Does the app restrict redirects and forwards only to approved destinations, or show a warning when redirecting to potentially untrusted content?
No
The application does not have a user-facing interface which makes redirects (integrations + read-only dashboard)
Does the app protect against mass parameter assignment attacks?
No
The application does not have a user-facing interface (integrations + read-only dashboard)
Does the app perform encoding and sanitization on all user supplied parameters to protect against Cross-Site Scripting?
Yes
Application has 3 sources of user-provided data: 1. Integration 'prompt' text field 2. Table Item values 3. Results generated by processing ML prompts The application has the following measures built-in: 1. All data from 'prompt' text is processed by https://github.com/cure53/DOMPurify library for sanitization (File: sanitization_prompt.png) 2. All data from table item values is processed by https://github.com/cure53/DOMPurify library. (File: sanitization_value.png) 3. All results, generated from ML prompts are processed by https://github.com/cure53/DOMPurify library for sanitization (File: sanitization_ml.png) Application outputs data by updating column values. Before updating data in columns, application uses https://www.npmjs.com/package/validator library to encode HTML tags (using 'encode' function).
Does the developer protect all state-changing actions against Cross-Site Request Forgery (CSRF)?
Yes
All requests to backend are authenticated with monday.com session token. 1. Client-side, application uses the "monday-sdk-js" library to get the session token. This requires the main monday.com application to run. This token is sent to backend in the Authorization header. 2. Backend-side, application is verifying this token using monday client secret. Backend is configured with CORS settings for client origin only.
Does the developer have mechanisms to notify monday.com in case of a security breach?
Yes
Every incident is reviewed and remediation actions are identified. Communicating security breach to monday.com is a part of the process.
Does this developer have a process for installing application-level updates and security patches for the service (such as software packages and databases)?
Yes
Application Frontend and Backend is built and deployed by a pipeline. GitHub Dependabot is used to keep package dependencies up to date.
Compliance
Is the app certified with the information security standard ISO/IEC 27001:2022?
Not answered
Is the app compliant with the Health Insurance Portability and Accountability Act (HIPAA)?
No
Is the app certified with System and Organization Controls (SOC 2 or SOC 3)?
No
Is the app compliant with the General Data Protection Regulation (GDPR)?
Yes
The application is not storing PII or user data apart from usage information. Third-party processors are compliant with GDPR.
Data
Does the app send any data outside of monday.com? If yes, indicate whether the data is customer-submitted (e.g., board names, item names, doc content) or non-customer-submitted (e.g., account ID, board ID, user ID).
Not answered
Where does the app store logs data?
Not answered
Where does the app store the app data?
Not answered
Does the developer ensure application logs do not contain secrets or personally-identifiable information (PII)?
Yes
Application logs are delivered to AWS Cloudwatch Logs log group. The log group has data protection policies enabled for automatic masking and reporting for all sensitive information findings. Enabled policies: Credentials, Device Identifiers, PII, PHI, Financial information
Is customer data segregated from the data of other customers (for example logically or physically)?
Yes
Customer data is segregated logically on the basis of Account ID. Account ID is retrieved from application session, application does not support other means of providing Account ID.
Privacy
Does the developer enforce multi-factor authentication on employees access to systems which may process customer data?
Yes
Customer data is processed on AWS cloud. AWS Access is managed with SSO (AWS Identity Center) from Google Workspace. Google workspace has 2-Factor authentication enforced. AWS Root account has MFA set up.
Does the developer protect access to customer data based on the principle of least privilege?
Yes
The company has only one employee. The application only collects token usage per user and anonymized metrics.
Reviews
June 3, 2024
GC: not attaching to my board on initial download
Installation history
We have data for December 28, 2024 onwards only. Collected sometime after 00:00 UTC daily.
{
"id": 10000426,
"description": "<p>Create complex formulas and generate text with ChatGPT.</p><p>Automatically fill in item values based on AI prompts. Ideal to customise or generate content based on item columns.</p><p><br></p><p><a href=\"https://calendly.com/ops42/demo\" rel=\"noopener noreferrer\" target=\"_blank\">Book a free demo</a> to talk with app creator, get an overview of the features, share ideas and receive <strong>10'000</strong> free Tokens for experiments! 🚀</p><p><strong>Features</strong></p><p>- Add values from other fields to prompts: Select values from board columns and use them directly in the prompt.</p><p>- Run prompt per board item: Run ChatGPT prompt when item data changes</p><p><br></p><p><strong>Benefits</strong></p><p>- Personalize messages 🧑🎨</p><p>- Translate text 📝</p><p>- Search and organize data 🗂️</p><p><br></p><p><strong>About us</strong></p><p>ops42 is striving to provide best quality customer experience. Please use the following email to get in touch with us: <a href=\"mailto:[email protected]\" rel=\"noopener noreferrer\" target=\"_blank\">[email protected]</a></p>",
"short_description": "Create advanced ChatGPT-based free text formulas for boards",
"compliance_answers": [
{
"questionId": 1,
"shortAnswer": true,
"detailedAnswer": "Customer data is segregated logically on the basis of Account ID. Account ID is retrieved from application session, application does not support other means of providing Account ID."
