{
  "docId": "019dd923-5efe-75c0-8dff-48e10af8a9a6",
  "docSlug": "27f56e392d468998",
  "documentTitle": "2025 ESG Report",
  "authorId": "Asana",
  "authorName": "Asana",
  "documentKindSlug": "consulting-deck",
  "documentKindLabel": "Consulting deck",
  "sourceTypeSlug": "strategy_consulting",
  "sourceTypeLabel": "Strategy consulting",
  "presentationDate": null,
  "orientation": "landscape",
  "aspectRatio": 1.776,
  "pageNumber": 39,
  "pageCount": 59,
  "prevPage": 38,
  "nextPage": 40,
  "slideType": "appendix_disclosure",
  "function": "summarize",
  "density": "overcrowded",
  "nDataPoints": 0,
  "notes": "Includes a grid of 12 compliance logos/certifications.",
  "elementsJson": [
    "paragraph",
    "icon_grid",
    "footnote"
  ],
  "metadataConfidence": 1,
  "imagePath": null,
  "slideHref": "/slides/019dd923-5efe-75c0-8dff-48e10af8a9a6/39",
  "deckHref": "/decks/019dd923-5efe-75c0-8dff-48e10af8a9a6",
  "deckJsonHref": "/decks/019dd923-5efe-75c0-8dff-48e10af8a9a6.json",
  "deckAnchorHref": "/decks/019dd923-5efe-75c0-8dff-48e10af8a9a6#slide-39",
  "components": [
    {
      "bbox": {
        "h": 0.6,
        "w": 0.28,
        "x": 0.69,
        "y": 0.28
      },
      "kind": "image",
      "text": "Grid of 12 compliance certifications including CCPA, CSA STAR, EU-US DPF, FERPA, GDPR, GLBA, HIPAA, ISO 27001, ISO 27017, ISO 27018, ISO 27701, SOC 2, SOC 3, TX-RAMP, and VPAT.",
      "attrs": null,
      "subkind": "icon-grid",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "dc813503-c0de-4a3b-8e78-2ba754024584",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.12,
        "w": 0.2,
        "x": 0.25,
        "y": 0.44
      },
      "kind": "paragraph",
      "text": "Enhanced privacy for healthcare customers: Our commitment to security and privacy allows us to offer enterprise-tier healthcare and healthcare-adjacent customers the option to use Asana in compliance with the US Health Insurance Portability and Accountability Act (HIPAA).",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "4965a761-6890-45cf-b02f-009c2afe8f38",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.15,
        "w": 0.2,
        "x": 0.25,
        "y": 0.28
      },
      "kind": "paragraph",
      "text": "Respecting data rights: We believe in giving every user access to—and control over—their personal data. The EU's General Data Protection Regulation (GDPR) is the strongest data protection and privacy law in effect, establishing robust data rights for individuals in the entire European Economic Area and inspiring similar laws in other parts of the world.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "5baf65bc-3fd6-49dd-b62e-9492d91303e1",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.15,
        "w": 0.2,
        "x": 0.03,
        "y": 0.34
      },
      "kind": "paragraph",
      "text": "Our global privacy program, designed to keep pace with the changing global privacy climate, is focused on facilitating privacy protections for customers' data, respecting customers' rights, ensuring compliance with global privacy and data protection laws and regulations, and demonstrating privacy compliance through third-party audits.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "c06208b7-52aa-4487-887d-14b0ec64de4c",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.12,
        "w": 0.2,
        "x": 0.03,
        "y": 0.52
      },
      "kind": "paragraph",
      "text": "Our head of global privacy and data protection officer oversees compliance with global privacy laws, addresses data protection and privacy inquiries, and regularly presents to the Board. Privacy certifications, assessments, and policies are regularly considered by the Board and management as part of strategic planning and risk management oversight.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "f1028233-fa34-417f-a330-a7bb26f7bf19",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.12,
        "w": 0.2,
        "x": 0.47,
        "y": 0.28
      },
      "kind": "paragraph",
      "text": "Law enforcement requests: Asana may receive requests from US or international law enforcement agencies about our customers. Asana complies with legally valid governmental requests. We communicate our policies around law enforcement requests in our Law Enforcement Guidelines.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "fb6b4283-6559-442d-b7a5-4c1dc2f70aa2",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.08,
        "w": 0.2,
        "x": 0.47,
        "y": 0.68
      },
      "kind": "source-note",
      "text": "7. The Privacy Statement applies to all free and paid customers of Asana as well as to other individuals who interact with Asana.",
      "attrs": {
        "numbered": true
      },
      "subkind": null,
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "afab09e0-fd88-48b4-bba7-cdb08a6ebe7c",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.04,
        "w": 0.2,
        "x": 0.03,
        "y": 0.28
      },
      "kind": "title",
      "text": "Our approach to data privacy and protection",
      "attrs": null,
      "subkind": "headline",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "c9b4d4bb-fe41-4b17-87ba-20c5f000acfd",
      "frameworkName": null,
      "frameworkSlug": null
    }
  ],
  "metrics": [],
  "tools": [],
  "frameworks": [],
  "arcBeats": [
    {
      "to": 40,
      "from": 10,
      "beatId": "019dd95a-07a7-7579-bd63-7d61f5ebffb7",
      "arcName": "The Golden Circle",
      "arcSlug": "golden-circle",
      "beatName": "How",
      "beatSlug": "golden-circle-how",
      "evidence": "Four pillars in action: People, Product, Planet, Trust & Governance.",
      "position": 2,
      "confidence": 70,
      "parentBeatName": "Turn",
      "parentBeatSlug": "turn"
    }
  ],
  "loops": [
    {
      "to": 40,
      "from": 34,
      "name": "Mece Breakdown",
      "slug": "40-mece-breakdown",
      "bestFor": "Problem structuring, ensuring completeness, strategic analysis",
      "matchId": "019dd95a-08f8-7619-ac2c-be5f95562317",
      "evidence": "Divider p.34 then 6 distinct, non-overlapping governance sub-themes p.35-40.",
      "position": 5,
      "objective": "Decompose Trust & Governance into ethics, risk, supply chain, privacy, data governance",
      "structure": "The Whole -> Category A (distinct) -> Category B (distinct) -> Category C (distinct) -> Complete Coverage",
      "confidence": 70,
      "description": "Divide a complex topic into mutually exclusive, collectively exhaustive categories"
    }
  ],
  "imagePathAlt": null,
  "thumbSrc": null,
  "thumbSrcAlt": null,
  "locked": true
}