users and version of the Service purchased. Customer shall pay all fees when due and is responsible for providing complete and accurate billing information to Asana. If such fees are being paid via credit card or other electronic means, Customer authorizes Asana to charge such fees using Customer’s selected payment method. Payment obligations are non-cancelable and fees paid are non-refundable unless otherwise provided herein. The number of End Users purchased under a Subscription cannot be decreased during the applicable Subscription Term. If Customer requires the use of a purchase order or purchase order number, Customer shall provide the purchase order number at the time of purchase. Where Customer designates use of a third-party payment processor network (such as a payment agent, for example), Customer shall be responsible for payment of all fees and charges associated with use of such network. Asana reserves the right to suspend Customer’s account, in addition to all of its other available rights and remedies, in the event that Customer’s account becomes overdue. Suspension shall not relieve Customer’s obligation to pay amounts due.

3.2 Auto-renewal. Customer agrees that its Subscription will automatically renew on an annual or monthly basis depending on Customer’s Subscription (the “Renewal Date”). Customer authorizes Asana to automatically charge Customer for the applicable fees on or after the Renewal Date unless the Subscription has been terminated or cancelled in accordance with this Agreement. If Customer wishes to reduce the number of End Users in its Subscription, it must do so prior to the Renewal Date. Customer must cancel its Subscription prior to the Renewal Date in order to avoid billing of the next period’s Subscription fees. Customer can cancel its Subscription anytime online by going into its account settings and following the instructions provided. If Customer chooses to cancel its Subscription during the Subscription Term, Customer may use the Service until the end of Customer’s then-current Subscription Term, but will not be issued a refund for the most recently (or any previously) charged fees.

3.3 Calculation. Subscription fees are based on annual or monthly periods (or pro rata portions thereof, calculated on a daily basis) that begin on the Subscription start date and each annual or monthly anniversary thereof. Subscriptions to the Service are sold on a tiered basis based on the number of End Users. Customer shall purchase a Subscription to the Service for each End User, and the initial number of End Users and tier is reflected in the applicable Order Form. Customer may add End Users to its Subscription at any time on written notice to Asana (email notice acceptable). Asana reserves the right to calculate the total number of End Users periodically and, if the number of End Users exceeds Customer’s current Subscription, then Asana reserves the right to invoice Customer for the applicable tier on a pro rata basis for the remaining period in Customer’s Subscription Term, so that all End User Subscription Terms coincide and are co-terminus. Asana reserves the right to revise fee rates and/or the billable amount structure for the Service at any time and will provide Customer with notice pursuant to Section 11.4 below) of any such changes at least twenty (20) days prior. Asana may charge Customer the then-current pricing for the applicable Subscription if the number of End Users is modified and/or if Customer changes its Subscription plan.

3.4 Taxes. Any fees charged to Customer are exclusive of taxes. Except for those taxes based on Asana’s net income, Customer shall be responsible for all applicable taxes in connection with this Agreement including, but not limited to, sales, use, excise, value-added, goods and services, consumption, and other similar taxes or duties. Should any payment for the Service be subject to withholding tax by any government, Customer shall reimburse Asana for such withholding tax.

3.5 Future Features and Functionality. Customer agrees that any purchases under this Agreement are not contingent on the delivery of any future feature or functionality or dependent on any oral or written public or private comments made by Asana regarding future features or functionality. Asana may release Improvements and other features and functionality in its discretion. Some features and functionality may be available only with certain versions of the Service.

4 Term and Termination. This Agreement commences on the Effective Date and shall remain in effect until all Subscriptions to the Service granted in accordance with this Agreement have expired or been terminated. Either party may terminate this Agreement if the other party: (a) is in material breach of this Agreement and fails to cure such breach within twenty (20) days following receipt of written notice from the non-breaching party, except that termination will take effect on notice in the event of a breach of Section 1.3 (“Usage Restrictions”); or (b) ceases its business operations or becomes subject to insolvency proceedings and the proceedings are not dismissed within sixty (60) days. Upon expiration or termination of this Agreement for any reason, all Subscriptions and any other rights granted to Customer under this Agreement shall immediately terminate, and Asana may immediately deactivate Customer’s account(s) associated with the Agreement. In no event will any termination relieve Customer of the obligation to pay any fees accrued or payable to Asana. The following sections shall survive expiration or termination of this Agreement: Sections 1.3 (“Usage Restrictions”), 2 (“Warranties”), 3.1 (“Subscription Fees”), 3.4 (“Taxes”), 4 (“Term and Termination”), 5 (“Confidentiality”), 6 (“Intellectual Property Rights”), 7 (“Indemnification”), 8 (“Liability”), 9 (“Export Compliance”), 10 (“Use Outside the United States of America”), 11 (“Miscellaneous”), and 12 (“Definitions”).

5 Confidentiality.

5.1 Definition of Confidential Information. During the course of performance under this Agreement, each party may make available to the other party information that is not generally known to the public and at the time of disclosure is either identified as, or should reasonably be understood by the receiving party to be, proprietary or confidential (the “Confidential Information”). Confidential Information specifically includes, but is not limited to, the Service, any Order Form(s) entered into by the parties, Customer Data, Results, business plans, product plans and roadmaps, strategies, forecasts, projects and analyses, financial information and fee structures, business processes, methods and models, and technical documentation. Confidential Information does not include information that (a) is or becomes publicly available without breach of this Agreement by the receiving party; (b) was known to the receiving party prior to its disclosure by the disclosing party; (c) is or was independently developed by the receiving party without the use of any Confidential Information of the disclosing party; or (d) is or was lawfully received by the receiving party from a third party under no obligation of confidentiality.

5.2 Protection of Confidential Information. Except as otherwise expressly permitted under this Agreement, with the express prior written consent of the disclosing party, or as required by law, the receiving party will not disclose, transmit, or otherwise disseminate to a third party any Confidential Information of the disclosing party. The receiving party will use the same care and discretion with respect to the Confidential Information received from the disclosing party as it uses with its own similar information, but in no event less than a reasonable degree of care. The receiving party may disclose the disclosing party’s Confidential Information to its employees, Affiliates, consultants, subcontractors, agents, or advisors (“Representatives”) who have a strict need to access the Confidential Information for the purpose of performing under this Agreement and only to those who are obligated to maintain the confidentiality of such Confidential Information upon terms at least as protective as those contained in this Agreement. Either party may disclose the terms of this Agreement to potential parties to a bona fide fundraising, acquisition, or similar transaction solely for purposes of the proposed transaction, provided that any such potential party is subject to written non-disclosure obligations and limitations on use no less protective than those set forth herein.

5.3 Equitable Relief. The receiving party acknowledges that the remedy at law for breach of this Section 5 may be inadequate and that, in addition to any other remedy the disclosing party may have, it shall be entitled to seek equitable relief, including, without limitation, an injunction or injunctions (without the requirement of posting a bond, other security or any similar requirement or proving any actual damages), to prevent breaches or threatened breaches of this Section 5 by the receiving party or any of its Representatives and to enforce the terms and provisions of this Section 5 in addition to any other remedy to which the disclosing party is entitled at law or in equity.

5.4 Compelled Disclosure. The receiving party may access and disclose Confidential Information of the disclosing party if legally required to do so in connection with any legal or regulatory proceeding; provided, however, that in such event the receiving party will, if lawfully permitted to do so, notify the disclosing party within a reasonable time prior to such access or disclosure so as to allow the disclosing party an opportunity to seek appropriate protective measures. If the receiving party is compelled by law to access or disclose the disclosing party’s Confidential Information as part of a civil proceeding to which the disclosing party is a party, the disclosing party will reimburse the receiving party for the reasonable costs of compiling and providing secure access to such Confidential Information. Receiving party will furnish only that portion of the Confidential Information that is legally required to be disclosed, and any Confidential Information so disclosed shall maintain its confidentiality protection for all purposes other than such legally compelled disclosure.

