Enrich your CRM with proprietary Crunchbase company data
With Crunchbase CRM Enrichment, you can enrich your CRM records with proprietary company data fields to quickly identify qualified opportunities and inform outreach.
Key Features
Target the right companies using key signals
Find companies in a position to make a deal using Crunchbase's unique funding and revenue data, and inform outreach with real-time insights to reach out with relevant information at the right time.
Spend less time searching and more time selling
Reduce manual search with best-in-class company data delivered right in your CRM, and enhance your automations by building workflow templates with advanced Cruchbase data to surface qualified accounts.
Ensure CRM data hygiene and freshness
Set up daily recurring updates to your records and get automatically refreshed data in your CRM.
Does the developer periodically perform penetration testing?
Yes
Penetration testing is conducted on an ad hoc basis, as required by Google for Crunchbase to maintain certain integrations. Security Review results summary may be provided upon execution of an NDA via Crunchbase’s Whistic profile.
Does the developer have a dedicated security and privacy point of contact for such issues or questions?
Yes
As an early-stage company this responsibility is shared amongst our CTO, IT Manager, and in-house and outside legal counsel. Additionally, Customers can contact Crunchbase either through our support emails which route through Zendesk to the appropriate Crunchbase employee or customers can directly contact their CSM or RPM. We have direct channels to our Engineering team or Data team to surface bugs or product support complaints and are also supported by our Solutions Engineering team. If the issue is a bug then we leverage JIRA to track support tickets which are then triaged by the Engineering team. [email protected]
Does the app restrict redirects and forwards only to approved destinations, or show a warning when redirecting to potentially untrusted content?
No
The app strategically uses redirects primarily within the authentication flows involving monday.com and, when necessary, Crunchbase. To ensure security and integrity in these redirects, the app employs the following measures: Authentication Flow: The app leverages the authentication flow provided by monday.com. During this process, monday.com initiates a POST request to our backend. This request is securely signed with a Client Secret, which is confidentially stored within both monday.com and our backend's security storage. This verification step ensures that the request originates from a trusted source. Hardcoded Links: The URLs the app redirects for token acquisition (either from monday.com or Crunchbase) are hardcoded within our application's codebase. This approach eliminates the risk of unauthorized redirects as the destinations are predefined and reviewed for security. Token Handling: It's important to note that tokens are not directly involved in the redirect URLs. Instead, they are securely set through separate callbacks, minimizing exposure to potential redirect vulnerabilities. Return URL Verification: After obtaining the necessary information through the authentication flow, the app redirects users using parameters received from monday.com. While the back URL itself is not explicitly verified against an allow list, we rely on the robust mechanism that only requests signed by monday.com can proceed through this authentication and redirection process. This implicit trust model is based on the secure exchange and verification of signed requests, ensuring that only authorized and intended redirections occur.
Does the app protect against mass parameter assignment attacks?
Yes
The app mitigates mass parameter assignment attacks through a method akin to Data Transfer Objects (DTO). This approach ensures that each request processes only explicitly required information, effectively ignoring any additional, unexpected parameters. Additionally, the app embeds these details within JSON Web Tokens (JWT) to secure sensitive information such as user or account IDs. These tokens are securely transmitted, as the secret key used for signing the JWTs is strictly shared between monday.com and our application, ensuring no external party can tamper with or fabricate valid tokens.
Does the app perform encoding and sanitization on all user supplied parameters to protect against Cross-Site Scripting?
Yes
Our application minimizes the need for explicit XSS encoding on the client side as we primarily use React for UI rendering, which inherently escapes HTML to prevent XSS attacks. React's design ensures that any user input rendered in the UI is automatically encoded, thus mitigating the risk of XSS by controlling the execution of potentially malicious scripts. We consciously avoid scenarios where unescaped user input might be directly inserted into the DOM, primarily through practices like dangerouslySetInnerHTML. We implement comprehensive sanitization measures for all user input on the server side. This is to further safeguard against XSS and prevent the storage and propagation of incorrect or malicious data within our system. Our server-side sanitization process removes potentially harmful scripts or tags from the input before it is processed, stored, or sent back to the client for rendering. By leveraging React's built-in protection against XSS on the client side and enforcing strict sanitization rules on the server side, we maintain a robust defense against XSS attacks across our application.
Does the developer protect all state-changing actions against Cross-Site Request Forgery (CSRF)?
Yes
To protect all state-changing actions against CSRF, we use an xsrf_token cookie validated server-side. For each browser session, a unique token is generated and included in all state-changing requests. When such a request is received, the server verifies the token in the request against the token stored in the session.
Does the developer have mechanisms to notify monday.com in case of a security breach?
