Does the developer periodically perform penetration testing?
No
Does the developer have a dedicated security and privacy point of contact for such issues or questions?
Yes
support@titanapps.io
Does the app restrict redirects and forwards only to approved destinations, or show a warning when redirecting to potentially untrusted content?
Yes
Not applicable, app doesn’t have any redirects.
Does the app protect against mass parameter assignment attacks?
Yes
Not applicable, all requests to the backend are processed by “dry-rb“ and have strict structure Reference: https://dry-rb.org/
Does the app perform encoding and sanitization on all user supplied parameters to protect against Cross-Site Scripting?
No
We do not render “unsafe“ user input at all (disallowed usage of “innerHTML“ and “dangerouslySetInnerHTML”)
Does the developer protect all state-changing actions against Cross-Site Request Forgery (CSRF)?
No
Not applicable. Because we treat our backend as an API host and we are exchanging the information using credentials(JWT) provided by monday. Also our backend is used only by monday automations. For verifying requests we use credentials(JWT) provided by monday, and store all the data in the monday storage.
Does the developer have mechanisms to notify monday.com in case of a security breach?
Yes
We'll use direct communication channel we have with the marketplace team. The notification times are: • 0-8 hours (during business hours) for issues classified as High priority. • Within 48 hours for issues classified as Medium priority. • Within 5 working days for issues classified as Low priority.
Does this developer have a process for installing application-level updates and security patches for the service (such as software packages and databases)?
Yes
1. Application-level updates and security patches installation process: - Frontend: Use yarn to manage dependencies. Regularly update dependencies to the latest versions, including React. Follow semantic versioning and release notes for potential breaking changes. Using Vite.js to manage bundles and regularly update it to benefit from new features and security fixes. Test updates in a separate branch or staging environment before deploying to production. - Backend (Rails, Redis, and Sidekiq): Manage gems with Bundler. Regularly update gems and Rails using version constraints in the Gemfile. Apply security patches promptly following announcements from the Rails Security Team. Enable automatic deployment via Heroku CI/CD pipeline triggered by Git pushes. Update the Redis add-on on Heroku through the Dashboard or CLI. Receive automatic notifications from Heroku regarding necessary updates and maintenance. Regularly update the Sidekiq gem using Bundler. Monitor Sidekiq releases and security advisories. Employ a rolling restart strategy to minimize service disruptions during updates. - GitHub: Leverage Dependabot for automated dependency updates, including GitHub Actions workflows. Regularly review and merge pull requests generated by Dependabot to apply updates. Extended PRs review, trunk-based branching strategy, limited access the staging/prod branches - Deploys Implement a branching strategy to test updates in a staging environment before production. Deploying/releasing updates only after CI passed - both backend & frontend tests 2. Patching Time Frames for Vulnerabilities: Critical severity issues to be fixed within 4 weeks of being reported; High severity issues to be fixed within 6 weeks of being reported; Medium severity issues to be fixed within 8 weeks of being reported; Low severity issues to be fixed within 10 weeks of being reported.
Compliance
Is the app certified with the information security standard ISO/IEC 27001:2022?
Not answered
Is the app compliant with the Health Insurance Portability and Accountability Act (HIPAA)?
No
Is the app certified with System and Organization Controls (SOC 2 or SOC 3)?
No
Is the app compliant with the General Data Protection Regulation (GDPR)?
Yes
Data
Does the app send any data outside of monday.com? If yes, indicate whether the data is customer-submitted (e.g., board names, item names, doc content) or non-customer-submitted (e.g., account ID, board ID, user ID).
Not answered
Where does the app store logs data?
Not answered
Where does the app store the app data?
Not answered
Does the developer ensure application logs do not contain secrets or personally-identifiable information (PII)?
Yes
We are using the out-of-the-box tools provided us by Rails https://guides.rubyonrails.org/v7.0/security.html#logging
Is customer data segregated from the data of other customers (for example logically or physically)?