5.5 Sensitive/Personal Information. Customer agrees that it shall not use the Service to send or store personal information subject to special regulatory or contractual handling requirements (e.g., Payment Card Industry Data Security Standards, the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, and any similar data protection laws) including without limitation: credit card information, credit card numbers and magnetic stripe information, social security numbers, driver’s license numbers, passport numbers, government issued identification numbers, health-related information, biometric data, financial account information, personally identifiable information collected from children under the age of 13 or from online services directed toward children, and real time geo-location data which can identify an individual, or information deemed “sensitive” under applicable law (such as racial or ethnic origin, political opinions, or religious or philosophical beliefs).

6 Intellectual Property Rights.

6.1 By Customer. Customer owns all right, title, and interest in and to Customer Confidential Information and Customer Data, including all related Intellectual Property Rights. Customer grants Asana and its authorized third party service providers a worldwide, non-exclusive license to host, copy, access, process, transmit, and display Customer Data: (a) to maintain, provide, and improve the Service and perform under this Agreement; (b) to prevent or address technical or security issues and resolve support requests; (c) to investigate in good faith an allegation that an End User is in violation of this Agreement or the Asana User Terms of Service; or (d) at Customer’s direction or request or as permitted in writing by Customer.

6.2 By Asana. Asana owns and will continue to own all right, title, and interest, including all related Intellectual Property Rights, in and to its Confidential Information, Results, and the Service, including any enhancements, customizations, or modifications thereto. Where Customer purchases Professional Services hereunder, Asana grants to Customer a non-sublicensable, non-exclusive license to use any reports and other materials developed by Asana as a result of the Professional Services (“Results”) solely in conjunction with Customer’s authorized use of the Service and in accordance with this Agreement.

6.3 Suggestions. Asana welcomes feedback from its customers about the Service and Professional Services. If Customer (including any End User) provides Asana with any feedback or suggestions regarding the Service or Professional Services (“Feedback”), Asana may use, disclose, reproduce, sublicense, or otherwise distribute and exploit the Feedback without restriction or any obligation to Customer or any End User provided that Asana shall not identify Customer or any End User as the source of such Feedback.

7 Indemnification.

7.1 By Customer. Customer shall defend Asana, its Affiliates, and their employees, officers, and directors (together, the “Asana Indemnified Parties”) from and against third party claims, actions, and demands arising from allegations that Customer Data, unauthorized use of the Service by Customer or its End Users, or Asana’s processing of data pursuant to Customer’s instructions infringes a third party’s Intellectual Property Right or privacy right (each, a “Claim Against Asana”), and Customer shall indemnify and hold the Asana Indemnified Parties harmless against any damages, reasonable attorneys’ fees, and costs finally awarded against Asana Indemnified Parties as a result of, or for any amounts paid by the Asana Indemnified Parties under a Customer-approved settlement of, a Claim Against Asana.

7.2 By Asana. Asana shall defend Customer, its Affiliates, and their employees, officers, and directors (together the “Customer Indemnified Parties”) from and against third party claims, actions, and demands alleging that Customer’s authorized use of the Service infringes or misappropriates any copyright, trade secret, U.S. patent, or trademark right of that third party (each, a “Claim Against Customer”), and Asana shall indemnify and hold the Customer Indemnified Parties harmless against any damages, reasonable attorneys’ fees, and costs finally awarded against Customer Indemnified Parties as a result of, or for any amounts paid by the Customer Indemnified Parties under an Asana-approved settlement of, a Claim Against Customer; provided, however, in no event will Asana have any obligations or liability under this Section 7.2 to the extent a Claim Against Customer arises from: (a) Customer or any End User’s use of the Service other than as permitted under this Agreement; or (b) use of the Service in a modified form or in combination with products, services, content, or data not furnished to Customer by Asana.

7.3 Potential Infringement. If the Service becomes, or in Asana’s reasonable judgment is likely to become, the subject of a claim of infringement, then Asana may in its sole discretion: (a) obtain the right, at Asana’s expense, for Customer to continue using the Service; (b) provide a non-infringing functionally equivalent replacement; or (c) modify the Service so that it is no longer infringing. If Asana, in its sole and reasonable judgment, determines that none of the above options are commercially reasonable, then Asana may suspend or terminate Customer’s use of the Service, in which case Asana’s sole liability (in addition to its obligations under Section 7.2) shall be to provide Customer with a prorated refund of any prepaid, unused fees applicable to the remaining portion of the Subscription Term. Sections 7.2 and 7.3 state Asana’s sole liability and the Customer Indemnified Parties’ exclusive remedy for infringement claims.

7.4 Indemnification Process. The party seeking indemnification shall provide prompt notice to the indemnifying party concerning the existence of an indemnifiable claim and shall promptly provide the indemnifying party with all information and assistance reasonably requested and otherwise cooperate fully with the indemnifying party in defending the claim. Failure to give prompt notice shall not constitute a waiver of a party’s right to indemnification and shall affect the indemnifying party’s obligations under this Agreement only to the extent that the indemnifying party’s rights are materially prejudiced by such failure or delay. The indemnifying party shall have full control and authority over the defense of any claim; provided, however, that any settlement requiring the party seeking indemnification to admit liability or make any financial payment shall require such party’s prior written consent, not to be unreasonably withheld or delayed.

8 Liability.

8.1 Limitation of Liability. EXCEPT FOR A PARTY’S INDEMNIFICATION OBLIGATIONS UNDER SECTION 7 (“INDEMNIFICATION”), IN NO EVENT SHALL EITHER PARTY’S OR ITS AFFILIATES’ AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT (WHETHER IN CONTRACT, TORT, NEGLIGENCE OR UNDER ANY OTHER THEORY OF LIABILITY) EXCEED THE TOTAL AMOUNT PAID OR PAYABLE BY CUSTOMER HEREUNDER IN THE 12 MONTHS IMMEDIATELY PRECEDING THE FIRST EVENT GIVING RISE TO LIABILITY.

8.2 Exclusion of Consequential and Related Damages. IN NO EVENT SHALL EITHER PARTY OR ITS AFFILIATES HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY LOST PROFITS, REVENUES, OR LOSS OF USE, OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY AND WHETHER OR NOT A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE. THE FOREGOING DISCLAIMER SHALL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.

8.3 The provisions of this Section 8 allocate the risks under this Agreement between the parties, and the parties have relied on these limitations in determining whether to enter into this Agreement.

9 Export Compliance. The Service may be subject to export laws and regulations of the United States and other jurisdictions. Customer represents that neither it nor any of its End Users are named on any U.S. government denied-party list. Customer shall not permit any End User to access or use any Service in a U.S.-embargoed country or region or in violation of any U.S. export law or regulation. Customer and its End Users shall not use the Service to export, re-export, transfer, or make available, whether directly or indirectly, any regulated item or information to anyone outside the U.S. in connection with this Agreement without first complying with all export control laws and regulations that may be imposed by the U.S. Government and any country or organization of nations within whose jurisdiction Customer operates or does business.

10 Use Outside the United States of America. The Service is controlled and operated by Asana from its offices in the United States of America. Except as explicitly set forth herein, Asana makes no representations that the Services are appropriate for use in other jurisdictions. Those who access or use the Service from other jurisdictions do so at their own risk and are responsible for compliance with local laws. Asana may offer services in other jurisdictions that are subject to different terms and conditions. In such instances, the terms and conditions governing those non-U.S. services shall take precedence over any conflicting provisions in this Agreement.

11 Miscellaneous.

11.1 Prior Versions. If you were an existing Customer prior to November 30, 2018, the prior version of this Agreement you agreed to when subscribing to the Service will continue to apply to you until you are otherwise notified in accordance with the terms of that agreement.

