Integrate advanced online proofing into monday.com
Effortlessly share, review, and approve on all creative content with GoProof integration with monday.com.
Streamline the entire online proofing process, from inception right through to sign-off and final delivery. Creative operations and marketing teams can collaborate seamless with clients and stakeholders on any creative asset, such as videos, digital content, web pages, documents, graphics, audio, banners, and so much more.
For more information, visit: goproof.net
Add powerful review and approval functionality to monday.com.
Why GoProof?
Integrated seamlessly within monday.com.
Manage all creative content across multiple teams.
Unite your creative operations with clients and stakeholders
Powerful review and approval functionality
A complete creative audit trail
Market-leading review and approval
Replace the need for multiple MarTech systems by integrating GoProof with monday.com.
A dedicated dashboards for creatives and stakeholders, allows for collaboration at every stage of the review and approval process. Users are able to upload a wealth of creative content such as Adobe Creative Cloud files, animations, videos, web-links, Microsoft & Google docs, and so much more.
GoProof tiers
14-day trial (free)
Connect (monthly or yearly subscription)
Pro (monthly or yearly subscription)
Enterprise (yearly subscription)
All tiers allow for full use of the GoProof system functionality. The free trial is not locked down and allows for the system to be truly trialled before an upgrade is purchased. All plans offer unlimited reviewers and guest per licence - there is no hidden cost with each plan.
Security & Compliance
Security
Does the developer periodically perform penetration testing?
Yes
Performed yearly
Does the developer have a dedicated security and privacy point of contact for such issues or questions?
Does the app restrict redirects and forwards only to approved destinations, or show a warning when redirecting to potentially untrusted content?
Yes
Yes, our application ensures that redirects and forwards are securely managed by exclusively permitting destinations that are pre-approved and listed on an allow list. This is accomplished through the use of Angular's routing mechanism in our main application. Angular's routing framework allows us to define paths and associated components in a way that naturally incorporates security checks against unauthorised redirects. By leveraging Angular's capabilities, we ensure that any attempt to redirect or forward to a new page is validated against our allow list, effectively preventing navigation to potentially untrusted or harmful content. This approach not only enhances the security of our application but also maintains the integrity of user navigation, aligning with best practices for web application security.
Does the app protect against mass parameter assignment attacks?
Yes
Yes, our application is fortified against mass parameter assignment attacks, thanks to the design of our API which is characterised by its granularity. We employ atomic calls that are specifically tailored to update only designated values. This architecture ensures that each call is responsible for a singular, explicit action, thereby mitigating the risk of unintended mass updates or modifications to data fields. By adopting this approach, we effectively limit the scope of each request to the server, ensuring that only authorised changes are made, and maintain stringent control over the data fields that can be modified through the API. This methodical and precise control mechanism is pivotal in safeguarding our system against the potential vulnerabilities associated with mass parameter assignment.
Does the app perform encoding and sanitization on all user supplied parameters to protect against Cross-Site Scripting?
Yes
Yes, our platform employs robust XSS (Cross-Site Scripting) encoding and sanitisation across all user-supplied parameters. This is effectively achieved through the utilisation of reactive forms in Angular 17, which automatically incorporates these security measures. Angular's reactive forms approach not only simplifies form handling but also significantly enhances security by automatically escaping user input. This means that any potentially harmful scripts inserted by users are neutralised before being processed or displayed, thereby preventing XSS vulnerabilities. By leveraging Angular 17's advanced features, we ensure a secure environment for our users, protecting both their data and our systems from XSS attacks without compromising on functionality or user experience.
Does the developer protect all state-changing actions against Cross-Site Request Forgery (CSRF)?
No
Does the developer have mechanisms to notify monday.com in case of a security breach?
Yes
In case of a security breach, we would promptly notify monday.com following our incident response plan, which mandates immediate communication upon detection and confirmation of a breach. The notification, detailing the nature and scope of the breach, would be sent to the designated contact at monday.com as per our partnership agreement. This ensures timely and transparent handling of the incident, facilitating quick mitigation and corrective measures to protect all stakeholders involved.
Does this developer have a process for installing application-level updates and security patches for the service (such as software packages and databases)?