Yes
We do not store the customer data in any other from Monday GlobalStorageAPI sources. It is compartmentalized according to the accountId and app, so data from one account is not accessible from others.
Privacy
Does the developer enforce multi-factor authentication on employees access to systems which may process customer data?
Yes
Accesses are managed in accordance with our company security policy. And we use forced multi-factor authentication for Heroku server https://devcenter.heroku.com/articles/multi-factor-authentication.
Does the developer protect access to customer data based on the principle of least privilege?
Yes
We have a company-wide security policy and a dedicated security team that controls who has access to what. Access to sensitive data requires a very good reason and an explicit permission, and is normally granted only to core developers, who are trusted and have a great work ethic. Also we don't store user content at our end.
Reviews
March 15, 2024
JD: so easy to program!!
Historical data
Installation history
We have data for December 28, 2024 onwards only. Collected sometime after 00:00 UTC daily.
Total number of installs
Change in total number of installs in last 7 days
Compares the number of installs on each date with 7 days previously:
Max
Min
Current
Change in total number of installs in last 30 days
Compares the number of installs on each date with 30 days previously:
Max
Min
Current
Change in total number of installs in last 90 days
Compares the number of installs on each date with 90 days previously:
Max
Min
Current
Ratings history
Categories history
Each of the following is a yes/no answer, so the graphs show 1 for yes, and 0 for no.
{
"id": 10000326,
"description": "<p>Smart Checklist helps teams organize their work with clear ToDo lists inside monday items and subitems.</p><p><br></p><p><strong>Here are things you can do with Smart Checklist:</strong></p><ul><li>Create detail-rich checklists.</li><li>Create and manage checklist templates across all boards</li><li>Automatically add and update checklist based on your workflow rules. </li><li>View checklist progress from the board.</li></ul><p><br></p><p><strong>List of Features:</strong></p><ul><li><strong>Formatting options.</strong> Apply text formatting. Add headers, separator, dates, user mentions, links and images.</li><li><strong>Markdown editor.</strong> Edit checklists as a text. Copy and paste from the clipboard.</li><li><strong>Templates.</strong> Save checklist as a template, use across all teams and boards.</li><li><strong>Automations.</strong> Add checklist automatically based on your triggers. Update item status based on checklist completion.</li></ul><p><br></p><p><strong>Examples of checklist template use cases:</strong></p><ul><li>Definition of Done</li><li>Acceptance Criteria</li><li>Code review</li><li>Bug Report </li><li>Feature Release </li><li>Payroll</li><li>Employee Onboarding</li><li>Email Camaign</li><li>Blog Post Creation</li><li>Social Media Planning </li><li>Marketing Report </li><li>Procurement</li></ul><p><br></p><p>Check our <a href=\"https://smart-checklist-monday.helpscoutdocs.com/category/4-setup-guide\" rel=\"noopener noreferrer\" target=\"_blank\">documentation</a> and <a href=\"https://www.youtube.com/watch?v=2OH_uBF-ogQ&t=3s\" rel=\"noopener noreferrer\" target=\"_blank\">watch a demo</a> for more info! <a href=\"mailto:support@titanapps.io\" rel=\"noopener noreferrer\" target=\"_blank\">Contact our team</a> if you have any questions, or just <a href=\"https://l.rw.rw/mcsurvey\" rel=\"noopener noreferrer\" target=\"_blank\">share your feedback</a>.</p><p><br></p><p><strong>Try our free plan ⚡</strong></p>",
"short_description": "Create ToDo lists. Save them as a template.",
"compliance_answers": [
{
"questionId": 1,
"shortAnswer": true,
"detailedAnswer": "We do not store the customer data in any other from Monday GlobalStorageAPI sources. \nIt is compartmentalized according to the accountId and app, so data from one account is not accessible from others."