11.2 Governing Law; Venue. This Agreement and any disputes arising under it will be governed by the laws of the State of California without regard to its conflict of laws provisions, and each party consents to the personal jurisdiction and venue of the state or federal courts located in San Francisco, California. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded.

11.3 Informal Dispute Resolution and Arbitration. The parties agree that most disputes can be resolved without resort to litigation. The parties agree to use their best efforts to settle any dispute directly through consultation with each other before initiating a lawsuit or arbitration. If, after good faith negotiations the parties are unable to resolve the dispute, the parties agree that any and all disputes arising out of or in any way relating to this Agreement, including without limitation its existence, validity or termination, shall be resolved according to California law and exclusively by binding arbitration before a single arbitrator with the Judicial Arbitration and Mediation Service (JAMS) and pursuant to the then existing arbitration rules at JAMS. If the parties cannot agree upon selection of an arbitrator, then JAMS shall appoint an arbitrator experienced in the enterprise software industry. The place of the arbitration will be San Francisco, California unless otherwise agreed upon by the parties. The arbitration will be conducted in English. The arbitrator shall provide detailed written findings of fact and conclusions of law in support of any award. Judgment upon any such award may be enforced in any court of competent jurisdiction. The parties further agree that the arbitration shall be conducted in their individual capacities only and not as a class action or other representative action, and the parties expressly waive their right to file a class action or seek relief on a class basis. If any court or arbitrator determines that the class action waiver set forth herein is void or unenforceable for any reason or that an arbitration can proceed on a class basis, then the portions of Section 11.3 mandating arbitration shall be deemed null and void in its entirety and the parties shall be deemed to have not agreed to arbitrate disputes. Customer may opt out and not be bound by the arbitration and class action waiver provisions by sending written notice to Asana. The notice must be sent within thirty (30) days of the Effective Date of this Agreement between Customer and Asana. If Customer opts out of arbitration, Asana also will not be bound to arbitrate. Notwithstanding the foregoing, either party shall be entitled to seek injunctive relief as set forth in Section 5.3 (“Equitable Relief”) above and to stop unauthorized use of the Service or infringement of Intellectual Property Rights. Disputes, claims, or controversies concerning either party’s Intellectual Property Rights or claims of piracy or unauthorized use of the Service shall not be subject to arbitration. The parties further agree that the prevailing party in any action or proceeding to enforce any right or provisions under this Agreement, including any arbitration or court proceedings, will be entitled to recover its reasonable costs and attorneys’ fees.

11.4 Notice. Asana may give general notices related to the Service that are applicable to all customers by email, text, in-app notifications, or by posting them on the Asana website or through the Service and such electronic notices shall be deemed to satisfy any legal requirement that such notices be made in writing. Other notices must be sent via email, first class, airmail, or overnight courier to the addresses of the parties provided herein or via an Order Form and are deemed given when received. Notices to Asana must be sent to Asana Legal at legal@asana.com with a copy to Asana, Inc., 1550 Bryant Street, Suite 200, San Francisco, CA 94103, Attn: Legal Dept.

11.5 Publicity. Asana may include Customer’s name and logo in Asana’s online customer list and in print and electronic marketing materials.

11.6 Beta Access. Customer may be invited to participate in review and testing of pre-release versions of new and beneficial tools and Service enhancements which may be identified to Customer as “alpha,” “beta,” “preview,” “pre-release,” “early access,” or “evaluation” product or services (collectively, the “Beta Tests” and such pre-release functionality, the “Beta Product”). Customer acknowledges and understands that its participation in Beta Tests is not required and is at Customer’s own risk, and that Beta Products are made available on an “as is” basis without warranties (express or implied) of any kind, and may be discontinued or modified at any time. Beta Products are for evaluation and testing purposes, not for production use, not supported, not subject to availability or security obligations, and may be subject to additional terms. Asana shall have no liability for any harm or damage arising out of or in connection with Beta Products. The Beta Products, including without limitation Customer’s assessment of any Beta Product, are Confidential Information of Asana.

11.7 Relationship of the Parties. The parties are and shall be independent contractors with respect to all services provided under this Agreement. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties. There are no third-party beneficiaries to this Agreement. Without limiting this Section, a Customer’s End Users are not third-party beneficiaries to Customer’s rights under this Agreement.

11.8 Force Majeure. Asana shall not be liable for delayed or inadequate performance of its obligations hereunder to the extent caused by a condition that is beyond Asana’s reasonable control, including but not limited to natural disaster, civil disturbance, acts of terrorism or war, labor conditions, governmental actions, interruption or failure of the Internet or any utility service, failures in third-party hosting services, and denial of service attacks (each a “Force Majeure Event”). Asana shall be relieved from its obligations (or part thereof) as long as the Force Majeure Event lasts and hinders the performance of said obligations (or part thereof). Asana shall promptly notify Customer and make reasonable efforts to mitigate the effects of the Force Majeure Event.

11.9 Severability; No Waiver. In the event that any provision of this Agreement is found to be invalid or unenforceable pursuant to any judicial decree or decision, such provision shall be limited or eliminated to the minimum extent necessary so that this Agreement shall otherwise remain in full force and effect and remain enforceable between the parties. No waiver of any term of this Agreement shall be deemed a further or continuing waiver of such term or any other term, and a party’s failure to assert any right or provision under this Agreement shall not constitute a waiver of such right or provision.

11.10 Assignment. Neither this Agreement nor any of the rights and licenses granted under this Agreement may be transferred or assigned by either party without the other party’s express written consent (not to be unreasonably withheld or delayed); provided, however, that either party may assign this Agreement and all Order Forms under this Agreement upon written notice without the other party’s consent to an Affiliate or to its successor in interest in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets not involving a direct competitor of the non-assigning party. Any other attempt to transfer or assign this Agreement will be null and void. Subject to the foregoing, this Agreement shall bind and inure to the benefit of the parties, their respective successors, and permitted assigns.

11.11 U.S. Government Agencies. If Customer is a U.S. Government agency utilizing Asana’s Service in an official capacity, Customer’s use of the Service shall be subject to this Subscriber Agreement and the Amendment to Asana Subscriber Agreement Applicable to U.S. Government Customers.

11.12 Modifications. Asana may revise this Agreement from time to time by posting the modified version on its website. If, in Asana’s sole discretion, the modifications proposed are material, Asana shall provide Customer with notice in accordance with Section 11.4 at least twenty (20) days prior to the effective date of the modifications being made. By continuing to access or use the Service after the posted effective date of modifications to this Agreement, Customer agrees to be bound by the revised version of the Agreement.

11.13 Entire Agreement. This Agreement, including all attachments, exhibits, addendums, and any Order Form(s) hereunder, constitutes the entire agreement between the parties concerning the subject matter hereof and supersedes and replaces any prior or contemporaneous representations, understandings and agreements, whether written or oral, with respect to its subject matter. The parties are not relying and have not relied on any representations or warranties whatsoever regarding the subject matter of this agreement, express or implied, except for the representations and warranties set forth in this Agreement. To the extent of any conflict or inconsistency between the provisions of the Agreement and any Order Form, the Agreement shall prevail. Notwithstanding any language to the contrary therein, no terms or conditions stated in a Customer purchase order, vendor onboarding process, web portal, or any other Customer order documentation shall be incorporated into or form any part of this Agreement, and all such terms or conditions shall be null and void.

12 Definitions.

12.1 “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means either: (a) ownership or control of more than 50% of the voting interests of the subject entity; or (b) the power to direct or cause the direction of the management and policies of an entity, whether through ownership, by contract, or otherwise.

12.2 “Customer Data” means information submitted by an End User through the Service, including all associated messages, attachments, files, tasks, project names, team names, channels, conversations, and other similar content.

12.3 “Documentation” means Asana’s then-current online user guides, as updated from time to time, and made accessible from within the “Help” feature of the Service.

12.4 “End User” means an individual who is authorized by Customer to use the Service under Customer’s account. End Users may include, without limitation, Customer’s or its Affiliates’ employees, consultants, contractors and agents.

