Doc2Board is a tool designed to transform the way you manage projects by automating the conversion of documents into actionable tasks. Whether you're working with PDFs, DOCs, or TXT files, Doc2Board uses advanced Optical Character Recognition (OCR) and Artificial Intelligence (AI) to accurately extract information and seamlessly integrate it into your monday workspace.
Say goodbye to the tedious task of manual data entry and the errors that often come with it. With Doc2Board, you can effortlessly create tasks, importing them directly into your boards. This not only saves valuable time but also enhances productivity by allowing you to focus on more strategic aspects of your projects.
Doc2Board ensures that all data transit is encrypted and offers various plans to cater to different needs. The Free, Starter and Teams plans use a commercial LLM (GPT, Claude), while the Custom plan provides the option for a private LLM.
Does the app restrict redirects and forwards only to approved destinations, or show a warning when redirecting to potentially untrusted content?
Yes
We avoid using direct user input for redirect destinations. Instead, we map user actions to predefined, trusted URLs.
Does the app protect against mass parameter assignment attacks?
Yes
Where possible, we disable or limit mass assignment features within our ORM (Object-Relational Mapping) libraries.
Does the app perform encoding and sanitization on all user supplied parameters to protect against Cross-Site Scripting?
Yes
Input Validation and Sanitization: Server-Side Validation: All user inputs are validated on the server side to ensure they meet the expected format and constraints. We use libraries and frameworks that provide built-in sanitization functions to remove or neutralize potentially harmful code. Client-Side Validation: While server-side validation is the primary defense, we also implement client-side validation to provide immediate feedback to users and reduce the load on the server. Escaping and Encoding: Input Encoding: Before using user-supplied data, we encode the input to ensure that any HTML special characters are properly escaped. Using Trusted Libraries: DOMPurify: For HTML sanitization, we use DOMPurify, a library that cleans HTML by removing malicious code while preserving valid content. It is used to sanitize any HTML input before rendering it in the browser. Other Libraries: We leverage other trusted libraries and frameworks that provide built-in XSS protection features, such as React's automatic escaping of strings in JSX and Angular's built-in XSS protection.
Does the developer protect all state-changing actions against Cross-Site Request Forgery (CSRF)?
Yes
We implement a strict Cross-Origin Resource Sharing (CORS) policy to ensure that only trusted origins (monday.com) can interact with our API, further reducing the risk of CSRF attacks.
Does the developer have mechanisms to notify monday.com in case of a security breach?
Yes
In the event of a security breach, we will immediately contain the breach and prevent further unauthorized access. monday.com will be notified within 24 hours of detecting the breach, providing a brief overview of the incident via email or phone. Within 48 hours, a detailed report will be submitted, including a description of the breach, its impact, containment measures, and mitigation steps. We will keep monday.com regularly updated on the progress of the investigation and provide a final report upon resolution.
Does this developer have a process for installing application-level updates and security patches for the service (such as software packages and databases)?
Yes
Our patching time frames are designed to address vulnerabilities based on their severity and potential impact on our service and customers. The time frames are as follows: Critical Vulnerabilities: Within 24 hours of identification. These vulnerabilities pose an immediate threat to the security and stability of our systems and could lead to significant data breaches or service disruptions. They are addressed with the highest priority and expedited through our patching process. High Vulnerabilities: Within 1 week of identification. Serious vulnerabilities, that could potentially be exploited to cause significant harm, are prioritized and patched as quickly as possible after thorough testing. Medium Vulnerabilities: Within 1 month of identification. Those of lower risk of exploitation are scheduled for regular patching cycles and addressed in a timely manner. Low Vulnerabilities: Within 3 months of identification. These vulnerabilities pose minimal risk and are addressed during routine maintenance and update cycles. They are patched to ensure ongoing security hygiene and compliance.
Compliance
Is the app certified with the information security standard ISO/IEC 27001:2022?
Not answered
Is the app compliant with the Health Insurance Portability and Accountability Act (HIPAA)?
No
Is the app certified with System and Organization Controls (SOC 2 or SOC 3)?
No
Is the app compliant with the General Data Protection Regulation (GDPR)?
Yes
Data
Does the app send any data outside of monday.com? If yes, indicate whether the data is customer-submitted (e.g., board names, item names, doc content) or non-customer-submitted (e.g., account ID, board ID, user ID).
Not answered
Where does the app store logs data?
monday
Where does the app store the app data?
DB
Does the developer ensure application logs do not contain secrets or personally-identifiable information (PII)?