},
{
"questionId": 2,
"shortAnswer": true,
"detailedAnswer": "1. Application-level updates and security patches installation process:\n\n- Frontend:\n\nUse yarn to manage dependencies.\nRegularly update dependencies to the latest versions, including React.\nFollow semantic versioning and release notes for potential breaking changes.\nUsing Vite.js to manage bundles and regularly update it to benefit from new features and security fixes.\nTest updates in a separate branch or staging environment before deploying to production.\n\n- Backend (Rails, Redis, and Sidekiq):\n\nManage gems with Bundler.\nRegularly update gems and Rails using version constraints in the Gemfile.\nApply security patches promptly following announcements from the Rails Security Team.\nEnable automatic deployment via Heroku CI/CD pipeline triggered by Git pushes.\nUpdate the Redis add-on on Heroku through the Dashboard or CLI.\nReceive automatic notifications from Heroku regarding necessary updates and maintenance.\nRegularly update the Sidekiq gem using Bundler.\nMonitor Sidekiq releases and security advisories.\nEmploy a rolling restart strategy to minimize service disruptions during updates.\n\n- GitHub:\n\nLeverage Dependabot for automated dependency updates, including GitHub Actions workflows.\nRegularly review and merge pull requests generated by Dependabot to apply updates.\nExtended PRs review, trunk-based branching strategy, limited access the staging/prod branches\n\n- Deploys\n\nImplement a branching strategy to test updates in a staging environment before production.\nDeploying/releasing updates only after CI passed - both backend & frontend tests\n\n2. Patching Time Frames for Vulnerabilities:\n\nCritical severity issues to be fixed within 4 weeks of being reported;\nHigh severity issues to be fixed within 6 weeks of being reported;\nMedium severity issues to be fixed within 8 weeks of being reported;\nLow severity issues to be fixed within 10 weeks of being reported."
},
{
"questionId": 3,
"shortAnswer": true,
"detailedAnswer": "We'll use direct communication channel we have with the marketplace team. The notification times are:\n• 0-8 hours (during business hours) for issues classified as High priority. \n• Within 48 hours for issues classified as Medium priority. \n• Within 5 working days for issues classified as Low priority.\n"
},
{
"questionId": 4,
"shortAnswer": false,
"detailedAnswer": "Not applicable. Because we treat our backend as an API host and we are exchanging the information using credentials(JWT) provided by monday. Also our backend is used only by monday automations.\n\nFor verifying requests we use credentials(JWT) provided by monday, and store all the data in the monday storage."
},
{
"questionId": 5,
"shortAnswer": false,
"detailedAnswer": "We do not render “unsafe“ user input at all (disallowed usage of “innerHTML“ and “dangerouslySetInnerHTML”)"
},
{
"questionId": 6,
"shortAnswer": true,
"detailedAnswer": "We have a company-wide security policy and a dedicated security team that controls who has access to what. Access to sensitive data requires a very good reason and an explicit permission, and is normally granted only to core developers, who are trusted and have a great work ethic.\n\nAlso we don't store user content at our end."
},
{
"questionId": 7,
"shortAnswer": true,
"detailedAnswer": "Accesses are managed in accordance with our company security policy. And we use forced multi-factor authentication for Heroku server https://devcenter.heroku.com/articles/multi-factor-authentication. "
},
{
"questionId": 8,
"shortAnswer": true,
"detailedAnswer": "We are using the out-of-the-box tools provided us by Rails https://guides.rubyonrails.org/v7.0/security.html#logging"
},
{
"questionId": 9,
"shortAnswer": true,
"detailedAnswer": "Not applicable, all requests to the backend are processed by “dry-rb“ and have strict structure\n\nReference: https://dry-rb.org/"
},
{
"questionId": 10,
"shortAnswer": true,
"detailedAnswer": "Not applicable, app doesn’t have any redirects."
