Introducing Asana AI Studio: Build workflows with AI agents to pass off your busywork. Learn more
More than 100,000 of the world's most innovative enterprises trust Asana to keep their data safe.
More than 85% of Fortune 100 companies use Asana*
Asana covers these essential needs, so teams can succeed with peace of mind.
Data protection is key to support teams’ success, so we incorporate security into our product and operations.
We invest in our infrastructure to support deployments of 100 or 100,000 and beyond.
We're committed to protecting your privacy through our product, infrastructure, and data governance.
We adhere to global, regional, and industry regulations to help you meet compliance standards.
Asana takes a security-by-design approach to protecting your data. We build our platform using best practices for highly available, scalable, and secure cloud applications.
Asana’s infrastructure is designed with layers of protection to help ensure your data is secure while transmitted, stored, or processed. Protections include encryption, least privilege access, secure software development, and a public bug bounty program.
Our information security team continuously implements new security controls and monitors Asana for malicious activity across physical data centers, networks, and IT devices.
Asana provides a robust set of in-product data protection and admin controls for greater visibility and control over your data. Enterprise admins can securely deploy Asana to their organizations with two-factor authentication, SSO, SAML 2.0, and data controls for the mobile app.
Increase data protection and help meet your organization's most critical compliance needs. Get alerts when sensitive data is added to Asana, pull data into your archiving solution, and extract data for litigation and investigations.
We offer full transparency into system status and performance.
Asana offers 24/7 priority support and a 99.9% uptime commitment to Enterprise customers, and provides transparency into real-time and historical platform status.
Asana’s infrastructure investments provide daily backups, regional backups, and recovery procedures for restoring services in the event of unavoidable failures.
We have a comprehensive privacy compliance program that aligns our practices with regulations such as the General Data Protection Regulation and California Consumer Privacy Act.
Asana provides in-product admin controls, both user and object-level permissions, and the ability to define which third-party applications are accessible to your team.
Asana allows customers to export and delete data at the organization level and automate full-domain exports through our API.
Gain more control over your data and help meet your organization’s most critical compliance needs by using your own encryption key on your Asana data.
Asana adheres to global privacy laws and security standards with measures in place to help you meet your compliance obligations.
Security, availability, and confidentiality trust services criteria
Overview of Service Organization Controls
Data protection and data subject rights for EU residents
Compliant with relevant US state privacy laws in California, Colorado, Virginia, and more
Global standard for information security management systems
Code of practice for information security controls for cloud services
Code of practice for protecting personally identifiable information (PII)
Privacy information management standard supporting compliance with global privacy laws
Cloud security controls compliance self-assessment
Protection of patient health information in the United States
Privacy Rule and Safeguards Rule for financial institutions
Privacy rights for educational information and records
Protection of the personal information for residents of Japan and other relevant global privacy laws
Take a deeper dive into Asana’s security practices and philosophy by downloading our trust and security whitepaper today.
*Accurate as of December 2023, includes free and paid users.