monday.com Apps - Security Statement
Data
Overview
Our monday.com apps never collect, store or process any monday.com customer data on our servers.
Where not expressly specified in the following sections, our apps process all data on the client-side (in an end user's internet browser).
Audit and usage logs
When you use our apps, we may collect anonymous usage data and analytics information for auditing, security purposes, improving our product, bug resolution and customer support assistance.
Data hosting and location
Any information available via monday.com REST API might be temporarily processed to render certain functions of the apps.
We use Cloudflare to host, serve, protect and optimize the worldwide app traffic. All data exchanged between the end-user and the apps traverse Cloudflare's global network before being processed by the user browser. You can read the Cloudflare privacy statement at https://www.cloudflare.com/privacypolicy/.
All traffic between the user browser and our server is encrypted with TLS 1.2 or higher.
No data is stored by our apps.
Disaster recovery and RTO
Depending on the severity of the issue, Presago is committed to resolving all issues between 2 and 48 business hours.
Privacy
Our apps are fully compliant with European GDPR.
We do not store any personal data. You can read more on our Privacy Policy.
Managing Security Vulnerabilities
We constantly monitor for vulnerabilities in our apps through automated scanning tools and periodic audits.
Security vulnerabilities, when found, get the highest priority and are fixed based on the following timelines:
Severity | CVSS Score | Timeframe for resolution |
---|---|---|
Critical | CVSS v3 >= 9.0 | Fixed within 4 weeks of being reported or triaged. |
High | CVSS v3 >= 7.0 | Fixed within 6 weeks of being reported or triaged. |
Medium | CVSS v3 >= 4.0 | Fixed within 8 weeks of being reported or triaged. |
Low | CVSS v3 < 4.0 | Fixed within 25 weeks of being reported or triaged. |
Development and Support Team
Our development and support teams are located in Italy.
Suggestions, reports or requests for clarification are always welcome.
Contact us at https://presago.atlassian.net/servicedesk/customer/portals