Yes
Our application-level updates and security patches are methodically applied to ensure system integrity and security. For vulnerabilities, our patching timeframes are as follows: Critical vulnerabilities are patched within 24 hours of identification; High vulnerabilities within 72 hours; Medium vulnerabilities within one week; and Low vulnerabilities within one month. This process is part of our commitment to maintaining a secure and reliable service, minimising potential risks to our clients and their data.
Compliance
Is the app certified with the information security standard ISO/IEC 27001:2022?
Not answered
Is the app compliant with the Health Insurance Portability and Accountability Act (HIPAA)?
No
Is the app certified with System and Organization Controls (SOC 2 or SOC 3)?
No
Is the app compliant with the General Data Protection Regulation (GDPR)?
Yes
Fully GPDR compliant
Data
Does the app send any data outside of monday.com? If yes, indicate whether the data is customer-submitted (e.g., board names, item names, doc content) or non-customer-submitted (e.g., account ID, board ID, user ID).
Not answered
Where does the app store logs data?
Not answered
Where does the app store the app data?
Not answered
Does the developer ensure application logs do not contain secrets or personally-identifiable information (PII)?
Yes
In our ZingHub SaaS system, we diligently ensure logs are devoid of secrets, such as passwords and API keys, and personally identifiable information (PII). Adhering to stringent data protection standards and compliance requirements, our approach is twofold: Prudent Data Handling: We practice data minimisation, ensuring logs capture only essential information. This minimises potential security risks associated with storing sensitive data. Sanitisation and Masking: On occasions where logging specific details is necessary for operational efficiency, we employ sanitisation and masking. This process obscures sensitive segments of the data, rendering it secure for monitoring and troubleshooting without compromising privacy. Our logging framework is designed with security at its core, featuring secure storage solutions, rigorous access control, and periodic audits to safeguard against inadvertent logging of sensitive information. Additionally, our proactive monitoring system swiftly flags potential issues, ensuring continuous protection of user data. By upholding these robust logging practices, ZingHub guarantees the security and privacy of our clients' data, reinforcing our commitment to excellence in data stewardship.
Is customer data segregated from the data of other customers (for example logically or physically)?
Yes
Our system employs a unified database architecture with logical segregation of customer data by company. Access controls are rigorously defined to ensure users can interact only with data pertinent to their specific company, safeguarding against unauthorised access to other companies' data. This logical data separation, upheld by precise role and permission management, ensures the confidentiality and integrity of customer information across our platform.
Privacy
Does the developer enforce multi-factor authentication on employees access to systems which may process customer data?
Yes
We implement multi-factor authentication (MFA) to secure access to our systems and customer data in two distinct ways: MFA for Physical Server Access: Physical access to servers that store and process customer data is secured with MFA. This means that any employee needing physical access must provide multiple forms of identification and authentication beyond just a key or access card. This layer ensures that even physical breaches require multiple security challenges, significantly reducing the risk of unauthorised access. MFA for ZingHub Login: For digital access, particularly to our ZingHub platform, MFA is mandatory for all employees. This process requires them not only to enter their password but also to verify their identity through a second factor, such as a code sent to a mobile device or generated by an authenticator app. This step ensures that access to our digital resources is doubly protected, safeguarding sensitive customer data from cyber threats. By applying MFA both to physical and digital realms, we significantly heighten our security posture, ensuring robust protection against unauthorised access and enhancing the overall security of customer data. This comprehensive approach to MFA is a testament to our commitment to maintaining the highest standards of data security.
Does the developer protect access to customer data based on the principle of least privilege?
Yes
To safeguard customer data from unauthorized access by non-classified employees, we've instituted stringent security measures: Role-Based Access Control (RBAC): Employees are granted access only to data essential for their roles, minimising unauthorised access risks. Least Privilege Principle: Access levels are carefully assigned to ensure employees have only the minimal access needed for their job functions, effectively reducing the likelihood of data breaches. Data Classification: Data is categorised based on sensitivity, with access restricted to those needing it for their roles, ensuring that sensitive information is tightly controlled. Auditing and Monitoring: Regular audits and monitoring of data access patterns help detect unauthorised access, with anomalies investigated promptly. Employee Training: Security awareness training is mandatory for all employees, emphasising the importance of our data protection policies and the proper handling of sensitive information. Encryption and Anonymisation: We employ encryption for data at rest and in transit and use anonymisation where feasible to protect data integrity. Physical Security: Robust physical security measures prevent unauthorised access to our facilities, protecting devices and networks storing customer data. Security Assessments: Our security measures are regularly evaluated and updated in response to new threats, ensuring ongoing protection of customer data. These comprehensive measures collectively safeguard customer data against unauthorised access by non-classified employees, maintaining our commitment to data security and customer trust.