Yes
We use the following: Selective Logging: Logging Policies: We have strict logging policies that dictate what types of information can and cannot be logged. These policies ensure that only non-sensitive, operational data is recorded in logs. Minimal Logging: We adhere to the principle of minimal logging, capturing only the essential information required for troubleshooting and performance monitoring, thereby reducing the risk of logging sensitive data. Environment-Specific Logging: Development and Production: We differentiate between logging in development and production environments. In development, more detailed logs might be necessary, but we ensure they do not contain any real user data. In production, logs are carefully monitored and controlled to exclude any secrets or PII.
Is customer data segregated from the data of other customers (for example logically or physically)?
Yes
We use Logical Segregation: Tenant IDs: Each customer's data is tagged with a unique tenant ID, ensuring that our access controls strictly enforce that users can only access data belonging to their tenant.
Privacy
Does the developer enforce multi-factor authentication on employees access to systems which may process customer data?
Yes
Does the developer protect access to customer data based on the principle of least privilege?
Yes
We use Role-Based Access Control (RBAC) like: Access Levels: We implement Role-Based Access Control (RBAC) to ensure that employees only have access to the data necessary for their job functions. Access levels are determined based on roles such as administrator, developer, support staff, and other relevant positions. Principle of Least Privilege: Employees are granted the minimum level of access required to perform their duties. This minimizes the risk of unauthorized access to customer data.
Reviews
No reviews yet.
Installation history
We have data for December 28, 2024 onwards only. Collected sometime after 00:00 UTC daily.
{
"id": 10000506,
"description": "<p>Doc2Board is a tool designed to transform the way you manage projects by automating the conversion of documents into actionable tasks. Whether you're working with PDFs, DOCs, or TXT files, Doc2Board uses advanced Optical Character Recognition (OCR) and Artificial Intelligence (AI) to accurately extract information and seamlessly integrate it into your monday workspace.</p><p>Say goodbye to the tedious task of manual data entry and the errors that often come with it. With Doc2Board, you can effortlessly create tasks, importing them directly into your boards. This not only saves valuable time but also enhances productivity by allowing you to focus on more strategic aspects of your projects.</p><p>Doc2Board ensures that all data transit is encrypted and offers various plans to cater to different needs. The Free, Starter and Teams plans use a commercial LLM (GPT, Claude), while the Custom plan provides the option for a private LLM.</p><p>Key Features:</p><p>📄 Automatic Document Conversion: Transform workdocs, PDFs, DOCs, PPTs TXT files into tasks.</p><p>🧠 AI-Powered Accuracy: Utilize advanced OCR and AI for precise data extraction.</p><p>🔗 Seamless Integration: Already integrated into monday workspace.</p><p>🔒 Encrypted Data Transit: Ensure secure handling of all data.</p><p>💡 Want a sneak peek? Watch our demo video here!</p>",
"short_description": "Convert any document into actionable items.",
"compliance_answers": [
{
"questionId": 1,
"shortAnswer": true,
"detailedAnswer": "We use Logical Segregation:\n\nTenant IDs: Each customer's data is tagged with a unique tenant ID, ensuring that our access controls strictly enforce that users can only access data belonging to their tenant.\n"
},
{
"questionId": 2,
"shortAnswer": true,
"detailedAnswer": "Our patching time frames are designed to address vulnerabilities based on their severity and potential impact on our service and customers. The time frames are as follows:\n\nCritical Vulnerabilities: Within 24 hours of identification.\nThese vulnerabilities pose an immediate threat to the security and stability of our systems and could lead to significant data breaches or service disruptions. They are addressed with the highest priority and expedited through our patching process.\n\nHigh Vulnerabilities: Within 1 week of identification.\nSerious vulnerabilities, that could potentially be exploited to cause significant harm, are prioritized and patched as quickly as possible after thorough testing.\n\nMedium Vulnerabilities: Within 1 month of identification.\nThose of lower risk of exploitation are scheduled for regular patching cycles and addressed in a timely manner.\n\nLow Vulnerabilities: Within 3 months of identification.\nThese vulnerabilities pose minimal risk and are addressed during routine maintenance and update cycles. They are patched to ensure ongoing security hygiene and compliance."
},
{
"questionId": 3,
"shortAnswer": true,
"detailedAnswer": "In the event of a security breach, we will immediately contain the breach and prevent further unauthorized access. monday.com will be notified within 24 hours of detecting the breach, providing a brief overview of the incident via email or phone. Within 48 hours, a detailed report will be submitted, including a description of the breach, its impact, containment measures, and mitigation steps. We will keep monday.com regularly updated on the progress of the investigation and provide a final report upon resolution."
},
{
"questionId": 4,
"shortAnswer": true,
"detailedAnswer": "We implement a strict Cross-Origin Resource Sharing (CORS) policy to ensure that only trusted origins (monday.com) can interact with our API, further reducing the risk of CSRF attacks."