12.5 “Intellectual Property Rights” means unpatented inventions, patent applications, patents, design rights, copyrights, trademarks, service marks, trade names, domain name rights, mask work rights, know-how and other trade secret rights, and all other intellectual property rights, derivatives thereof, and forms of protection of a similar nature anywhere in the world.

12.6 “Improvements” means new features, functionality, enhancements, upgrades, error corrections and bug fixes to the Service made generally available by Asana at no additional charge.

12.7 “Order Form” means an ordering document or an online order set forth in the Service interface entered into between Customer and Asana (or Affiliates of either party) specifying the Service or Professional Services (if any) to be provided under this Agreement.

12.8 “Professional Services” means the customer success services provided by Asana, as specified in the applicable Order Form.

12.9 “Service” means Asana’s collaboration work management software as a service platform, including any Improvements, as described in the applicable Order Form.

12.10 “Subscription” means the access to the Service purchased by Customer on a per End User basis.

12.11 “Subscription Term” means the period identified in the Order Form during which Customer’s End Users are permitted to use or access the Service pursuant to the terms set forth in this Agreement.

Acceptable Use Policy

Last Updated: March 2, 2017

All users of the Asana Service are expected to comply with this Acceptable Use Policy.

Acceptable Use of the Service

1. Disruption of the Service. You may not:

   1. access, tamper with, or use non-public areas of the Service, Asana’s computer systems, or the technical delivery systems of Asana’s providers;
   2. probe, scan, or test the vulnerability of any system or network or breach or circumvent any security or authentication measure;
   3. access or search the Service by any means other than Asana’s publicly supported interfaces (for example, “scraping”);
   4. attempt to disrupt or overwhelm our infrastructure by intentionally imposing unreasonable requests or burdens on our resources (e.g. using “bots” or other automated systems to send requests to our servers at a rate beyond what could be sent by a human user during the same period of time)
   5. interfere with or disrupt the access of any user, host or network, including, without limitation, by sending a virus, overloading, flooding, spamming, mail-bombing the Service, or by scripting the creation of Content in such a manner as to interfere with or create an undue burden on the Service.

2. Misuse of the Service. You may not utilize the Service to carry out, promote or support:

   1. any unlawful or fraudulent activities;
   2. the impersonation of another person or entity or the misrepresentation of an affiliation with a person or entity in a manner that does or is intended to mislead, confuse, or deceive others;
   3. activities that are defamatory, libelous or threatening, constitute hate speech, harassment, or stalking;
   4. the publishing or posting other people’s private or personally identifiable information, such as credit card numbers, street address or Social Security/National Identity numbers, without their express authorization and permission;
   5. the sending unsolicited communications, promotions advertisements, or spam;
   6. the publishing of or linking to malicious content intended to damage or disrupt another user’s browser or computer; or
   7. promotion or advertisement of products or services other than your own without appropriate authorization.

3. Content Standards Within the Service. You may not post any Content on the Service that:

   1. violates of any applicable law, any third party’s intellectual property rights, or anyone’s right of privacy or publicity;
   2. is deceptive, fraudulent, illegal, obscene, pornographic (including child pornography, which, upon becoming aware of, we will remove and report to law enforcement, including the National Center for Missing and Exploited children), defamatory, libelous or threatening, constitutes hate speech, harassment, or stalking;
   3. contains viruses, bots, worms, or similar harmful materials; or
   4. contains any information that you do not have a right to make available under law or any contractual or fiduciary duty.

4. Violations of this Acceptable Use Policy. In addition to any other remedies that may be available to us, Asana reserves the right to immediately suspend or terminate your account or your access to the Service upon notice and without liability for Asana should you fail to abide by this Acceptable Use Policy. If you are a user of the Service under your employer or organization’s account, Asana reserves the right to notify your employer or organization of any violations of this Acceptable Use Policy.

5. Modifications. Asana may amend or modify this Acceptable Use Policy from time to time in its sole and reasonable discretion. We will post any such changes on our website. If you object to any such change(s), your sole recourse shall be to cease using the Service. Continued use of the Service following notice of any such changes shall constitute your acknowledgement and acceptance of such changes.
   
   

For questions about these or any Asana terms or policies, email us at terms-questions@asana.com.

Asana Cookies Policy

Effective Date: October 19, 2017

We use and allow certain other companies to use cookies, web beacons, and other similar technologies (collectively “Cookies”) on our Services. We do this to understand your use of our Services; improve your user experience and enable personalized features and content; optimize our advertisements and marketing; and to enable third-party advertising companies to assist us in serving ads specific to your interests across the Internet. You can find more information about Cookies at: www.allaboutcookies.org.

What are Cookies?

Cookies are text files containing small amounts of information which are downloaded to the browser that you use when you visit a site. The entity that places cookies on your browser can then read the information on that cookie that it set. Cookies are typically classified as either “session cookies” which do not stay on your device after you close your browser or “persistent cookies” which will usually remain on your device until you delete them or they expire. Different cookies are used to perform different functions:

• Essential Cookies: Some cookies are essential and enable you to move around the Services and use their features, such as accessing secure areas of the Services. Without these cookies, we cannot enable appropriate content based on the type of device you are using. Functionality Cookies: These cookies allow us to remember choices you make on our websites (such as your preferred language or the region you are in).
• Personalization Cookies: We also use cookies to change the way our Services behave or look in order to personalize your experience from information we infer from your behavior on our Services or information we may already know about you because, for example, you are a registered user. These cookies may be used to tailor the Services or the content, look and feel delivered to you on subsequent sessions to our Services. For example, if you personalize webpages, or use specific parts of the Services, a cookie helps our webpage server recall your specific information. When you next use the Services, the information you previously provided can be retrieved, so you can easily use the Services features that you previously chose.
• Analytics Cookies: We use our own cookies and/or third-party cookies and other identifiers (such as web beacons) to see how you use our Services in order to enhance their performance and develop them according to the preferences of our customers and visitors. For example, cookies and web beacons may be used to: maintain a consistent look and feel across our Services; track and provide trend analysis on how our users interact with our Services; track errors and measure the effectiveness of our promotional campaigns.
• Advertising Cookies: These cookies record your visit to our Services, your opening and review of our emails, the pages you have visited, and the links you have clicked. They gather information about your browsing habits and remember that you have visited a website. We or our service providers may use this information to make advertisements more relevant to you.
• Cross-Device Cookies: Sometimes, we may use cookies in combination with the information we collect — for instance, usernames, IP addresses and unique mobile device identifiers — to locate or try to locate the same unique users across multiple browsers or devices (such as smartphones or tablets), or work with service providers that do this, in order to save your preferences across devices and analyze usage of the Services.

Third-Party Cookies

Please note that third parties (including for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies on our Services. We used trusted partners like DoubleClick and Google AdWords to help us service advertising. We also use Google Analytics on our Services to help us analyze how our Services are used. Google Analytics uses performance cookies to track visitor interactions. For example, by using cookies, Google can tell us which pages our users view, which are most popular, what time of day our websites are visited, whether visitors have been to our websites before, what website referred the visitor to our websites, and other similar information.
We have little control over these “third party” cookies, so we suggest that you check the respective privacy policies for these external services to help you understand what data these organizations hold about you and what they do with it.

• DoubleClick: http://www.google.com/policies/technologies/ads/
• Facebook: https://www.facebook.com/policy.php
• Google AdWords: https://support.google.com/adwords/answer/2549116?hl=en
• Google Analytics: http://www.google.com/analytics/learn/privacy.html
• Google Tag Manager: https://www.google.com/analytics/tag-manager/faq/
• Google+: https://www.google.com/policies/privacy/
• Twitter: https://twitter.com/privacy?lang=en
• YouTube: https://www.youtube.com/static?template=privacy_guidelines

Web Beacons

We may also use electronic images known as web beacons on our Services - sometimes called “clear GIFs”, “single-pixel GIFs”, or “web bugs”. Web beacons are used to deliver cookies on our Services, count clicks/users/visitors, and deliver co-branded content or services. We may include web beacons in our promotional e-mail messages or newsletters to determine whether messages have been opened and acted upon. Our Services may also contain web beacons from third parties to help us compile aggregated statistics regarding the effectiveness of our promotional campaigns or other website operations. These web beacons may allow the third parties to set or read cookies on your device.