Reviews
No reviews yet.
Installation history
We have data for December 28, 2024 onwards only. Collected sometime after 00:00 UTC daily.
{
"id": 10000453,
"description": "<p>Effortlessly share, review, and approve on all creative content with GoProof integration with monday.com.</p><p> </p><p>Streamline the entire online proofing process, from inception right through to sign-off and final delivery. Creative operations and marketing teams can collaborate seamless with clients and stakeholders on any creative asset, such as videos, digital content, web pages, documents, graphics, audio, banners, and so much more.</p><p> </p><p>For more information, visit: goproof.net</p><p> </p><p>Add powerful review and approval functionality to monday.com.</p><p> </p><p>Why GoProof?</p><ul><li>Integrated seamlessly within monday.com.</li><li>Manage all creative content across multiple teams.</li><li>Unite your creative operations with clients and stakeholders</li><li>Powerful review and approval functionality</li><li>A complete creative audit trail</li><li>Market-leading review and approval</li></ul><p> </p><p>Replace the need for multiple MarTech systems by integrating GoProof with monday.com.</p><p> </p><p>A dedicated dashboards for creatives and stakeholders, allows for collaboration at every stage of the review and approval process. Users are able to upload a wealth of creative content such as Adobe Creative Cloud files, animations, videos, web-links, Microsoft & Google docs, and so much more.</p><p><br></p><p>GoProof tiers</p><ul><li>14-day trial (free)</li><li>Connect (monthly or yearly subscription)</li><li>Pro (monthly or yearly subscription)</li><li>Enterprise (yearly subscription)</li></ul><p><br></p><p>All tiers allow for full use of the GoProof system functionality. The free trial is not locked down and allows for the system to be truly trialled before an upgrade is purchased. All plans offer unlimited reviewers and guest per licence - there is no hidden cost with each plan.</p>",
"short_description": "Integrate advanced online proofing into monday.com",
"compliance_answers": [
{
"questionId": 1,
"shortAnswer": true,
"detailedAnswer": "Our system employs a unified database architecture with logical segregation of customer data by company. Access controls are rigorously defined to ensure users can interact only with data pertinent to their specific company, safeguarding against unauthorised access to other companies' data. This logical data separation, upheld by precise role and permission management, ensures the confidentiality and integrity of customer information across our platform."
},
{
"questionId": 2,
"shortAnswer": true,
"detailedAnswer": "Our application-level updates and security patches are methodically applied to ensure system integrity and security. For vulnerabilities, our patching timeframes are as follows: Critical vulnerabilities are patched within 24 hours of identification; High vulnerabilities within 72 hours; Medium vulnerabilities within one week; and Low vulnerabilities within one month. This process is part of our commitment to maintaining a secure and reliable service, minimising potential risks to our clients and their data."
},
{
"questionId": 3,
"shortAnswer": true,
"detailedAnswer": "In case of a security breach, we would promptly notify monday.com following our incident response plan, which mandates immediate communication upon detection and confirmation of a breach. The notification, detailing the nature and scope of the breach, would be sent to the designated contact at monday.com as per our partnership agreement. This ensures timely and transparent handling of the incident, facilitating quick mitigation and corrective measures to protect all stakeholders involved."
},
{
"questionId": 4,
"shortAnswer": false
},
{
"questionId": 5,
"shortAnswer": true,
"detailedAnswer": "Yes, our platform employs robust XSS (Cross-Site Scripting) encoding and sanitisation across all user-supplied parameters. This is effectively achieved through the utilisation of reactive forms in Angular 17, which automatically incorporates these security measures. Angular's reactive forms approach not only simplifies form handling but also significantly enhances security by automatically escaping user input. This means that any potentially harmful scripts inserted by users are neutralised before being processed or displayed, thereby preventing XSS vulnerabilities. By leveraging Angular 17's advanced features, we ensure a secure environment for our users, protecting both their data and our systems from XSS attacks without compromising on functionality or user experience."
