Does the app restrict redirects and forwards only to approved destinations, or show a warning when redirecting to potentially untrusted content?
No
Does the app protect against mass parameter assignment attacks?
Yes
In Rails: we protects against mass assignment attacks through strong parameters and model-level protection.
Does the app perform encoding and sanitization on all user supplied parameters to protect against Cross-Site Scripting?
Yes
In Rails: we use permit method to allow only whitelisted params to be used. In React: we didn't use any dangerouslySetInnerHTML and also Rely on React's automatic escaping for dynamic content.
Does the developer protect all state-changing actions against Cross-Site Request Forgery (CSRF)?
Yes
In Rails: we enabled the CSRF protection, to ensure forms include authenticity tokens, and expose the CSRF token for API requests. In React: fetch the CSRF token from the backend and include it in state-changing requests using a custom fetch function.
Does the developer have mechanisms to notify monday.com in case of a security breach?
Yes
We will contact monday.com marketplace team if we found any unauthorized read/write on our database.
Does this developer have a process for installing application-level updates and security patches for the service (such as software packages and databases)?
Yes
1. Push changes to Github 2. Push changes to digital ocean droplet 3. Release new version of the app for the new monday.com code build
Compliance
Is the app certified with the information security standard ISO/IEC 27001:2022?
Not answered
Is the app compliant with the Health Insurance Portability and Accountability Act (HIPAA)?
Yes
Is the app certified with System and Organization Controls (SOC 2 or SOC 3)?
No
Is the app compliant with the General Data Protection Regulation (GDPR)?
No
Data
Does the app send any data outside of monday.com? If yes, indicate whether the data is customer-submitted (e.g., board names, item names, doc content) or non-customer-submitted (e.g., account ID, board ID, user ID).
Not answered
Where does the app store logs data?
monday
Where does the app store the app data?
DB
Does the developer ensure application logs do not contain secrets or personally-identifiable information (PII)?
Yes
We are currently using user_id to identify errors in the logs
Is customer data segregated from the data of other customers (for example logically or physically)?
Yes
We use logical segregation for each user with Devise gem in Ruby on Rails.
Privacy
Does the developer enforce multi-factor authentication on employees access to systems which may process customer data?
No
Does the developer protect access to customer data based on the principle of least privilege?
Yes
Only the founder has access to production database.
Reviews
No reviews yet.
Installation history
We have data for December 28, 2024 onwards only. Collected sometime after 00:00 UTC daily.
{
"id": 10000468,
"description": "<p>Ever get tired of manually searching for <em>qualified leads</em> and then copy pasting their details to monday.com?</p><p><strong>Get targeted leads</strong> for your business and effortlessly save them to your monday.com boards with our seamless integration with the Google Places API.</p><p>Simplify your lead generation process and boost productivity, <strong>no more manual copy pasting!</strong></p><p><br></p><p><strong>Key Features</strong></p><p>🔍Search targeted leads with keywords and location.</p><p><strong>📊</strong>Get leads data such as business name, rating, address, phone number, and website.</p><p><strong>✅</strong>Effortlessly save leads to your Monday boards in one click.</p><p><br></p><p><strong>Use case examples:</strong></p><ul><li><strong>Web Development Agency Owner in New York</strong></li></ul><p>Quickly find gyms in New York without websites for potential partnerships.</p><p><br></p><ul><li><strong>Fitness Equipment Supplier in San Francisco</strong></li></ul><p>Target fitness centers and wellness establishments in San Francisco for sales opportunities.</p><ul><li><strong>Freelance Graphic Designer in Chicago</strong></li></ul><p>Connect with small businesses in Chicago in need of design services.</p><p>Book a live demo <a href=\"https://calendly.com/support-tk7b/30min?month=2024-05\" rel=\"noopener noreferrer\" target=\"_blank\">here</a></p>",
"short_description": "Get geo-targeted leads, save to boards in 1 click!",
"compliance_answers": [
{
"questionId": 1,
"shortAnswer": true,
"detailedAnswer": "We use logical segregation for each user with Devise gem in Ruby on Rails."
},
{
"questionId": 2,
"shortAnswer": true,
"detailedAnswer": "1. Push changes to Github\n2. Push changes to digital ocean droplet\n3. Release new version of the app for the new monday.com code build"
},
{
"questionId": 3,
"shortAnswer": true,
"detailedAnswer": "We will contact monday.com marketplace team if we found any unauthorized read/write on our database."
},
{
"questionId": 4,
"shortAnswer": true,
"detailedAnswer": "In Rails: we enabled the CSRF protection, to ensure forms include authenticity tokens, and expose the CSRF token for API requests.\n\nIn React: fetch the CSRF token from the backend and include it in state-changing requests using a custom fetch function."
