If you use Asana through your job or an organization, that organization — not you — is in charge of your account. They can cut off your access or delete your data, and Asana will follow their instructions even without telling you.
This analysis describes what Asana's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Individual users have no direct contractual data rights against Asana for workspace content — their employer or organization is the controlling party, which means users can lose access or have their data deleted without recourse against Asana.
If you use Asana at work, your employer can instruct Asana to revoke your access, export your tasks and messages, or delete your account — and Asana will comply without notifying you personally.
Cross-platform context
See how other platforms handle Customer Controls User Data and Account and similar clauses.
Compare across platforms →Monitoring
Asana has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you use Asana as part of a workspace owned or administered by an organization (your employer, for example), that organization is the 'Customer.' The Customer has the ability to restrict, suspend, or terminate your access to the services, and Asana may take action based on the Customer's instructions without notice to you. The Customer controls the workspace, including all content you submit to it.— Excerpt from Asana's Asana Terms of Service
REGULATORY FRAMEWORK: This provision implicates GDPR Art. 28 (processor obligations) and Art. 4(7)/(8) (controller/processor definitions), as Asana acts as a data processor for the Customer and the Customer acts as the data controller for employee personal data within the workspace. It also engages CCPA §1798.140(d) regarding the business/service provider distinction. The primary enforcement authorities are EU national data protection authorities (e.g., ICO, CNIL, BfDI) and the California Attorney General.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Individual users have no direct contractual data rights against Asana for workspace content — their employer or organization is the controlling party, which means users can lose access or have their data deleted without recourse against Asana.
If you use Asana at work, your employer can instruct Asana to revoke your access, export your tasks and messages, or delete your account — and Asana will comply without notifying you personally.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Asana.