What can I do about this clause?

{'method': 'EMAIL', 'recipient': 'privacy@asana.com', 'difficulty': 'EASY', 'action_type': 'DELETE_DATA', 'instructions': 'California residents should email privacy@asana.com identifying themselves as California residents and specifying the CCPA right they wish to exercise (access, deletion, or correction). Asana must respond within 45 days under CCPA.', 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'State_AG', 'reason': 'The California Attorney General and California Privacy Protection Agency enforce CCPA and CPRA rights. California residents can file complaints if Asana fails to honor valid data rights requests.', 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this California Resident Privacy Rights (CCPA) clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar California Resident Privacy Rights (CCPA) clauses across approximately 1 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

California Resident Privacy Rights (CCPA) — Asana

Share 𝕏 Share in Share 🔒 PDF

Recent governance activity Asana recorded 2 documented changes in the last 30 days.

Start monitoring updates

Monitor governance changes for Asana Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

Document Record

What it is

If you live in California, you have additional legal rights regarding your personal data at Asana, including the right to know what data is collected, to delete it, and to correct it.

ⓘ

This analysis describes what Asana's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

California residents have some of the strongest statutory privacy rights in the US. Understanding these rights and how to exercise them is practically important for CCPA-protected users.

⚠

Interpretive note: The full CCPA rights framework is contained in Asana's separate California Privacy Notice, which is linked from but not reproduced in the hub page analyzed here.

Consumer impact (what this means for users)

California residents using Asana can exercise CCPA rights including access, deletion, and correction of personal information by contacting privacy@asana.com. The effective scope of these rights for workspace data may depend on the organization's role as controller.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data

California residents should email privacy@asana.com identifying themselves as California residents and specifying the CCPA right they wish to exercise (access, deletion, or correction). Asana must respond within 45 days under CCPA.

How other platforms handle this

ADP Medium

If you are a California resident, you may have certain rights under the California Consumer Privacy Act (CCPA). These rights may include: the right to know about personal information collected, disclosed, or sold; the right to delete personal information collected from you; the right to opt-out of t...

Verizon Medium

California law gives residents the right to know what personal information we collect, use, share or sell; to delete personal information under certain circumstances; to opt-out of the sale or sharing of their personal information; to correct inaccurate personal information; to limit the use and dis...

T-Mobile Medium

If you are a California resident, you have the right to know what personal information we collect, use, disclose, and sell about you. You have the right to request deletion of your personal information, subject to certain exceptions. You have the right to opt out of the sale or sharing of your perso...

See all platforms with this clause type →

Monitoring

Asana has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

▸ View Original Clause Language DOCUMENT RECORD

"
Asana's policy references specific privacy rights for California residents including rights to know, delete, and correct personal information as required under the CCPA.

— Excerpt from Asana's Asana Privacy Statement

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

(1) REGULATORY LANDSCAPE: The California Consumer Privacy Act as amended by the California Privacy Rights Act grants California residents rights to know, delete, correct, and opt out of sale or sharing of personal information. The California Privacy Protection Agency and California Attorney General have enforcement authority. Asana's classification as a service provider or business under CCPA determines the scope of obligations. (2) GOVERNANCE EXPOSURE: Medium. Asana's CCPA compliance framework must distinguish between data for which it is a business (controller) and data for which it is a service provider (processor). Failure to maintain this distinction in practice, or to honor valid consumer requests within 45-day statutory deadlines, creates regulatory exposure. (3) JURISDICTION FLAGS: Applies specifically to California residents. Organizations with California employees using Asana should assess their own CCPA compliance obligations as controllers of employee data processed through the platform. (4) CONTRACT AND VENDOR IMPLICATIONS: Service agreements with California-based organizations should include CCPA-compliant service provider provisions prohibiting Asana from selling or sharing personal information for its own purposes. Procurement teams should confirm these provisions exist in executed agreements. (5) COMPLIANCE CONSIDERATIONS: California-facing privacy notices must be reviewed to ensure they accurately describe Asana's CCPA rights framework. Internal workflows should be tested to confirm requests received at privacy@asana.com are triaged within CPRA-required timeframes and routed to the appropriate responsible party.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Watcher free for 14 days

Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.

Applicable agencies

State AG

The California Attorney General and California Privacy Protection Agency enforce CCPA and CPRA rights. California residents can file complaints if Asana fails to honor valid data rights requests.
File a complaint →

Applicable regulations

Connecticut Data Privacy Act Amendments

US-CT

CAN-SPAM

United States Federal

FTC Act Section 5

United States Federal

GDPR

European Union

Indiana Consumer Data Protection Act

US-IN

Kentucky Consumer Data Protection Act

US-KY

Universal Opt-Out Mechanism Expansion 2026

VPPA

United States Federal

Provision details

Document information

Document

Asana Privacy Statement

Entity

Asana

Document last updated

May 5, 2026

Tracking information

First tracked

May 11, 2026

Last verified

May 11, 2026

Record ID

CA-P-009991

Document ID

CA-D-00558

Evidence Provenance

Source URL

https://asana.com/privacy

Wayback Machine

View archived versions →

Content hash (SHA-256)

24821b5c3b093e6990d3d19ddc8b949d79479238b91c586976ac72d2e994bf1c

Analysis generated

May 11, 2026 00:53 UTC

Methodology

summarize_document-v8

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: Asana
Document: Asana Privacy Statement
Record ID: CA-P-009991
Captured: 2026-05-11 00:53:56 UTC
SHA-256: 24821b5c3b093e69…
URL: https://conductatlas.com/platform/asana/asana-privacy-statement/california-resident-privacy-rights-ccpa/
Accessed: May 13, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

Medium

Other risks in this policy

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Asana's California Resident Privacy Rights (CCPA) clause do?

California residents have some of the strongest statutory privacy rights in the US. Understanding these rights and how to exercise them is practically important for CCPA-protected users.

How does this clause affect you?

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.

Is ConductAtlas affiliated with Asana?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Asana.