Yes
Crunchbase will promptly and properly notify customers, partners, users, affected parties, and regulatory agencies of relevant incidents or breaches under Crunchbase policies, contractual commitments, and regulatory requirements.
Does this developer have a process for installing application-level updates and security patches for the service (such as software packages and databases)?
Yes
Critical/High: 30 Days Medium: 60 Days Low: 90 Days Informational: As needed
Compliance
Is the app certified with the information security standard ISO/IEC 27001:2022?
Not answered
Is the app compliant with the Health Insurance Portability and Accountability Act (HIPAA)?
No
N/A, Crunchbase does not process PHI.
Is the app certified with System and Organization Controls (SOC 2 or SOC 3)?
Yes
Crunchbase was reviewed by an independent service provider during the SOC 2 Type II audit, which was completed in 2023. Security Review results summary and SOC II documents may be provided upon execution of an NDA via Crunchbase’s Whistic profile.
Is the app compliant with the General Data Protection Regulation (GDPR)?
Yes
To the extent Crunchbase is required to comply with GDPR, the Crunchbase Data which is transferred to monday.com through the app complies with GDPR to the best of our knowledge. Please refer to the following for more information: https://about.crunchbase.com/terms-of-service/gdpr-privacy-policy/
Data
Does the app send any data outside of monday.com? If yes, indicate whether the data is customer-submitted (e.g., board names, item names, doc content) or non-customer-submitted (e.g., account ID, board ID, user ID).
Not answered
Where does the app store logs data?
other
Logs data is stored in monday logger
Where does the app store the app data?
monday
Does the developer ensure application logs do not contain secrets or personally-identifiable information (PII)?
No
N/A, this is not specifically restricted.
Is customer data segregated from the data of other customers (for example logically or physically)?
Yes
Data is segregated by means of a tenant ID
Privacy
Does the developer enforce multi-factor authentication on employees access to systems which may process customer data?
Yes
Only selected members of selected teams have access to customer data, and only as required by their role. Crunchbase provides access to personal data only to those who have a job-related need to access such data, based on the ‘least privilege’ principle. Access to systems is requested, approved, and managed using Lumos. MFA is required by policy for all remote access to the corporate network, and all exceptions to the policy are documented.
Does the developer protect access to customer data based on the principle of least privilege?
Yes
Crunchbase provides access to customer data only to those employees who have a job-related need to access such data, based on the ‘least privilege’ principle. Access to systems is requested, approved, and managed using Lumos.
Reviews
No reviews yet.
Installation history
We have data for December 28, 2024 onwards only. Collected sometime after 00:00 UTC daily.
{
"id": 10000404,
"description": "<p>With <strong>Crunchbase CRM Enrichment</strong>, you can enrich your CRM records with proprietary company data fields to quickly identify qualified opportunities and inform outreach.</p><p><br></p><p><strong>Key Features</strong></p><ol><li>Target the right companies using key signals</li><li class=\"ql-indent-1\">Find companies in a position to make a deal using Crunchbase's unique funding and revenue data, and inform outreach with real-time insights to reach out with relevant information at the right time.</li><li>Spend less time searching and more time selling</li><li class=\"ql-indent-1\">Reduce manual search with best-in-class company data delivered right in your CRM, and enhance your automations by building workflow templates with advanced Cruchbase data to surface qualified accounts.</li><li>Ensure CRM data hygiene and freshness</li><li>Set up daily recurring updates to your records and get automatically refreshed data in your CRM.</li></ol><p><br></p><p><strong>Helpful Links:</strong></p><ul><li><a href=\"https://support.crunchbase.com/hc/en-us\" rel=\"noopener noreferrer\" target=\"_blank\">Help Center</a></li><li><a href=\"mailto:[email protected]\" rel=\"noopener noreferrer\" target=\"_blank\">Contact support</a></li><li><a href=\"https://about.crunchbase.com/\" rel=\"noopener noreferrer\" target=\"_blank\">About Crunchbase</a></li><li>New to Crunchbase? <a href=\"https://about.crunchbase.com/crunchbase-crm-enrichment-for-monday-com/?utm_source=mondaycom&utm_medium=partner&utm_campaign=crm-enrichment-campaign\" rel=\"noopener noreferrer\" target=\"_blank\">Sign up to learn more</a></li></ul>",
"short_description": "Enrich your CRM with proprietary Crunchbase company data",
"compliance_answers": [
{
"questionId": 1,
"shortAnswer": true,
"detailedAnswer": "Data is segregated by means of a tenant ID"
},
{
"questionId": 2,
"shortAnswer": true,
"detailedAnswer": "Critical/High: 30 Days\nMedium: 60 Days\nLow: 90 Days\nInformational: As needed\n"
},
{
"questionId": 3,
"shortAnswer": true,
"detailedAnswer": "Crunchbase will promptly and properly notify customers, partners, users, affected parties, and regulatory agencies of relevant incidents or breaches under Crunchbase policies, contractual commitments, and regulatory requirements.\n"
},
{
"questionId": 4,
"shortAnswer": true,
"detailedAnswer": "To protect all state-changing actions against CSRF, we use an xsrf_token cookie validated server-side. For each browser session, a unique token is generated and included in all state-changing requests. When such a request is received, the server verifies the token in the request against the token stored in the session."
