← Back to app

Privacy Policy

Last updated: February 8, 2026

Custom Field Exporter ("the App") is a governance tool that allows Asana users to view and export custom field data from their Asana workspace. This privacy policy explains how the App handles your information.

1. Information We Access

When you connect your Asana account, the App requests read-only access to the following data through Asana's API:

• Your Asana user profile (name and email) for display purposes
• Workspace and organization information
• Project names and visibility settings
• Custom field definitions, including names, types, descriptions, creators, and configuration
• Task metadata (modification dates only, used to determine when a custom field was last used)

2. Information We Store

We do not store your data. Specifically:

• No database: The App has no database and does not persist any user data, custom field data, or workspace information to disk.
• Session data only: When you connect your Asana account, your OAuth access token is stored in a temporary server-side session. This session expires automatically after 8 hours or when you log out, whichever comes first.
• No passwords: The App never sees or stores your Asana password. Authentication is handled entirely by Asana's OAuth system.
• No analytics or tracking: The App does not use cookies for tracking, does not include analytics scripts, and does not collect usage data.

3. How Your Data Is Used

Your Asana data is used exclusively to:

• Display custom field information in your browser
• Generate CSV exports that are created entirely within your browser (client-side) and are never transmitted to any server

Data is fetched live from Asana's API each time you load the dashboard. Nothing is cached or stored between sessions.

4. Data Sharing

We do not share your data with anyone. The App communicates only with Asana's official API to retrieve your workspace data. No data is sent to third parties, advertising networks, or analytics services.

5. Data Security

• OAuth tokens are stored server-side only and are never exposed to the browser
• Session cookies are HTTP-only and use the SameSite attribute for CSRF protection
• The App requests only read-only permissions from Asana and cannot modify your workspace data
• All communication with Asana's API uses HTTPS encryption

6. Your Rights and Control

• Disconnect anytime: You can revoke the App's access to your Asana account at any time by visiting your Asana App Settings and removing the App.
• Logout: Clicking "Logout" in the App immediately destroys your session and all associated token data.
• No data to delete: Since we don't store your data, there is nothing to request deletion of.

7. Read-Only Access

The App only requests read-only OAuth scopes from Asana. It cannot create, modify, or delete any data in your Asana workspace, including tasks, projects, custom fields, or any other resources.

8. Changes to This Policy

If this privacy policy is updated, the changes will be reflected on this page with an updated "Last updated" date. Continued use of the App after changes constitutes acceptance of the revised policy.

9. Contact

If you have questions about this privacy policy or how the App handles your data, please contact the App administrator.