},
{
"questionId": 6,
"shortAnswer": true,
"detailedAnswer": "To safeguard customer data from unauthorized access by non-classified employees, we've instituted stringent security measures:\n\nRole-Based Access Control (RBAC): Employees are granted access only to data essential for their roles, minimising unauthorised access risks.\n\nLeast Privilege Principle: Access levels are carefully assigned to ensure employees have only the minimal access needed for their job functions, effectively reducing the likelihood of data breaches.\n\nData Classification: Data is categorised based on sensitivity, with access restricted to those needing it for their roles, ensuring that sensitive information is tightly controlled.\n\nAuditing and Monitoring: Regular audits and monitoring of data access patterns help detect unauthorised access, with anomalies investigated promptly.\n\nEmployee Training: Security awareness training is mandatory for all employees, emphasising the importance of our data protection policies and the proper handling of sensitive information.\n\nEncryption and Anonymisation: We employ encryption for data at rest and in transit and use anonymisation where feasible to protect data integrity.\n\nPhysical Security: Robust physical security measures prevent unauthorised access to our facilities, protecting devices and networks storing customer data.\n\nSecurity Assessments: Our security measures are regularly evaluated and updated in response to new threats, ensuring ongoing protection of customer data.\n\nThese comprehensive measures collectively safeguard customer data against unauthorised access by non-classified employees, maintaining our commitment to data security and customer trust."
},
{
"questionId": 7,
"shortAnswer": true,
"detailedAnswer": "We implement multi-factor authentication (MFA) to secure access to our systems and customer data in two distinct ways:\n\nMFA for Physical Server Access: Physical access to servers that store and process customer data is secured with MFA. This means that any employee needing physical access must provide multiple forms of identification and authentication beyond just a key or access card. This layer ensures that even physical breaches require multiple security challenges, significantly reducing the risk of unauthorised access.\n\nMFA for ZingHub Login: For digital access, particularly to our ZingHub platform, MFA is mandatory for all employees. This process requires them not only to enter their password but also to verify their identity through a second factor, such as a code sent to a mobile device or generated by an authenticator app. This step ensures that access to our digital resources is doubly protected, safeguarding sensitive customer data from cyber threats.\n\nBy applying MFA both to physical and digital realms, we significantly heighten our security posture, ensuring robust protection against unauthorised access and enhancing the overall security of customer data. This comprehensive approach to MFA is a testament to our commitment to maintaining the highest standards of data security."
},
{
"questionId": 8,
"shortAnswer": true,
"detailedAnswer": "In our ZingHub SaaS system, we diligently ensure logs are devoid of secrets, such as passwords and API keys, and personally identifiable information (PII). Adhering to stringent data protection standards and compliance requirements, our approach is twofold:\n\nPrudent Data Handling: We practice data minimisation, ensuring logs capture only essential information. This minimises potential security risks associated with storing sensitive data.\n\nSanitisation and Masking: On occasions where logging specific details is necessary for operational efficiency, we employ sanitisation and masking. This process obscures sensitive segments of the data, rendering it secure for monitoring and troubleshooting without compromising privacy.\n\nOur logging framework is designed with security at its core, featuring secure storage solutions, rigorous access control, and periodic audits to safeguard against inadvertent logging of sensitive information. Additionally, our proactive monitoring system swiftly flags potential issues, ensuring continuous protection of user data.\n\nBy upholding these robust logging practices, ZingHub guarantees the security and privacy of our clients' data, reinforcing our commitment to excellence in data stewardship."
},
{
"questionId": 9,
"shortAnswer": true,
"detailedAnswer": "Yes, our application is fortified against mass parameter assignment attacks, thanks to the design of our API which is characterised by its granularity. We employ atomic calls that are specifically tailored to update only designated values. This architecture ensures that each call is responsible for a singular, explicit action, thereby mitigating the risk of unintended mass updates or modifications to data fields. By adopting this approach, we effectively limit the scope of each request to the server, ensuring that only authorised changes are made, and maintain stringent control over the data fields that can be modified through the API. This methodical and precise control mechanism is pivotal in safeguarding our system against the potential vulnerabilities associated with mass parameter assignment."