},
{
"questionId": 5,
"shortAnswer": true,
"detailedAnswer": "Our application minimizes the need for explicit XSS encoding on the client side as we primarily use React for UI rendering, which inherently escapes HTML to prevent XSS attacks. React's design ensures that any user input rendered in the UI is automatically encoded, thus mitigating the risk of XSS by controlling the execution of potentially malicious scripts. We consciously avoid scenarios where unescaped user input might be directly inserted into the DOM, primarily through practices like dangerouslySetInnerHTML.\nWe implement comprehensive sanitization measures for all user input on the server side. This is to further safeguard against XSS and prevent the storage and propagation of incorrect or malicious data within our system. Our server-side sanitization process removes potentially harmful scripts or tags from the input before it is processed, stored, or sent back to the client for rendering.\nBy leveraging React's built-in protection against XSS on the client side and enforcing strict sanitization rules on the server side, we maintain a robust defense against XSS attacks across our application.\n"
},
{
"questionId": 6,
"shortAnswer": true,
"detailedAnswer": "Crunchbase provides access to customer data only to those employees who have a job-related need to access such data, based on the ‘least privilege’ principle. Access to systems is requested, approved, and managed using Lumos."
},
{
"questionId": 7,
"shortAnswer": true,
"detailedAnswer": "Only selected members of selected teams have access to customer data, and only as required by their role. Crunchbase provides access to personal data only to those who have a job-related need to access such data, based on the ‘least privilege’ principle. Access to systems is requested, approved, and managed using Lumos.\nMFA is required by policy for all remote access to the corporate network, and all exceptions to the policy are documented.\n"
},
{
"questionId": 8,
"shortAnswer": false,
"detailedAnswer": "N/A, this is not specifically restricted."
},
{
"questionId": 9,
"shortAnswer": true,
"detailedAnswer": "The app mitigates mass parameter assignment attacks through a method akin to Data Transfer Objects (DTO). This approach ensures that each request processes only explicitly required information, effectively ignoring any additional, unexpected parameters.\nAdditionally, the app embeds these details within JSON Web Tokens (JWT) to secure sensitive information such as user or account IDs. These tokens are securely transmitted, as the secret key used for signing the JWTs is strictly shared between monday.com and our application, ensuring no external party can tamper with or fabricate valid tokens.\n"
},
{
"questionId": 10,
"shortAnswer": false,
"detailedAnswer": "The app strategically uses redirects primarily within the authentication flows involving monday.com and, when necessary, Crunchbase. To ensure security and integrity in these redirects, the app employs the following measures:\nAuthentication Flow: The app leverages the authentication flow provided by monday.com. During this process, monday.com initiates a POST request to our backend. This request is securely signed with a Client Secret, which is confidentially stored within both monday.com and our backend's security storage. This verification step ensures that the request originates from a trusted source.\nHardcoded Links: The URLs the app redirects for token acquisition (either from monday.com or Crunchbase) are hardcoded within our application's codebase. This approach eliminates the risk of unauthorized redirects as the destinations are predefined and reviewed for security.\nToken Handling: It's important to note that tokens are not directly involved in the redirect URLs. Instead, they are securely set through separate callbacks, minimizing exposure to potential redirect vulnerabilities.\nReturn URL Verification: After obtaining the necessary information through the authentication flow, the app redirects users using parameters received from monday.com. While the back URL itself is not explicitly verified against an allow list, we rely on the robust mechanism that only requests signed by monday.com can proceed through this authentication and redirection process. This implicit trust model is based on the secure exchange and verification of signed requests, ensuring that only authorized and intended redirections occur.\n"
},
{
"questionId": 11,
"shortAnswer": true,
"detailedAnswer": "To the extent Crunchbase is required to comply with GDPR, the Crunchbase Data which is transferred to monday.com through the app complies with GDPR to the best of our knowledge. Please refer to the following for more information: https://about.crunchbase.com/terms-of-service/gdpr-privacy-policy/"
},
{
"questionId": 12,
"shortAnswer": true,
"detailedAnswer": "Crunchbase was reviewed by an independent service provider during the SOC 2 Type II audit, which was completed in 2023. Security Review results summary and SOC II documents may be provided upon execution of an NDA via Crunchbase’s Whistic profile."