},
{
"questionId": 2,
"shortAnswer": true,
"detailedAnswer": "Application Frontend and Backend is built and deployed by a pipeline.\nGitHub Dependabot is used to keep package dependencies up to date."
},
{
"questionId": 3,
"shortAnswer": true,
"detailedAnswer": "Every incident is reviewed and remediation actions are identified. Communicating security breach to monday.com is a part of the process."
},
{
"questionId": 4,
"shortAnswer": true,
"detailedAnswer": "All requests to backend are authenticated with monday.com session token.\n\n1. Client-side, application uses the \"monday-sdk-js\" library to get the session token. This requires the main monday.com application to run. This token is sent to backend in the Authorization header.\n2. Backend-side, application is verifying this token using monday client secret. Backend is configured with CORS settings for client origin only."
},
{
"questionId": 5,
"shortAnswer": true,
"detailedAnswer": "Application has 3 sources of user-provided data:\n\n1. Integration 'prompt' text field\n\n2. Table Item values\n\n3. Results generated by processing ML prompts\n\nThe application has the following measures built-in:\n\n1. All data from 'prompt' text is processed by https://github.com/cure53/DOMPurify library for sanitization (File: sanitization_prompt.png)\n\n2. All data from table item values is processed by https://github.com/cure53/DOMPurify library. (File: sanitization_value.png)\n\n3. All results, generated from ML prompts are processed by https://github.com/cure53/DOMPurify library for sanitization (File: sanitization_ml.png)\n\nApplication outputs data by updating column values. Before updating data in columns, application uses https://www.npmjs.com/package/validator library to encode HTML tags (using 'encode' function)."
},
{
"questionId": 6,
"shortAnswer": true,
"detailedAnswer": "The company has only one employee.\nThe application only collects token usage per user and anonymized metrics."
},
{
"questionId": 7,
"shortAnswer": true,
"detailedAnswer": "Customer data is processed on AWS cloud. AWS Access is managed with SSO (AWS Identity Center) from Google Workspace.\nGoogle workspace has 2-Factor authentication enforced.\n\nAWS Root account has MFA set up."
},
{
"questionId": 8,
"shortAnswer": true,
"detailedAnswer": "Application logs are delivered to AWS Cloudwatch Logs log group. The log group has data protection policies enabled for automatic masking and reporting for all sensitive information findings.\nEnabled policies: Credentials, Device Identifiers, PII, PHI, Financial information"
},
{
"questionId": 9,
"shortAnswer": false,
"detailedAnswer": "The application does not have a user-facing interface (integrations + read-only dashboard)"
},
{
"questionId": 10,
"shortAnswer": false,
"detailedAnswer": "The application does not have a user-facing interface which makes redirects (integrations + read-only dashboard)"
},
{
"questionId": 11,
"shortAnswer": true,
"detailedAnswer": "The application is not storing PII or user data apart from usage information. Third-party processors are compliant with GDPR."
