Hey @Marine_Winterstein we work/worked on projects for crypto companies as well.
The most important point in my opinion is that you restrict the relevant Asana team so nobody can see or access unless they are invited.
Be careful with custom fields if they are shared on an organizational level as @Bastien_Siebman pointed out here
Now I think you are also referring to Asana security in general, these 2 links might be helpful:
Hope this helps
3 Likes