},
{
"questionId": 5,
"shortAnswer": true,
"detailedAnswer": "Input Validation and Sanitization:\n\nServer-Side Validation: All user inputs are validated on the server side to ensure they meet the expected format and constraints. We use libraries and frameworks that provide built-in sanitization functions to remove or neutralize potentially harmful code.\nClient-Side Validation: While server-side validation is the primary defense, we also implement client-side validation to provide immediate feedback to users and reduce the load on the server.\n\nEscaping and Encoding:\n\nInput Encoding: Before using user-supplied data, we encode the input to ensure that any HTML special characters are properly escaped. \n\nUsing Trusted Libraries:\n\nDOMPurify: For HTML sanitization, we use DOMPurify, a library that cleans HTML by removing malicious code while preserving valid content. It is used to sanitize any HTML input before rendering it in the browser.\nOther Libraries: We leverage other trusted libraries and frameworks that provide built-in XSS protection features, such as React's automatic escaping of strings in JSX and Angular's built-in XSS protection."
},
{
"questionId": 6,
"shortAnswer": true,
"detailedAnswer": "We use Role-Based Access Control (RBAC) like:\n\nAccess Levels: We implement Role-Based Access Control (RBAC) to ensure that employees only have access to the data necessary for their job functions. Access levels are determined based on roles such as administrator, developer, support staff, and other relevant positions.\nPrinciple of Least Privilege: Employees are granted the minimum level of access required to perform their duties. This minimizes the risk of unauthorized access to customer data."
},
{
"questionId": 7,
"shortAnswer": true
},
{
"questionId": 8,
"shortAnswer": true,
"detailedAnswer": "We use the following:\n\nSelective Logging:\n\nLogging Policies: We have strict logging policies that dictate what types of information can and cannot be logged. These policies ensure that only non-sensitive, operational data is recorded in logs.\nMinimal Logging: We adhere to the principle of minimal logging, capturing only the essential information required for troubleshooting and performance monitoring, thereby reducing the risk of logging sensitive data.\n\nEnvironment-Specific Logging:\n\nDevelopment and Production: We differentiate between logging in development and production environments. In development, more detailed logs might be necessary, but we ensure they do not contain any real user data. In production, logs are carefully monitored and controlled to exclude any secrets or PII."
},
{
"questionId": 9,
"shortAnswer": true,
"detailedAnswer": "Where possible, we disable or limit mass assignment features within our ORM (Object-Relational Mapping) libraries."
},
{
"questionId": 10,
"shortAnswer": true,
"detailedAnswer": "We avoid using direct user input for redirect destinations. Instead, we map user actions to predefined, trusted URLs."
},
{
"questionId": 11,
"shortAnswer": true
},
{
"questionId": 12,
"shortAnswer": false
},
{
"questionId": 13,
"shortAnswer": false
},
{
"questionId": 14,
"shortAnswer": true,
"detailedAnswer": "[email protected]"
},
{
"questionId": 15,
"shortAnswer": false
},
{
"questionId": 17,
"dataHostingProvider": "DB"
},
{
"questionId": 18,
"logHostingProvider": "monday"
}
],
"badges_data": {
"pricing_data": "Free plan available",
"acquisition_source": "No touch",
"app_values": [
"Centralize your work on monday.com"
]
},
"data": {
"terms_of_service_url": "https://doc2board.com/tos"
},
"keywords": "Document Automation, Task Management, OCR, AI Workflow, PDF to Tasks, workdoc to item, document to board, task conversion",
"thumbnail_url": "https://dapulse-res.cloudinary.com/image/upload/v1718634282/monday-apps-marketplace/Doc2Board%20for%20monday.com/Doc2Board-AppCard.jpg",
"logo_url": "https://dapulse-res.cloudinary.com/image/upload/v1718634282/monday-apps-marketplace/Doc2Board%20for%20monday.com/Doc2Board-Icon-192x192.jpg",
"feedback_url": "[email protected]",
"privacy_policy_url": "https://doc2board.com/privacy-policy",
"external_pricing_url": null,
"featured": null,
"security": null,
"display_in_template_store": null,
"acquisition_source": "No touch",