Controlling Cookies

There are a number of ways you can manage what cookies are set on you devices. Essential cookies, however, cannot be disabled. If you do not allow certain cookies to be installed, the Services may not be accessible to you and/or the performance, features, or Services of the website may be compromised.

1. Advertising Cookies

If you would like to disable advertising cookies, you can visit http://www.youronlinechoices.com. If you choose to turn off these cookies you will still see advertising on the internet but it may not be tailored to your interests. It does not mean that you won’t be served any advertisements while online. You can also manage this type of cookie in the privacy settings on the web browser you are using. Please see below for more information.

2. Browser Settings

You can disable and/or delete most types of cookies by using your browser settings. Please note that if you use your browser settings to block all cookies you may not be able to access parts of our or others’ services. The following links provide information on how to modify the cookies settings on some popular browsers:

• Apple Safari http://support.apple.com/kb/PH5042
• Google Chrome https://support.google.com/chrome/bin/answer.py?hl=en&answer=95647&p=cpn_cookies
• Microsoft Internet Explorer http://windows.microsoft.com/en-US/windows7/How-to-manage-cookies-in-Internet-Explorer-9
• Mozilla Firefox http://support.mozilla.org/en-US/kb/Cookies

3. Cross-Device Cookies

If you wish to opt out of our ability to track you across devices, you may install the Google Analytics Opt-out Browser Add-on by clicking here.

Do Not Track Signals

There is no uniform or consistent standard or definition for responding to, processing, or communicating Do Not Track signals. At this time the Services do not function differently based a user’s Do Not Track signal. For more information on Do Not Track signals, see All About Do Not Track.

More Information

If you have any questions about how we use cookies, you can contact us at terms-questions@asana.com.

DMCA Policy

We respect artist and content owner rights and we expect our users to do the same. It is our policy to respond to claims of infringement in compliance with the Digital Millennium Copyright Act of 1998 (“DMCA”). If you are a copyright owner, or authorized on behalf of one, and you believe that the copyrighted work has been copied in a way that constitutes copyright infringement that is taking place through the Service, please complete the following DMCA Notice and deliver it to our Designated DMCA Agent at the contact information provided below.

You must provide the following information in writing in your DMCA Notice:

1. Identify the copyrighted work that you claim has been infringed;
2. Identify the material that is claimed to be infringing and where it is located on the Service;
3. Provide reasonably sufficient information to permit us to contact you, such as your address, telephone number, and, e-mail address;
4. Provide a statement that you have a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or law;
5. Provide a statement, made under penalty of perjury, that the above information is accurate, and that you are the copyright owner or are authorized to act on behalf of the owner; and
6. Provide an electronic or physical signature of a person authorized to act on behalf of the copyright owner;

Deliver the DMCA Notice, with the above information completed, to our Designated DMCA Agent at:

UNDER FEDERAL LAW, IF YOU KNOWINGLY MISREPRESENT THAT ONLINE MATERIAL IS INFRINGING, YOU MAY BE SUBJECT TO CRIMINAL PROSECUTION FOR PERJURY AND CIVIL PENALTIES, INCLUDING MONETARY DAMAGES, COURT COSTS, AND ATTORNEYS’ FEES.

Please be aware that this procedure is only for notifying us that your copyrighted material has been infringed. The preceding requirements are intended to comply with our rights and obligations under the DMCA, including 17 U.S.C. §512(c), but do not constitute legal advice.

In accordance with the DMCA and other applicable law, we have adopted a policy of terminating, in appropriate circumstances, users who are deemed to be repeat infringers. We may also limit access to the Service and/or terminate the accounts of any users who infringe any intellectual property rights of others, whether or not there is any repeat infringement.

For questions about these or any Asana terms or policies, email us at terms-questions@asana.com.

Asana API Terms and Conditions

Last Updated: May 1, 2019

Thank you for using the Asana Application Programming Interfaces (the “Asana APIs”). These API Terms and Conditions (the “API Terms”), together with the Asana Terms of Service, form a binding contract between you, or the company or legal entity that you represent, and Asana. As used in these API Terms, “we,” “our” and “us” refers to Asana, and “you,” and “your,” refers to the individual, company or legal entity that you represent.

By agreeing to these API Terms, you agree to abide by these API Terms and any and all guidelines or other documentation provided by Asana for use in connection with the Asana APIs (the “API Documentation”). In the event of any inconsistency between these API Terms and the Terms of Service, these API Terms shall control.

Some of these API Terms apply to your own use of the Asana APIs to develop, test, and support Your Application, while others apply to your access and use of the Asana APIs to receive, modify, use, and display User Content from the Asana Service in Your Application or to distribute Your Application to end users and allow such end users to access your integration of the Asana APIs within Your Application. Not all of the provisions of these API Terms may apply to your specific use of the Asana APIs in each instance.

If you are accepting these API Terms on behalf of a company or other legal entity, you represent and warrant that you have the legal authority to bind such entity to these API Terms.