},
{
"questionId": 12,
"shortAnswer": false
},
{
"questionId": 13,
"shortAnswer": false
},
{
"questionId": 14,
"shortAnswer": true,
"detailedAnswer": "[email protected]"
},
{
"questionId": 15,
"shortAnswer": false
}
],
"badges_data": {
"acquisition_source": "No touch",
"app_values": [
"Popular with Dev users"
]
},
"data": {
"terms_of_service_url": "https://apps.ops42.org/terms_of_service/"
},
"keywords": "ai, chatgpt, formula, generative, generate, translate, openai, personalize, email, marketing",
"thumbnail_url": "https://dapulse-res.cloudinary.com/image/upload/v1711382220/monday-apps-marketplace/Board%20Assistant%20-%20AI%20Formulas/promo_screensSM.jpg",
"logo_url": "https://dapulse-res.cloudinary.com/image/upload/v1711382217/monday-apps-marketplace/Board%20Assistant%20-%20AI%20Formulas/icon192x192.jpg",
"feedback_url": "[email protected]",
"privacy_policy_url": "https://apps.ops42.org/privacy_policy/",
"external_pricing_url": null,
"featured": null,
"security": null,
"display_in_template_store": null,
"acquisition_source": "No touch",
"terms_of_service_url": "https://apps.ops42.org/terms_of_service/",
"label": null,
"app_values": [
"Popular with Dev users"
],
"security_info": null,
"gallery_assets": [
{
"type": "video",
"url": "https://dapulse-res.cloudinary.com/video/upload/v1711868399/monday-apps-marketplace/Board%20Assistant%20-%20AI%20Formulas/presentation_1.mp4"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1711382218/monday-apps-marketplace/Board%20Assistant%20-%20AI%20Formulas/promo_screen0.jpg"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1711382219/monday-apps-marketplace/Board%20Assistant%20-%20AI%20Formulas/promo_screen1.jpg"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1711382219/monday-apps-marketplace/Board%20Assistant%20-%20AI%20Formulas/promo_screen2.jpg"
}
],
"pricing_data": null,
"marketplace_developer_id": 10000180,
"app_id": 10133714,
"marketplace_category_ids": [],
"name": "Board Assistant - AI Formulas",
"app_scope_str": "boards:read,boards:write,me:read,account:read,teams:read,users:read",
"app_client_id": "addf5f33275cc5f1956b4db42482e501",
"app_color": {
"hsl": {
"h": 171.32530120481928,
"s": 0,
"l": 1,
"a": 1
},
"hex": "#ffffff",
"rgb": {
"r": 255,
"g": 255,
"b": 255,
"a": 1
},
"hsv": {
"h": 171.32530120481928,
"s": 0,
"v": 1,
"a": 1
},
"oldHue": 171.32530120481928,
"source": "rgb"
},
"created_at": "2024-03-25T15:58:54.267Z",
"updated_at": "2024-03-31T07:07:14.366Z",
"how_to_use_url": "https://apps.ops42.org/#how-to-use",
"automation_app_id": null,
"plans": [
{
"id": "10133714-1-free",
"appId": 10133714,
"appPlanId": "free",
"versionId": 1,
"versionState": "live",
"name": "Free",
"description": "Free tier to try the app",
"extraData": {
"bullets": [
"1 000 Tokens / month for free",
"Create AI-driven functions for items",
" Add values from columns to AI prompts"
],
"monthlyFee": 0,
"yearlyFee": 0,
"maxSeats": null
},
"isTrial": false,
"isRecommended": false,
"isFree": true,
"currency": "USD",
"prices": {
"type": "standard",
"monthly": 0,
"yearly": 0
}
},
{
"id": "10133714-1-basic",
"appId": 10133714,
"appPlanId": "basic",
"versionId": 1,
"versionState": "live",
"name": "Basic",
"description": "A small set of tokens for small automations",
"extraData": {
"bullets": [
"10 000 Tokens / month",
"Create AI-driven functions for items",
"Add values from columns to AI prompts"
],
"monthlyFee": 19,
"yearlyFee": 16,
"maxSeats": null
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "standard",
"monthly": 19,
"yearly": 16
}
},
{
"id": "10133714-1-pro",
"appId": 10133714,
"appPlanId": "pro",
"versionId": 1,
"versionState": "live",
"name": "Pro",
"description": "Many tokens for most automations",
"extraData": {
"bullets": [
"1 000 000 Tokens / month",
"Create AI-driven functions for items",
"Add values from columns to AI prompts",
"Email support"
],
"monthlyFee": 39,
"yearlyFee": 33,
"maxSeats": null
},
"isTrial": false,
"isRecommended": true,
"isFree": false,
"currency": "USD",
"prices": {
"type": "standard",
"monthly": 39,
"yearly": 33
}
},
{
"id": "10133714-1-expert",
"appId": 10133714,
"appPlanId": "expert",
"versionId": 1,
"versionState": "live",
"name": "Expert",
"description": "Many tokens for big boards and teams",
"extraData": {
"bullets": [
"10 000 000 Tokens / month",
"Create AI-driven functions for items",
"Add values from columns to AI prompts",
"Priority support"
],
"monthlyFee": 79,
"yearlyFee": 66,
"maxSeats": null
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "standard",
"monthly": 79,
"yearly": 66
}
}
],
"featured_for_categories_ids": null,
"pinned_for_categories_ids": null,
"pricing_model": null,
"app_type": "app",
"display": null,
"is_connector": null,
"google_analytics_tag_id": null,
"app_live_version": {
"updated_at": "2024-03-26T09:04:13Z",
"id": 10222168
},
"is_solution": null,
"available_for_tiers": null,
"available_for_products": null
}
