BBAA Atlas

Does Asana offer EU data residency?

Asana, Inc. · Work Management · official site ↗

EU residency on higher tiersRelies on SCCsDPA on paid plans only
Where does Asana store EU data — and who can touch it?
Asana offers EU data residency only on higher plan tiers, and relies on Standard Contractual Clauses for transfers.
Asana's EU data center (Frankfurt) is an Enterprise add-on (included in Enterprise+), reached only by contacting sales — and its Free plan carries no DPA at all. It relies on SCCs for transfers.

EU data residency

Can you keep data in the EU?
EU (Frankfurt) data residency is purchasable as an add-on for Enterprise organisations/divisions and is included in Enterprise+; customers must contact Sales to opt in and migrate. Lower tiers are hosted in the US. Some data (e.g. authentication, certain user data) may sit outside the selected region even when residency is enabled.
Transfer mechanism
Asana relies on Standard Contractual Clauses for EU personal-data transfers. Enabling the EU data center keeps in-scope customer data in the EEA, but not every data category is covered.

Sub-processors

Who else processes your data?
Asana publishes a sub-processor list with general authorisation and notice of changes. current sub-processor list ↗

Data Processing Agreement (DPA)

Does Asana sign a DPA?
A DPA applies to paid plans, but Asana's Free (Personal) plan does NOT include a DPA — the minimum compliant tier for processing others' personal data is a paid plan. This is the plan-tier moat. DPA ↗
What the trust-badge pages don't tell you
Two separate tier gates stack here: no DPA on Free at all, and EU residency only as an Enterprise add-on. A Starter/Advanced plan has a DPA but still US hosting.
Last checked 2026-06-02confidence: high · GDPR terms, residency regions and sub-processors change — confirm current terms with Asana, Inc. and run your own transfer impact assessment. This is not legal advice.
$249/moto monitor up to 25 vendors' DPA & residency
$3,000/yr, incl. cited bulk export

Monitor your whole vendor list for DPA & residency changes

The free lookup answers one vendor at a time. Teams running EU vendor intake track dozens and need to know the moment a sub-processor, residency region or DPA term changes. Leave your work email and we'll set up monitoring + a cited export for your list.

We'll reply to set up your vendor list and confirm pricing. No card, no checkout here.

Get notified when this changes

Compliance isn't one-and-done. Leave your email and we'll alert you when any vendor's BAA or HIPAA status we cover changes.

One email per change. No newsletter, no selling your address.

Frequently asked questions

Does Asana offer EU data residency?
Only on higher tiers. EU (Frankfurt) data residency is purchasable as an add-on for Enterprise organisations/divisions and is included in Enterprise+; customers must contact Sales to opt in and migrate. Lower tiers are hosted in the US. Some data (e.g. authentication, certain user data) may sit outside the selected region even when residency is enabled.
Where does Asana send my data, and does it rely on SCCs?
Asana relies on Standard Contractual Clauses for EU personal-data transfers. Enabling the EU data center keeps in-scope customer data in the EEA, but not every data category is covered.
Who are Asana's sub-processors?
Asana publishes a sub-processor list with general authorisation and notice of changes. See the current list at https://asana.com/terms/subprocessors.
Does Asana sign a GDPR Data Processing Agreement (DPA)?
On paid plans only — A DPA applies to paid plans, but Asana's Free (Personal) plan does NOT include a DPA — the minimum compliant tier for processing others' personal data is a paid plan. This is the plan-tier moat.
Is Asana GDPR compliant?
Asana can be used in a GDPR-compliant way, but compliance depends on your configuration, not just the vendor: Asana's EU data center (Frankfurt) is an Enterprise add-on (included in Enterprise+), reached only by contacting sales — and its Free plan carries no DPA at all. It relies on SCCs for transfers. You are the controller — confirm the current DPA, residency and sub-processor terms with Asana, Inc. and run a transfer impact assessment before processing EU personal data. This is not legal advice.

Sources

Asana Help — Data residency overview & FAQ
https://help.asana.com/s/article/data-residency-for-asana
Supports: EU data center as Enterprise add-on / Enterprise+; opt-in via Sales; partial data scopedated: 2026-06-02
Asana — Data Processing Addendum
https://asana.com/terms/data-processing-addendum
Supports: DPA on paid plans; Free plan excludeddated: 2026-06-02
Asana — Sub-processors
https://asana.com/terms/subprocessors
Supports: Public sub-processor list with change noticedated: 2026-06-02
This page is cited public information, not legal or compliance advice. Whether Asana can lawfully process your EU personal data depends on your plan, configured region, contract and a transfer impact assessment you control. Always confirm current terms with Asana, Inc. before sending EU personal data.

Check another vendor

AirtableEU residency on higher tiersAmplitudeEU data residency availableAtlassian (Jira & Confluence)EU data residency availableBoxEU residency on higher tiersCalendlyNo EU data residencyDatadogEU data residency available

Browse all 25 vendors →