"terms_of_service_url": "https://doc2board.com/tos",
"label": null,
"app_values": [
"Centralize your work on monday.com"
],
"security_info": null,
"gallery_assets": [
{
"type": "video",
"url": "https://dapulse-res.cloudinary.com/video/upload/v1718634288/monday-apps-marketplace/Doc2Board%20for%20monday.com/Doc2BoardPromo.mp4"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1718634291/monday-apps-marketplace/Doc2Board%20for%20monday.com/Doc2Board-Banner1.png"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1718634292/monday-apps-marketplace/Doc2Board%20for%20monday.com/Doc2Board-Banner2.png"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1718634292/monday-apps-marketplace/Doc2Board%20for%20monday.com/Doc2Board-Banner3.png"
}
],
"pricing_data": "Free plan available",
"marketplace_developer_id": 10000182,
"app_id": 10150114,
"marketplace_category_ids": [
8,
6,
5
],
"name": "Doc2Board for monday",
"app_scope_str": "boards:read,me:read,docs:read,boards:write,users:read,account:read",
"app_client_id": "47a7bbae2472dd1bfde897effa93ec0d",
"app_color": {
"hsl": {
"h": 219.99999999999997,
"s": 0.4285714285714277,
"l": 0.9725490196078431,
"a": 1
},
"hex": "#f5f7fb",
"rgb": {
"r": 245,
"g": 247,
"b": 251,
"a": 1
},
"hsv": {
"h": 219.99999999999997,
"s": 0.023904382470119438,
"v": 0.984313725490196,
"a": 1
},
"oldHue": 219.99999999999997,
"source": "hex"
},
"created_at": "2024-06-17T14:22:33.988Z",
"updated_at": "2024-06-24T12:25:03.655Z",
"how_to_use_url": "https://doc2board.com/how-to",
"automation_app_id": null,
"plans": [
{
"id": "10150114-1-team",
"appId": 10150114,
"appPlanId": "team",
"versionId": 1,
"versionState": "live",
"name": "Team",
"description": "Team plan",
"extraData": {
"bullets": [
"Up 100 documents per month"
],
"monthlyFee": 13,
"yearlyFee": 13,
"maxSeats": null
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "standard",
"monthly": 13,
"yearly": 13
}
},
{
"id": "10150114-1-free",
"appId": 10150114,
"appPlanId": "free",
"versionId": 1,
"versionState": "live",
"name": "Free",
"description": "Free plan",
"extraData": {
"bullets": [
"1 document per month"
],
"monthlyFee": 0,
"yearlyFee": 0,
"maxSeats": null
},
"isTrial": false,
"isRecommended": false,
"isFree": true,
"currency": "USD",
"prices": {
"type": "standard",
"monthly": 0,
"yearly": 0
}
},
{
"id": "10150114-1-starter",
"appId": 10150114,
"appPlanId": "starter",
"versionId": 1,
"versionState": "live",
"name": "Starter",
"description": "Startar plan",
"extraData": {
"bullets": [
"up 10 documents per month"
],
"monthlyFee": 5,
"yearlyFee": 5,
"maxSeats": null
},
"isTrial": false,
"isRecommended": true,
"isFree": false,
"currency": "USD",
"prices": {
"type": "standard",
"monthly": 5,
"yearly": 5
}
},
{
"id": "10150114-2-team",
"appId": 10150114,
"appPlanId": "team",
"versionId": 2,
"versionState": "live",
"name": "Team",
"description": "Team plan",
"extraData": {
"bullets": [
"Up 1000 documents per month"
],
"monthlyFee": 12,
"yearlyFee": 10,
"maxSeats": null
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "standard",
"monthly": 12,
"yearly": 10
}
},
{
"id": "10150114-2-free",
"appId": 10150114,
"appPlanId": "free",
"versionId": 2,
"versionState": "live",
"name": "Free",
"description": "Free plan",
"extraData": {
"bullets": [
"Up to 3 documents per month"
],
"monthlyFee": 0,
"yearlyFee": 0,
"maxSeats": null
},
"isTrial": false,
"isRecommended": false,
"isFree": true,
"currency": "USD",
"prices": {
"type": "standard",
"monthly": 0,
"yearly": 0
}
},
{
"id": "10150114-2-starter",
"appId": 10150114,
"appPlanId": "starter",
"versionId": 2,
"versionState": "live",
"name": "Starter",
"description": "Startar plan",
"extraData": {
"bullets": [
"Up to 100 documents per month"
],
"monthlyFee": 6,
"yearlyFee": 5,
"maxSeats": null
},
"isTrial": false,
"isRecommended": true,
"isFree": false,
"currency": "USD",
"prices": {
"type": "standard",
"monthly": 6,
"yearly": 5
}
}
],
"featured_for_categories_ids": [],
"pinned_for_categories_ids": [],
"pricing_model": null,
"app_type": "app",
"display": null,
"is_connector": null,
"google_analytics_tag_id": null,
"app_live_version": {
"updated_at": "2024-10-27T18:38:22Z",
"id": 10401446
},
"is_solution": null,
"available_for_tiers": null,
"available_for_products": null
}