1. License Grants and Restrictions.
   1. API License Grant. Subject to your compliance with these API Terms, we grant you a non-exclusive, revocable, non-transferable and non-sublicensable license to (i) access and use the Asana APIs and API Documentation to receive, modify, use, and display user content (the “User Content”) from the Asana service (the “Asana Service”) in your website or native application for mobile devices (“Your Application”) subject to the permissions of the relevant users’ accounts; (ii) use the Asana APIs, API Documentation, or User Content to develop, test, and support Your Application, and (iii) distribute Your Application to end users and to allow such end users to access your integration of the Asana APIs within Your Application. You may not use the Asana APIs for any other purpose without Asana’s prior written consent. If you are integrating the Asana APIs in Your App, you may charge for Your Application; however, you may not sell, rent, lease, sublicense, redistribute, or syndicate access to the Asana APIs.
   2. Trademark License Grant. Subject to your compliance with these API Terms, we grant you a non-exclusive, revocable, non-transferable and non-sublicensable license to reproduce and display the Asana name and logo (the “Asana Marks”) in accordance with the Asana Trademark Guidelines and solely to promote or advertise your integration of the Asana APIs in Your Application.
   3. All of our rights not expressly granted by these API Terms are hereby retained.
   4. In connection with your use of the Asana APIs, you must:
      1. Obtain the explicit consent of the user before collecting, using, posting, or sharing any User Content obtained through the Asana APIs on a user’s behalf. Mere authorization of your application by the user does not constitute consent.
      2. Comply with the Asana Terms of Service
      3. Comply with any requirements or restrictions imposed on usage of User Content by the owner of such content. Although the Asana APIs can be used to provide you with access to User Content, neither Asana’s provision of the Asana APIs to you nor your use of the Asana APIs overrides any requirements or restrictions placed on such User Content by the user or a third party with a legal interest in the User Content.
      4. Maintain a user agreement and privacy policy for Your Application, which is prominently identified or located where users download or access Your Application. Your privacy policy must meet applicable legal standards and describe the collection, use, storage and sharing of data in clear, understandable and accurate terms. You must promptly notify us in writing via email to terms-questions@asana.com of any breaches of your user agreement or privacy policy that impact or may impact users of the Asana APIs, the Service, or the Website.
      5. Obtain the consent of a user prior to deleting or destroying any of the content associated with their Asana account.
      6. Provide attribution to Asana as the source of data in accordance with the following guidelines:
         1. Display an Asana Mark so it is clear to the user that the data is from Asana.
         2. Link the logo in such Asana Mark to https://asana.com.
         3. Comply at all times with trademark guidelines provided by Asana when using or displaying the Asana Marks.
   5. You (and Your App) May Not:
      1. Access, store, or share User Content to which the user has not granted you explicit access rights, or user’s login credentials.
      2. Make requests that exceed our rate limits or use the Asana APIs in a manner that impacts the stability of Asana’s servers or impacts the behavior of other applications using the Asana APIs.
      3. Engage in any activity that (i) compromises, breaks, or circumvents any of our technical processes or security measures associated with the Asana APIs, the Service, or the Website or (ii) poses a security vulnerability to other users.
      4. Use “nofollow” tags on your links to Asana. All links back to Asana should be followable.
      5. Request or publish information impersonating an Asana user or misrepresent any user or other third party in requesting or publishing information.
      6. Create or disclose metrics about, or perform any statistical analysis of, the Asana APIs.
      7. Display Asana’s Marks or User Content in a manner that could reasonably imply an endorsement, relationship or affiliation with or sponsorship between you or a third party and Asana, other than your permitted use of the Asana APIs under these API terms.
      8. Display the User Content on any site that disparages Asana or its products or services, or infringes any Asana intellectual property or other rights.
      9. Copy, sell, rent, lease, transfer, assign, sublicense, disassemble, reverse engineer or decompile (except to the limited extent expressly authorized under applicable statutory law), modify or alter any part of the Asana APIs.
      10. Sell, rent, lease, share, transfer, assign, or sublicense any User Content or other information or data obtained through the Asana APIs, directly or indirectly, to or with any third party, including any data broker, ad network, ad exchange, or other advertising or monetization-related party.
      11. Use the User Content in any advertisements or for purposes of targeting advertisements (whether such advertisements appear in Your Application or elsewhere).
      12. Attempt to cloak or conceal your identity or your application’s identity when requesting authorization to use the Asana APIs.
      13. Use the Asana APIs for any application that constitutes, promotes or is used primarily for the purpose of dealing in: 1. spyware or any other malicious programs or code; 2. activities that violate any law or regulation, or any rights of any person, including but not limited to intellectual property rights; 3. activities that, in Asana’s sole judgment, are offensive or might harm Asana’s business or its reputation.
      14. Access the Asana APIs or API Documentation in order to replicate or compete with the Asana APIs, the Service, or the Website.
2. Usage Limitations. Asana may limit the maximum User Content that may be accessed, the rate at which such User Content may be accessed, and/or the number of network calls that Your Application may make via the Asana APIs. Asana may change such usage limits at any time, and/or may utilize technical measures to prevent over-usage and/or stop usage of the Asana APIs by an application after any usage limitations are exceeded.
3. Fees and Payment. The Asana APIs are currently provided for free, but Asana reserves the right to charge fees for the future use of or access to the Asana APIs. If we do charge a fee for use of the Asana APIs, we will provide you with reasonable notice and you can stop using the Asana APIs at any time.
4. Suspension and Termination. Your license to utilize the Asana APIs and the Asana Marks shall continue until it is terminated by either party as set forth herein. You may terminate this license at any time by discontinuing use of the Asana APIs. Asana may suspend or terminate your right and license to use all or any of the Asana APIs or the API Documentation at any time, with or without cause, and without notice to you. Upon termination of your license for any reason, you shall destroy and remove from all computers, hard drives, networks, and other storage media all copies of User Content and Asana Marks.
5. Disclaimer of Any Warranty. Asana does not represent or warrant that any Asana APIs are free of inaccuracies, errors, bugs or interruptions, or are reliable, accurate, complete or otherwise valid. THE ASANA APIs ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITH NO WARRANTY OF ANY KIND AND ASANA EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES AND CONDITIONS, INCLUDING, BUT NOT LIMITED TO, ANY AND ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AVAILABILITY, SECURITY, TITLE AND/OR NON-INFRINGEMENT. WE DO NOT WARRANT THAT THE ASANA APIs WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE. YOUR USE OF THE ASANA APIs IS AT YOUR OWN DISCRETION AND RISK, AND YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE THAT RESULTS FROM THE USE OF ANY ASANA APIs INCLUDING, BUT NOT LIMITED TO, ANY DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS OF DATA.
6. Limitation of Liability. ASANA SHALL NOT, UNDER ANY CIRCUMSTANCES, BE LIABLE TO YOU FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL OR EXEMPLARY DAMAGES ARISING OUT OF OR IN CONNECTION WITH USE OF THE ASANA APIs, WHETHER BASED ON BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE, PRODUCT LIABILITY OR OTHERWISE), OR ANY OTHER PECUNIARY LOSS, WHETHER OR NOT ASANA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT WILL OUR AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE API TERMS (WHETHER IN CONTRACT OR TORT OR UNDER ANY OTHER THEORY OF LIABILITY) EXCEED $100. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES OR THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES. ACCORDINGLY, SOME OF THE LIMITATIONS IN SECTIONS 5-7 MAY NOT APPLY TO YOU. IF YOU ARE A NEW JERSEY RESIDENT, OR A RESIDENT OF ANOTHER STATE THAT PERMITS THE EXCLUSION OF THESE WARRANTIES AND LIABILITIES, THEN THE ABOVE LIMITATIONS SPECIFICALLY DO APPLY TO YOU.
7. Release and Waiver. To the maximum extent permitted by applicable law, you hereby release and waive all claims against Asana, and its subsidiaries, affiliates, officers, agents, licensors, co-branders or other partners, and employees from any and all liability for claims, damages (actual and/or consequential), costs and expenses (including litigation costs and attorneys’ fees) of every kind and nature, arising from or in any way related to your use of the Asana APIs, the User Content or the Asana Marks. If you are a California resident, you waive your rights under California Civil Code 1542, which states, “A general release does not extend to claims which the creditor does not know or suspect to exist in his favor at the time of executing the release, which if known by him must have materially affected his settlement with the debtor.” You understand that any fact relating to any matter covered by this release may be found to be other than now believed to be true and you accept and assume the risk of such possible differences in fact. In addition, you expressly waive and relinquish any and all rights and benefits that you may have under any other state or federal statute or common law principle of similar effect, to the fullest extent permitted by law.
8. Indemnification. To the maximum extent permitted by applicable law, you agree to indemnify and hold harmless Asana and its subsidiaries, affiliates, officers, agents, licensors, co-branders or other partners, and employees from any and all third party claims arising from or in any way related to your use of the Asana APIs, including any liability or expense arising from all claims, losses, damages, liabilities, costs and fees (including reasonable attorneys’ fees) of every kind and nature. Notwithstanding anything contained in the preceding sentence, (a) we will always be free to choose our own counsel if we pay for the cost of such counsel; and (b) no settlement may be entered into by you, without our express written consent (such consent not to be unreasonably withheld), if: (i) the third party asserting the claim is a government agency, (ii) the settlement arguably involves the making of admissions, (iii) the settlement does not include a full release of liability, or (iv) the settlement includes terms other than a full release of liability and the payment of money.
9. Remedies. You acknowledge that your breach of these API terms may cause irreparable harm to Asana, the extent of which would be difficult to ascertain. Accordingly, you agree that, in addition to any other remedies to which Asana may be legally entitled, Asana shall have the right to seek immediate injunctive relief in the event of a breach of these API terms by you or any of your officers, employees, consultants or other agents.
10. General Terms.
    1. Publicity. You grant us the right to use your company name and logo as a reference for marketing or promotional purposes on our website and in other public or private communications with our existing or potential developers and customers, subject to your standard trademark usage guidelines as provided to us from time-to-time.
    2. Relationship of the Parties. You and Asana are independent contractors and these API Terms do not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties. You shall not have any authority to assume or create any obligation for or on behalf of Asana, express or implied, and you shall not attempt to bind Asana to any contract without its express consent.
    3. Severability. If any provision of these API Terms is found by a court of competent jurisdiction to be invalid, the parties nevertheless agree that the court should endeavor to give effect to the parties’ intentions as reflected in the provision and that the other provisions remain in full force and effect.
    4. Governing Law. These API Terms and the relationship between you and Asana shall be governed by the laws of the State of California without regard to its conflict of law provisions. You and Asana agree to submit to the personal jurisdiction of the courts located within the city and county of San Francisco, CA.
    5. No Waiver. Asana’s failure to exercise or enforce any right or provision of these API Terms shall not constitute a waiver of such right or provision.
    6. Survival. Sections 1.3, 4, 5, 6, 7, 8, and all of the subsections of Section 10 will survive any termination or expiration of the API Terms.
    7. Entire Agreement. These API Terms, together with the Asana Terms of Service, constitute the entire agreement between the parties and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. In the event of any inconsistency between these API Terms and the Asana Terms of Service, these API Terms shall control.