},
{
"questionId": 13,
"shortAnswer": false,
"detailedAnswer": "N/A, Crunchbase does not process PHI."
},
{
"questionId": 14,
"shortAnswer": true,
"detailedAnswer": "As an early-stage company this responsibility is shared amongst our CTO, IT Manager, and in-house and outside legal counsel. Additionally, Customers can contact Crunchbase either through our support emails which route through Zendesk to the appropriate Crunchbase employee or customers can directly contact their CSM or RPM. We have direct channels to our Engineering team or Data team to surface bugs or product support complaints and are also supported by our Solutions Engineering team. If the issue is a bug then we leverage JIRA to track support tickets which are then triaged by the Engineering team. [email protected]"
},
{
"questionId": 15,
"shortAnswer": true,
"detailedAnswer": "Penetration testing is conducted on an ad hoc basis, as required by Google for Crunchbase to maintain certain integrations. Security Review results summary may be provided upon execution of an NDA via Crunchbase’s Whistic profile."
},
{
"questionId": 17,
"dataHostingProvider": "monday"
},
{
"questionId": 18,
"logHostingProvider": "other",
"detailedAnswer": "Logs data is stored in monday logger"
}
],
"badges_data": {
"pricing_data": "Free",
"acquisition_source": "No touch",
"app_values": [
"Popular with CRM users"
],
"security": true
},
"data": {
"terms_of_service_url": "https://about.crunchbase.com/terms-of-service/",
"is_connector": true
},
"keywords": "crunchbase,\nintegration,\ncompany,\norganization,\ninsight,\nenrichment,\ndata,\naccount,\nleads,\nsignals",
"thumbnail_url": "https://dapulse-res.cloudinary.com/image/upload/v1707727724/monday-apps-marketplace/Crunchbase/App_Card_Image_2.png",
"logo_url": "https://dapulse-res.cloudinary.com/image/upload/v1707727724/monday-apps-marketplace/Crunchbase/App_Icon_3.png",
"feedback_url": "[email protected]",
"privacy_policy_url": "https://about.crunchbase.com/terms-of-service/privacy-policy/",
"external_pricing_url": null,
"featured": null,
"security": true,
"display_in_template_store": null,
"acquisition_source": "No touch",
"terms_of_service_url": "https://about.crunchbase.com/terms-of-service/",
"label": null,
"app_values": [
"Popular with CRM users"
],
"security_info": null,
"gallery_assets": [
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1707727724/monday-apps-marketplace/Crunchbase/Gallery_Image_1_3.png"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1707727725/monday-apps-marketplace/Crunchbase/Gallery_Image_2_3.png"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1707727725/monday-apps-marketplace/Crunchbase/Gallery_Image_3_4.png"
}
],
"pricing_data": "Free",
"marketplace_developer_id": 10000171,
"app_id": 10121947,
"marketplace_category_ids": [
10000012,
10000001,
7,
4
],
"name": "Crunchbase CRM Enrichment",
"app_scope_str": "boards:read,boards:write,notifications:write,webhooks:read,webhooks:write,account:read",
"app_client_id": "b45ea8246bc7eaa2f12cb0ce96400472",
"app_color": {
"hsl": {
"h": 201.81818181818184,
"s": 0.4782608695652174,
"l": 0.1803921568627451,
"a": 1
},
"hex": "#183444",
"rgb": {
"r": 24,
"g": 52,
"b": 68,
"a": 1
},
"hsv": {
"h": 201.81818181818184,
"s": 0.6470588235294118,
"v": 0.26666666666666666,
"a": 1
},
"oldHue": 219.2307692307692,
"source": "hex"
},
"created_at": "2024-02-12T08:50:32.248Z",
"updated_at": "2024-10-14T09:20:11.974Z",
"how_to_use_url": "https://docs.google.com/document/d/1YO8PeV0c2SG5UJsw_vybKU14Eq5cCjJvj2Iw50m_IA8/edit?usp=sharing",
"automation_app_id": null,
"plans": null,
"featured_for_categories_ids": [],
"pinned_for_categories_ids": [],
"pricing_model": null,
"app_type": "app",
"display": null,
"is_connector": true,
"google_analytics_tag_id": null,
"app_live_version": {
"updated_at": "2025-05-01T14:37:28Z",
"id": 10748012
},
"is_solution": null,
"available_for_tiers": null,
"available_for_products": null
}