},
{
"questionId": 5,
"shortAnswer": true,
"detailedAnswer": "In Rails: we use permit method to allow only whitelisted params to be used.\n\nIn React: we didn't use any dangerouslySetInnerHTML and also Rely on React's automatic escaping for dynamic content."
},
{
"questionId": 6,
"shortAnswer": true,
"detailedAnswer": "Only the founder has access to production database."
},
{
"questionId": 7,
"shortAnswer": false
},
{
"questionId": 8,
"shortAnswer": true,
"detailedAnswer": "We are currently using user_id to identify errors in the logs"
},
{
"questionId": 9,
"shortAnswer": true,
"detailedAnswer": "In Rails: we protects against mass assignment attacks through strong parameters and model-level protection."
},
{
"questionId": 10,
"shortAnswer": false
},
{
"questionId": 11,
"shortAnswer": false
},
{
"questionId": 12,
"shortAnswer": false
},
{
"questionId": 13,
"shortAnswer": true
},
{
"questionId": 14,
"shortAnswer": true,
"detailedAnswer": "Founder ([email protected])"
},
{
"questionId": 15,
"shortAnswer": false
},
{
"questionId": 17,
"dataHostingProvider": "DB"
},
{
"questionId": 18,
"logHostingProvider": "monday"
}
],
"badges_data": {
"pricing_data": "Free plan available",
"acquisition_source": "No touch",
"app_values": [
"Popular with CRM users"
]
},
"data": {
"terms_of_service_url": "https://www.getturboflow.com/terms-of-service"
},
"keywords": "Automated lead generation, Lead management, Sales automation, Lead tracking",
"thumbnail_url": "https://dapulse-res.cloudinary.com/image/upload/v1716298106/monday-apps-marketplace/TurboLeads/Turboleads_card.png",
"logo_url": "https://dapulse-res.cloudinary.com/image/upload/v1716298106/monday-apps-marketplace/TurboLeads/app-icon_1_1.png",
"feedback_url": "[email protected]",
"privacy_policy_url": "https://www.getturboflow.com/privacy-policy",
"external_pricing_url": null,
"featured": null,
"security": null,
"display_in_template_store": null,
"acquisition_source": "No touch",
"terms_of_service_url": "https://www.getturboflow.com/terms-of-service",
"label": null,
"app_values": [
"Popular with CRM users"
],
"security_info": null,
"gallery_assets": [
{
"type": "video",
"url": "https://dapulse-res.cloudinary.com/video/upload/v1716298109/monday-apps-marketplace/TurboLeads/TurboLeads_Promo.mp4"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1716298106/monday-apps-marketplace/TurboLeads/gallery-1_2.png"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1716298106/monday-apps-marketplace/TurboLeads/gallery-2_2.png"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1716298106/monday-apps-marketplace/TurboLeads/gallery-3_2.png"
}
],
"pricing_data": "Free plan available",
"marketplace_developer_id": 10000200,
"app_id": 10111322,
"marketplace_category_ids": [
13,
6,
4
],
"name": "TurboLeads",
"app_scope_str": "boards:read,boards:write",
"app_client_id": "4bc3f6de340e960bd283657d61ec548b",
"app_color": "#250F5D",
"created_at": "2024-05-21T13:30:33.237Z",
"updated_at": "2024-05-28T13:53:11.495Z",
"how_to_use_url": "https://www.getturboflow.com/turboleads/how-to-use",
"automation_app_id": null,
"plans": [
{
"id": "10111322-1-free_turboleads",
"appId": 10111322,
"appPlanId": "free_turboleads",
"versionId": 1,
"versionState": "live",
"name": "Free",
"description": "",
"extraData": {
"bullets": [
"10 searches for Geo targeted search per month",
"Unlimited item save to board"
],
"monthlyFee": 0,
"yearlyFee": 0,
"maxSeats": null
},
"isTrial": false,
"isRecommended": false,
"isFree": true,
"currency": "USD",
"prices": {
"type": "standard",
"monthly": 0,
"yearly": 0
}
},
{
"id": "10111322-1-pro_turboleads",
"appId": 10111322,
"appPlanId": "pro_turboleads",
"versionId": 1,
"versionState": "live",
"name": "Pro",
"description": "",
"extraData": {
"bullets": [
"Unlimited Geo targeted search per month",
"Unlimited item save to board"
],
"monthlyFee": 39,
"yearlyFee": 30,
"maxSeats": null
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "standard",
"monthly": 39,
"yearly": 30
}
}
],
"featured_for_categories_ids": [],
"pinned_for_categories_ids": [],
"pricing_model": null,
"app_type": "app",
"display": null,
"is_connector": null,
"google_analytics_tag_id": null,
"app_live_version": {
"updated_at": "2025-02-21T05:51:05Z",
"id": 10591485
},
"is_solution": null,
"available_for_tiers": null,
"available_for_products": null
}
