What can I do about this clause?

{'method': 'EMAIL', 'recipient': 'privacy@asana.com', 'difficulty': 'EASY', 'action_type': 'EXPORT_DATA', 'instructions': 'Email privacy@asana.com to request a copy of your personal data (data portability right). Include your name, email address, and specify that you are requesting data portability. Asana is required to respond within 30 days under GDPR or 45 days under CCPA.', 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC has authority to act against companies that fail to honor stated privacy commitments, including data access and deletion rights, as an unfair or deceptive practice under Section 5 of the FTC Act.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this Data Subject Rights (Access, Deletion, Portability, Correction) clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Data Subject Rights (Access, Deletion, Portability, Correction) — Asana

Share 𝕏 Share in Share 🔒 PDF

Recent governance activity Asana recorded 2 documented changes in the last 30 days.

Start monitoring updates

Monitor governance changes for Asana Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

Document Record

What it is

Depending on where you live, you may have the right to see, fix, delete, or move your Asana personal data, and to complain to your local privacy regulator if you think your rights have been violated.

ⓘ

This analysis describes what Asana's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

These rights are legally enforceable for EU/UK and California users, but the practical ability to exercise them depends on whether you are an individual or employer-managed account user — employer-managed users must go through their organization.

Consumer impact (what this means for users)

Individual Asana users can submit access, deletion, correction, or portability requests to Asana at privacy@asana.com; however, users on employer-managed accounts must exercise these rights through their employer, who controls the data — limiting direct access to Asana's rights-handling process.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Export Your Data

Email privacy@asana.com to request a copy of your personal data (data portability right). Include your name, email address, and specify that you are requesting data portability. Asana is required to respond within 30 days under GDPR or 45 days under CCPA.

How other platforms handle this

Runway Medium

In addition to the above rights, your local laws (including those in the EU, UK, Japan, California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Virginia, or Utah) may afford you f...

ADP Medium

If you are a California resident, you may have certain rights under the California Consumer Privacy Act (CCPA). These rights may include: the right to know about personal information collected, disclosed, or sold; the right to delete personal information collected from you; the right to opt-out of t...

TransUnion Medium

Depending on where you live, you may have certain rights with respect to your personal information. These rights may include: The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which we collected i...

See all platforms with this clause type →

Monitoring

Asana has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

▸ View Original Clause Language DOCUMENT RECORD

"
Depending on your location and subject to applicable law, you may have the following rights with regard to your personal information: Access to your personal information; Correction of inaccurate or incomplete information; Deletion of your personal information; Portability of your personal information; Restriction of or objection to our processing of your personal information; and the right to lodge a complaint with your local data protection authority.

— Excerpt from Asana's Asana Privacy Statement

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY FRAMEWORK: Implicates GDPR Arts. 15 (access), 16 (rectification), 17 (erasure), 18 (restriction), 20 (portability), and 21 (objection); UK GDPR equivalent rights; CCPA §1798.100-110 (access, deletion, portability); CPRA §1798.106 (correction) and §1798.121 (sensitive personal information limits). Enforcement: EU DPAs, UK ICO, CPPA, California AG.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Watcher free for 14 days

Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.

Applicable agencies

FTC

The FTC has authority to act against companies that fail to honor stated privacy commitments, including data access and deletion rights, as an unfair or deceptive practice under Section 5 of the FTC Act.
File a complaint →

Applicable regulations

Connecticut Data Privacy Act Amendments

US-CT

CAN-SPAM

United States Federal

FTC Act Section 5

United States Federal

GDPR

European Union

Indiana Consumer Data Protection Act

US-IN

Kentucky Consumer Data Protection Act

US-KY

Universal Opt-Out Mechanism Expansion 2026

VPPA

United States Federal

Provision details

Document information

Document

Asana Privacy Statement

Entity

Asana

Document last updated

May 5, 2026

Tracking information

First tracked

May 8, 2026

Last verified

May 8, 2026

Record ID

CA-P-006658

Document ID

CA-D-00558

Evidence Provenance

Source URL

https://asana.com/privacy

Wayback Machine

View archived versions →

Content hash (SHA-256)

a1020e9d2ac4ad253f690acce4f06452f86acc441617be1cef5055daa7f41f44

Analysis generated

May 8, 2026 12:27 UTC

Methodology

summarize_document-v7

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: Asana
Document: Asana Privacy Statement
Record ID: CA-P-006658
Captured: 2026-05-08 12:27:36 UTC
SHA-256: a1020e9d2ac4ad25…
URL: https://conductatlas.com/platform/asana/asana-privacy-statement/data-subject-rights-access-deletion-portability-correction/
Accessed: May 13, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

Medium

Other risks in this policy

Employer as Data Controller for Business Accounts high
International Data Transfers via Standard Contractual Clauses high
CCPA Rights for California Residents medium
Data Retention and Deletion medium
Third-Party Sharing and Sub-Processors medium
Cookie and Tracking Technologies medium

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Asana's Data Subject Rights (Access, Deletion, Portability, Correction) clause do?

How does this clause affect you?

Is ConductAtlas affiliated with Asana?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Asana.