API terms clarification

Hello guys,

I just had a look at api terms and there is a section with heading You (and your App) may not access, store or share private user content or passwords.

So the question is: are we not allowed to access or store tokens/refresh token? Also are we not allowed to save user tasks in our db?

Thanx a lot in advance for any response.



Apparently we would not even be allowed to access it =) good question, +1

1 Like

Maybe by password they mean the user email/password web credentials and no the PAT or the oAuth tokens.

I assume you’re right about that. But the part about content and your question

is interesting/concerning. @Joe_Trollo @Jeff_Schneider, what say you guys?

1 Like

I just look at it too, and 3 lines before what @Diakoptis mention, we can read this:

You Must: “4. Provide users with clear and readily accessible information regarding , how you collect, use, store and disclose their data.”

So, we can’t collect, use and store data, but we must tell our user how we collect, use and store their data! :smiley:

I suppose that “private user content” of point 4.7 is, all data we can read from the api?


Hey guys,

Thanks for raising this. We are actually in the midst of revising and clarifying our Asana API terms so these will all be updated in the near future. Our API and product constantly evolves and the current API terms were written in 2015 hence the need for an update. The quoted heading was intended to refer to data such as user login credentials and we will definitely be making this clearer in our new set of terms.