},
{
"questionId": 11,
"shortAnswer": true
},
{
"questionId": 12,
"shortAnswer": false
},
{
"questionId": 13,
"shortAnswer": false
},
{
"questionId": 14,
"shortAnswer": true,
"detailedAnswer": "support@titanapps.io"
},
{
"questionId": 15,
"shortAnswer": false
}
],
"badges_data": {
"pricing_data": "Free plan available",
"acquisition_source": "Touch",
"app_values": [
"Easier resource management"
]
},
"data": {
"terms_of_service_url": "https://titanapps.io/terms",
"google_analytics_tag_id": "G-97K015WN7Q"
},
"keywords": "Checklist,\n checklist automation, \nto do list, \nonboarding checklist,\n templates, \nchecklist templates",
"thumbnail_url": "https://dapulse-res.cloudinary.com/image/upload/v1698047341/monday-apps-marketplace/Smart%20Checklist/app_card_3.jpg",
"logo_url": "https://dapulse-res.cloudinary.com/image/upload/v1705231822/monday-apps-marketplace/Smart%20Checklist/NEW-SC-_logo_192_x_192.png",
"feedback_url": "support@titanapps.io",
"privacy_policy_url": "https://titanapps.io/privacy",
"external_pricing_url": null,
"featured": null,
"security": null,
"display_in_template_store": null,
"acquisition_source": "Touch",
"terms_of_service_url": "https://titanapps.io/terms",
"label": null,
"app_values": [
"Easier resource management"
],
"security_info": null,
"gallery_assets": [
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1698047309/monday-apps-marketplace/Smart%20Checklist/App_Gallery_1_-_1920x960.jpg"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1698047312/monday-apps-marketplace/Smart%20Checklist/App_Gallery_2_-_1920x960.jpg"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1698047314/monday-apps-marketplace/Smart%20Checklist/App_Gallery_3_-_1920x960.jpg"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1698047317/monday-apps-marketplace/Smart%20Checklist/App_Gallery_4_-_1920x960.jpg"
},
{
"url": "https://cdn.monday.com/marketplace/10000326/10000326_2024_11_25_3_33_13_ubox7xv.mp4",
"type": "video"
}
],
"pricing_data": "Free plan available",
"marketplace_developer_id": 10000136,
"app_id": 10102879,
"marketplace_category_ids": [
8,
6,
5
],
"name": "Smart Checklist",
"app_scope_str": "me:read,boards:read,boards:write,users:read,teams:read",
"app_client_id": "4dfbcafbcf1154ea2a56942c59ce3e0f",
"app_color": {
"hsl": {
"h": 240,
"s": 0,
"l": 1,
"a": 1
},
"hex": "#ffffff",
"rgb": {
"r": 255,
"g": 255,
"b": 255,
"a": 1
},
"hsv": {
"h": 240,
"s": 0,
"v": 1,
"a": 1
},
"oldHue": 240,
"source": "hex"
},
"created_at": "2023-10-23T14:46:36.140Z",
"updated_at": "2024-12-25T13:41:26.088Z",
"how_to_use_url": "https://smart-checklist-monday.helpscoutdocs.com/?",
"automation_app_id": null,
"plans": [
{
"id": "10102879-1-ind",
"appId": 10102879,
"appPlanId": "ind",
"versionId": 1,
"versionState": "live",
"name": "Individual",
"description": "",
"extraData": {
"bullets": [],
"monthlyFee": 0,
"yearlyFee": 0,
"maxSeats": 1
},
"isTrial": false,
"isRecommended": false,
"isFree": true,
"currency": "USD",
"prices": {
"type": "seat_based",
"monthly": 0,
"yearly": 0,
"maxSeats": 1
}
},
{
"id": "10102879-1-50s",
"appId": 10102879,
"appPlanId": "50s",
"versionId": 1,
"versionState": "live",
"name": "Up to 50 seats",
"description": "",
"extraData": {
"bullets": [],
"monthlyFee": 55,
"yearlyFee": 46,
"maxSeats": 50
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "seat_based",