For questions about these or any Asana terms or policies, email us at terms-questions@asana.com.

Law Enforcement Data Request Guidelines

These guidelines are intended to provide law enforcement authorities with information regarding the process for requesting records from Asana. So that we can ensure compliance with our user Terms of Service and Privacy Policy, we respond only to law enforcement requests that adhere to established legal process and applicable law.

1. U.S. Legal Process Requirements. We disclose user information solely in accordance with our published Terms of Service and applicable U.S. law, including the federal Stored Communications Act (“SCA”), 18 U.S.C. Sections 2701-2712. In accordance with U.S. law:
   1. A jurisdictionally valid subpoena, issued in connection with an official criminal investigation, is required to compel the disclosure of basic user records, which may include name, length of service, credit card information (including billing address), email address(es), and an IP address, if available.
   2. A court order is required to compel the disclosure of certain records or other information related to a user account (not including contents of communications), which may include message headers and IP addresses, in addition to the basic user records identified above.
   3. A search warrant properly issued under the procedures described in the Federal Rules of Criminal Procedure or equivalent state warrant procedures, based on a showing of probable cause, is required to compel the disclosure of the stored contents of any account, which may include messages, attachments, or other content of communications within a user’s account.
2. International Legal Requirements. In the case of requests from law enforcement outside of the U.S., a Mutual Legal Assistance Treaty (MLAT) request or letter rogatory may be required to compel the disclosure of the contents of an account.
3. Account Preservation Requests. We will take reasonable steps to preserve account records in connection with official criminal investigations for a period of 90 days pending our receipt of a formal legal request for user data. You may request the preservation of records via email, fax or mail as indicated below.
4. Information Required in Connection With Your Request.
   4. Your Contact Information.
      1. Requesting Agency’s name
      2. Requesting Agent’s name
      3. Requesting Agent’s badge/identification number
      4. Requesting Agent’s Agency-issued Email address
      5. Requesting Agent’s telephone number, including extension
      6. Requesting Agent’s mailing address (PO Box not acceptable)
      7. Requested response date (please allow at least 3 weeks for processing)
   5. Data Request Information
      8. Full (first and last) name of the Asana User
      9. Email address(es) associated with the User’s account
      10. A clear and specific description of the data being requested (we will be unable to process overly broad or vague requests)
5. Data Availability. We will search for and disclose data that is specified with particularity in an appropriate form of legal process and which we are reasonably able to locate and retrieve.
6. User Notification. Asana’s policy is to notify users of requests for their information, which includes a copy of the request, prior to disclosure so that they may have an opportunity to challenge such request unless: (a) we are prohibited from doing so by law or court order; (b) there are exceptional circumstances, such as an emergency involving the risk of bodily injury or death to a person or group of people or potential harm to minors; or (c) prior notice would be counterproductive (for example, if we believe that the account in question has been hijacked). Law enforcement officials who believe that notification would jeopardize an investigation should obtain a proper court order or other appropriate process establishing that notice is prohibited. Please note that Officer authored affidavits, cover letters or similar statements are not sufficient to preclude notice to our users. Please note that in situations where a data request draws attention to an ongoing violation of our Terms of Service we may, in order to protect our service and its Users, take action to prevent any further abuse, including actions that could notify the User(s) who are the subject of your data request that we are aware of their misconduct.
7. Submitting Your Request. A data request may be served by fax to (415) 484-7702, by certified mail, express courier, or in person at our corporate headquarters at the following address: Asana, Inc., 1550 Bryant Street, 8th Floor, San Francisco, CA 94103

For questions about these or any Asana terms or policies, email us at terms-questions@asana.com.

Amendment to Asana Subscriber Agreement

Applicable to U.S. Government Customers

Last Updated: May 29, 2015

This is a supplemental agreement (“Amendment”) between Asana and U.S. Government customers (the “Customer” or the “Agency”) and applies to the Agency’s use of Asana’s collaborative workplace management service (the “Service”) under Asana’s Premium Subscriber Agreement (the “Subscriber Agreement”).

The reason for this Amendment is that the Customer, a U.S. Government instrumentality, is obligated to follow federal laws, regulations, and practices, among which are those relating to ethics, advertising and endorsements, tax exemption and immunity, limitations on indemnification, fiscal law constraints, governing law and jurisdiction, dispute resolution, and assignment of contracts.

Asana and Agency (the “Parties”) agree that modifications to the Subscriber Agreement available at #subscriber-agreement are appropriate to accommodate the Agency’s legal status, its public mission, and other special circumstances. Therefore, the Subscriber Agreement is modified by this Amendment as follows.

A. Government entity: As it relates to the Agency’s usage of the Service, the word “Customer” in the Subscriber Agreement shall mean the Agency itself and shall not apply to, nor bind (i) the individual(s) who utilize the Asana Service on the Agency’s behalf, or (ii) any individual users who happen to be employed by, or otherwise associated with, the Agency. Asana will look solely to the Agency to enforce any violation or breach of the Subscriber Agreement by such individuals, subject to federal law.

B. Advertisements: Asana agrees not to serve or display any third-party commercial advertisements or solicitations on any pages within the Asana site that display content uploaded by or under the control of the Agency.

C. Taxes: With reference to Section 5 of the Subscriber Agreement, the Parties understand that the Federal Acquisition Regulation (FAR) 29.302 (48 CFR, Chapter 1, Part 29, Subpart 29.302 – Application of State and local taxes to the Government) states that “Generally, purchases and leases made by the Federal Government are immune from State and local taxation.” Therefore, Asana will include no tax in Agency billings unless the tax has been determined by the Agency to be proper for payment.

D. Indemnification, Liability, Statute of Limitations: Any provisions in the Subscriber Agreement related to indemnification by the customer, damages, attorneys fees, filing deadlines, defense of lawsuits, collection expenses, and settlement are hereby waived. Liability of either party for any breach of the Subscriber Agreement as modified by this Amendment, or any claim, demand, suit or proceeding arising from the Subscriber Agreement or this Amendment, shall be determined under the Federal Tort Claims Act, Contract Disputes Act, or other governing federal authority. Federal Statute of Limitations provisions shall apply to any claim, demand, suit or proceeding arising from the Subscriber Agreement or this Amendment.

E. Governing law and Forum: The Subscriber Agreement and this Amendment shall be governed by, and interpreted and enforced in accordance with, applicable federal laws of the United States of America without reference to conflict of laws. To the extent permitted by federal law, the laws of the State of California including its choice of law rules will apply in the absence of applicable federal law. Any arbitration, mediation or other dispute resolution provision in the Subscriber Agreement is hereby waived. The forum for purposes of resolving claims and disputes will be determined in accordance with federal law.

