monday.com Apps - Security Statement

Data

Overview

Our monday.com apps never collect, store or process any monday.com customer data on our servers.

Where not expressly specified in the following sections, our apps process all data on the client-side (in an end user's internet browser).

Audit and usage logs

When you use our apps, we may collect anonymous usage data and analytics information for auditing, security purposes, improving our product, bug resolution and customer support assistance.

Data hosting and location

Any information available via monday.com REST API might be temporarily processed to render certain functions of the apps.

We use Cloudflare to host, serve, protect and optimize the worldwide app traffic. All data exchanged between the end-user and the apps traverse Cloudflare's global network before being processed by the user browser. You can read the Cloudflare privacy statement at https://www.cloudflare.com/privacypolicy/.

All traffic between the user browser and our server is encrypted with TLS 1.2 or higher.

No data is stored by our apps.

Disaster recovery and RTO

Depending on the severity of the issue, Presago is committed to resolving all issues between 2 and 48 business hours.

Privacy

Our apps are fully compliant with European GDPR.

We do not store any personal data. You can read more on our Privacy Policy.

Managing Security Vulnerabilities

We constantly monitor for vulnerabilities in our apps through automated scanning tools and periodic audits.
Security vulnerabilities, when found, get the highest priority and are fixed based on the following timelines:

Severity

CVSS Score

Timeframe for resolution

Severity

CVSS Score

Timeframe for resolution

Critical

CVSS v3 >= 9.0

Fixed within 4 weeks of being reported or triaged.

High

CVSS v3 >= 7.0

Fixed within 6 weeks of being reported or triaged.

Medium

CVSS v3 >= 4.0

Fixed within 8 weeks of being reported or triaged.

Low

CVSS v3 < 4.0

Fixed within 25 weeks of being reported or triaged.

Development and Support Team

Our development and support teams are located in Italy.
Suggestions, reports or requests for clarification are always welcome.

Contact us at https://presago.atlassian.net/servicedesk/customer/portals