"monthly": 55,
"yearly": 46,
"maxSeats": 50
}
},
{
"id": "10102879-1-5s",
"appId": 10102879,
"appPlanId": "5s",
"versionId": 1,
"versionState": "live",
"name": "Up to 5 seats",
"description": "",
"extraData": {
"bullets": [],
"monthlyFee": 10,
"yearlyFee": 8,
"maxSeats": 5
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "seat_based",
"monthly": 10,
"yearly": 8,
"maxSeats": 5
}
},
{
"id": "10102879-1-10s",
"appId": 10102879,
"appPlanId": "10s",
"versionId": 1,
"versionState": "live",
"name": "Up to 10 seats",
"description": "",
"extraData": {
"bullets": [],
"monthlyFee": 15,
"yearlyFee": 12,
"maxSeats": 10
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "seat_based",
"monthly": 15,
"yearly": 12,
"maxSeats": 10
}
},
{
"id": "10102879-1-20s",
"appId": 10102879,
"appPlanId": "20s",
"versionId": 1,
"versionState": "live",
"name": "Up to 20 seats",
"description": "",
"extraData": {
"bullets": [],
"monthlyFee": 30,
"yearlyFee": 25,
"maxSeats": 20
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "seat_based",
"monthly": 30,
"yearly": 25,
"maxSeats": 20
}
},
{
"id": "10102879-1-30s",
"appId": 10102879,
"appPlanId": "30s",
"versionId": 1,
"versionState": "live",
"name": "Up to 30 seats",
"description": "",
"extraData": {
"bullets": [],
"monthlyFee": 40,
"yearlyFee": 33,
"maxSeats": 30
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "seat_based",
"monthly": 40,
"yearly": 33,
"maxSeats": 30
}
},
{
"id": "10102879-1-40s",
"appId": 10102879,
"appPlanId": "40s",
"versionId": 1,
"versionState": "live",
"name": "Up to 40 seats",
"description": "",
"extraData": {
"bullets": [],
"monthlyFee": 50,
"yearlyFee": 42,
"maxSeats": 40
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "seat_based",
"monthly": 50,
"yearly": 42,
"maxSeats": 40
}
},
{
"id": "10102879-1-100s",
"appId": 10102879,
"appPlanId": "100s",
"versionId": 1,
"versionState": "live",
"name": "Up to 100 seats",
"description": "",
"extraData": {
"bullets": [],
"monthlyFee": 90,
"yearlyFee": 75,
"maxSeats": 100
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "seat_based",
"monthly": 90,
"yearly": 75,
"maxSeats": 100
}
},
{
"id": "10102879-1-250s",
"appId": 10102879,
"appPlanId": "250s",
"versionId": 1,
"versionState": "live",
"name": "Up to 250 seats",
"description": "",
"extraData": {
"bullets": [],
"monthlyFee": 200,
"yearlyFee": 167,
"maxSeats": 250
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "seat_based",
"monthly": 200,
"yearly": 167,
"maxSeats": 250
}
},
{
"id": "10102879-1-unlim",
"appId": 10102879,
"appPlanId": "unlim",
"versionId": 1,
"versionState": "live",
"name": "Over 250 seats",
"description": "",
"extraData": {
"bullets": [],
"monthlyFee": 500,
"yearlyFee": 417,
"maxSeats": 1000000
},
"isTrial": true,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "seat_based",
"monthly": 500,
"yearly": 417,
"maxSeats": 1000000
}
}
],
"featured_for_categories_ids": [],
"pinned_for_categories_ids": [],
"pricing_model": null,
"app_type": "app",
"display": null,
"is_connector": null,
"google_analytics_tag_id": "G-97K015WN7Q",
"app_live_version": {
"updated_at": "2024-08-22T08:19:18Z",
"id": 10320533
},
"is_solution": null,
"available_for_tiers": null,
"available_for_products": null,
"installsDelta": {
"totalInstalls": 1613,
"sevenDays": 9,
"thirtyDays": 44,
"ninetyDays": 140
}
}