},
{
"questionId": 10,
"shortAnswer": true,
"detailedAnswer": "Yes, our application ensures that redirects and forwards are securely managed by exclusively permitting destinations that are pre-approved and listed on an allow list. This is accomplished through the use of Angular's routing mechanism in our main application. Angular's routing framework allows us to define paths and associated components in a way that naturally incorporates security checks against unauthorised redirects. By leveraging Angular's capabilities, we ensure that any attempt to redirect or forward to a new page is validated against our allow list, effectively preventing navigation to potentially untrusted or harmful content. This approach not only enhances the security of our application but also maintains the integrity of user navigation, aligning with best practices for web application security."
},
{
"questionId": 11,
"shortAnswer": true,
"detailedAnswer": "Fully GPDR compliant"
},
{
"questionId": 12,
"shortAnswer": false
},
{
"questionId": 13,
"shortAnswer": false
},
{
"questionId": 14,
"shortAnswer": true,
"detailedAnswer": "[email protected]"
},
{
"questionId": 15,
"shortAnswer": true,
"detailedAnswer": "Performed yearly"
}
],
"badges_data": {
"pricing_data": "14 day trial",
"acquisition_source": "No touch",
"app_values": [
"Everyday tasks"
]
},
"data": {
"terms_of_service_url": "https://www.goproof.net/documents/terms-of-use",
"is_connector": true
},
"keywords": "Proofing, Review, Creative Assets, Creative Content,Online proofing",
"thumbnail_url": "https://dapulse-res.cloudinary.com/image/upload/v1715003251/monday-apps-marketplace/ZingHub/AppGallery-3_3.png",
"logo_url": "https://cdn.monday.com/marketplace/10000453/10000453_2024_5_19_10_39_13_l477x9.jpg",
"feedback_url": "https://www.goproof.net/monday-support",
"privacy_policy_url": "https://www.goproof.net/documents/privacy-policy",
"external_pricing_url": "https://www.myzinghub.com/pricing",
"featured": null,
"security": null,
"display_in_template_store": null,
"acquisition_source": "No touch",
"terms_of_service_url": "https://www.goproof.net/documents/terms-of-use",
"label": null,
"app_values": [
"Everyday tasks"
],
"security_info": null,
"gallery_assets": [
{
"url": "https://cdn.monday.com/marketplace/10000453/10000453_2024_5_19_10_49_49_d0oov7b.png",
"type": "image"
},
{
"url": "https://cdn.monday.com/marketplace/10000453/10000453_2024_5_19_10_49_58_4s9n3gt.png",
"type": "image"
},
{
"url": "https://cdn.monday.com/marketplace/10000453/10000453_2024_5_19_10_50_5_09yh14a.png",
"type": "image"
},
{
"url": "https://cdn.monday.com/marketplace/10000453/10000453_2024_5_19_10_50_11_i5julhp.png",
"type": "image"
}
],
"pricing_data": "14 day trial",
"marketplace_developer_id": 10000192,
"app_id": 10142233,
"marketplace_category_ids": [
13,
8,
7
],
"name": "GoProof",
"app_scope_str": "me:read,boards:write,boards:read,notifications:write,docs:read,users:read,assets:read",
"app_client_id": "917ba83a40cfef0c6f55439100d87a10",
"app_color": {
"hsl": {
"h": 93.14285714285714,
"s": 0.4320987654320988,
"l": 0.5235294117647058,
"a": 1
},
"hex": "#80ba51",
"rgb": {
"r": 128,
"g": 186,
"b": 81,
"a": 1
},
"hsv": {
"h": 93.14285714285714,
"s": 0.5645161290322581,
"v": 0.7294117647058823,
"a": 1
},
"oldHue": 342.9139072847682,
"source": "rgb"
},
"created_at": "2024-05-06T13:48:21.983Z",
"updated_at": "2024-06-24T09:51:54.029Z",
"how_to_use_url": "https://www.myzinghub.com/support",
"automation_app_id": null,
"plans": null,
"featured_for_categories_ids": [],
"pinned_for_categories_ids": [],
"pricing_model": null,
"app_type": "app",
"display": null,
"is_connector": true,
"google_analytics_tag_id": null,
"app_live_version": {
"updated_at": "2024-06-19T10:38:50Z",
"id": 10260775
},
"is_solution": null,
"available_for_tiers": null,
"available_for_products": null
}