F. No automatic renewal: With respect to Section 5 of the Subscriber Agreement, Asana agrees to waive the provision allowing Asana to automatically charge the Agency upon a renewal date associated with Customer’s account. Asana agrees to remove the auto-renew default setting for any Agency whose account details page designates an email address that ends in .gov, .mil, or .fed.us. Instead, Asana will notify the Agency to allow the Agency to determine if funds are available and if the Service will be needed for a renewal period.

G. Continuity of service during dispute: With respect to Section 6 of the Subscriber Agreement, Asana agrees to waive the language that would otherwise permit Asana to terminate the Premium Subscription contract in the event of an alleged breach of the Agreement by the Agency. Instead, recourse against the United States for any alleged breach of the Agreement must be made under the terms of the Federal Tort Claims Act or as a dispute under the Contract Disputes Act, as applicable. During the resolution of the dispute the Contractor, Asana, shall proceed diligently with performance of the contract, pending final resolution of any request for relief, claim, appeal, or action arising under the contract, and comply with any decision of the Agency Contracting Officer.

H. Limitation of liability: The Parties agree that nothing in the limitation of liability provision in Section 10 or elsewhere in the Subscriber Agreement in any way grants Asana a waiver from, release of, or limitation of, liability pertaining to any past, current or future violation of federal law.

I. No endorsement: With reference to Section 4(d) of the Subscriber Agreement, Asana agrees that the Agency’s name, seals, logos, trademarks, service marks, trade names, and the fact that the Agency has a presence on the Asana site and uses its Services, shall not be used by Asana in such a manner as to state or imply (in the judgment of a reasonable person) that Asana’s products or services are endorsed, sponsored or recommended by the Agency or by any other element of the Federal Government, or are considered by the Agency or the Federal Government to be superior to any other products or services. Except for pages whose design and content is under the control of the Agency, Asana agrees not to display any Agency or Government names, seals, trademarks, logos, service marks, and trade names on Asana’s homepage or elsewhere on the Asana Site unless permission to do so has been granted by the Agency or by other relevant federal government authority. Asana may list the Agency’s name in a publicly available customer list on its homepage or elsewhere so long as the name is not displayed in a more prominent fashion than that of any other third-party customer.

J. Assignment: As indicated in Section 11(e) of the Subscriber Agreement, neither party may assign its obligations under the Subscriber Agreement as modified by this Amendment to any third party without prior written consent of the other. However, if Agency is using Asana’s free services only, Asana or its subsidiaries may, without the Agency’s consent, assign the Subscriber Agreement as modified by this Amendment to an affiliate or to a successor or acquirer, as the case may be, in connection with a merger, acquisition, corporate reorganization or consolidation, or the sale of all or substantially all of its assets. Any transfer of Asana assets related to the Agency’s paid subscription contract requires review and consent by the Agency, under the procedures found in the FAR Subpart 42.13 (48 CFR Chapter 1, Part 42, Subpart 42.12 - Novation).

K. Precedence; Further Amendments: If there is any conflict between this Amendment and the Subscriber Agreement, or between this Amendment and other terms, rules or policies on the Asana site or related to its Service, this Amendment shall prevail. This Amendment constitutes a mutually agreed upon amendment to the Subscriber Agreement; language in the Subscriber Agreement in Section 11(e) indicating it alone is the entire agreement between the Parties is waived. Any further amendment must be agreed to in writing by both Parties.

L. Posting of Amendment: This Amendment shall be posted with the Asana’s online Subscriber Agreement either by incorporation of its text or via an integral link.

Asana Subprocessors

Last Updated: July 15, 2019

In connection with our provision of the Services, Asana and its affiliates may engage third parties (each a “Subprocessor”) to process your Personal Data. In certain circumstances an affiliate of Asana may even be a Subprocessor. As a condition of permitting a Subprocessor to process your Personal Data, Asana (and its affiliates as applicable) will enter into a written agreement with each Subprocessor containing data protection obligations at least as protective as the technical and organizational measures Asana has put into place to protect your Personal Data from accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access. All terms capitalized above, but not defined have the meaning set forth in Asana’s User Terms of Service, Privacy Policy, and/or your applicable customer agreement with Asana.

Asana Affiliates

Data Processing Addendum

Download Download the Data Processing Addendum [PDF]

Asana’s Commitment to GDPR Compliance

The General Data Protection Regulation (“GDPR”) is a European law establishing protections for the personal data of EU residents that came into force on May 25, 2018. Under the GDPR, organizations that collect, maintain, use, or otherwise process EU residents’ personal data (regardless of the organization’s location) must implement certain privacy and security safeguards for that data. Asana has established a comprehensive GDPR compliance program and is committed to partnering with its customers and vendors on GDPR compliance efforts. Some significant steps Asana has taken to align its practices with the GDPR include:

• Revisions to our policies and contracts with our partners, vendors, and users
• Enhancements to our security practices and procedures
• Closely reviewing and mapping the data we collect, use, and share
• Creating more robust internal privacy and security documentation
• Training employees on GDPR requirements and privacy/security best practices generally
• Carefully evaluating and building a data subject rights’ policy and response process Below, we provide additional details about the core areas of Asana’s GDPR compliance program and how customers can use Asana to support their own GDPR compliance initiatives.

Data Processing Agreements

Under the GDPR, “data controllers” (i.e. entities that determine the purposes and means of processing data) are required to enter into agreements with other entities that process data on their behalf (called “data processors”). Asana offers its customers who are controllers of EU personal data the option to enter into a robust data processing agreement under which Asana commits to process and safeguard personal data in accordance with GDPR requirements. This includes Asana’s commitment to process personal data consistent with the instructions of the data controller.

International Data Transfers

As with prior EU data protection laws, the GDPR requires organizations to use a recognized legal mechanism to transfer data from the EU to other countries that do not have a similar data protection framework, including the United States. To comply with this requirement, Asana is certified under the EU-US Privacy Shield framework, which requires it to maintain certain safeguards for personal data transferred to the United States. Additionally, Asana offers customers who are data controllers of EU personal data the option to enter into EU Model Contractual Clauses with us upon request.

Data Access, Management, and Portability Tools

The GDPR gives individual data subjects in certain circumstances the rights to, among other things, access, delete, and make corrections to their data. Asana is committed to facilitating data subject requests consistent with the GDPR, as further described in our Privacy Policy.

Privacy Documentation

At its core, the GDPR is focused on transparency, fairness, and accountability. Accordingly, the law requires organizations to maintain documentation about their privacy practices and their decisions about how they handle individuals’ personal data. Asana shares the GDPR’s commitment to these principles, and has included within its ongoing GDPR compliance program documentation about its data collection and processing activities, and the various policies and guidelines it follows pursuant to the GDPR. You can learn more about how Asana collects, uses, and discloses personal data by visiting Asana’s Privacy Policy.

Data Security

The GDPR requires organizations to use appropriate technical and organizational measures to protect the security, confidentiality, and integrity of personal data. Security continues to be a priority for Asana: we are now SOC 2 Type 1 certified (read more about our certification here) and have implemented a variety of safeguards to protect the security of our platform, including encrypting web connections to protect data transmissions, replicating our databases to support reliability of the platform, and controlling access to our facilities and office network. Asana also offers customers the ability to use additional security controls to further enhance the security of their teams’ data. For more information, please see our Security Statement.

Ongoing Compliance and Communication

The GDPR’s requirements are comprehensive, but the law and regulatory guidance will evolve. As data protection authorities in Europe interpret the GDPR’s requirements and issue guidance, we will continue to follow these developments closely and evaluate our program for any changes or enhancements as needed. We value communication with our customers. If you have any questions about our GDPR compliance efforts, or if you are a data controller customer with questions about how we can help support your own GDPR compliance efforts, please contact us at privacy@asana.com.

Related Resources

• Asana Security Statement
• Asana Privacy Policy
• Asana User Terms of Service
• Asana Data Processing Addendum
• Asana EU-US and Swiss-US Privacy Shield Certification
• Full Text of the GDPR