Does the app restrict redirects and forwards only to approved destinations, or show a warning when redirecting to potentially untrusted content?
Yes
This is not relevant as we have monday automation recipes only and we do not redirect anywhere else.
Does the app protect against mass parameter assignment attacks?
Yes
The app protects against mass parameter assignment attacks by implementing strict an advanced input validation and sanitization techniques.
Does the app perform encoding and sanitization on all user supplied parameters to protect against Cross-Site Scripting?
Yes
We use Helmet security middleware in which provides XSS encoding and sanitization. See Helmet.js We validate user-supplied parameters on the backend. We also rely on the React.js library in which has built-in sanitization methods enabled by default.
Does the developer protect all state-changing actions against Cross-Site Request Forgery (CSRF)?
Yes
All the requests to our backend api require a security header with a token generated by the monday SDK, obtained inside of the monday.com app iframe. There's no authentication or session data on the client side linked to our api URL.
Does the developer have mechanisms to notify monday.com in case of a security breach?
Yes
This involves reaching out to their security team via email or their designated incident reporting channels as outlined in our incident response plan.
Does this developer have a process for installing application-level updates and security patches for the service (such as software packages and databases)?
Yes
Yes, we have a process for installing application-level updates and security patches is applied in multiple steps of our development. We are using dependency tools to check for security issues - DependencyCheck, Sneak. Cannot create a new build unless the security issues are resolved. We also receive notifications about new vulnerabilities, assert the impact and actively fix the issue.
Compliance
Is the app certified with the information security standard ISO/IEC 27001:2022?
Not answered
Is the app compliant with the Health Insurance Portability and Accountability Act (HIPAA)?
No
Is the app certified with System and Organization Controls (SOC 2 or SOC 3)?
No
Is the app compliant with the General Data Protection Regulation (GDPR)?
No
Data
Does the app send any data outside of monday.com? If yes, indicate whether the data is customer-submitted (e.g., board names, item names, doc content) or non-customer-submitted (e.g., account ID, board ID, user ID).
Not answered
Where does the app store logs data?
Not answered
Where does the app store the app data?
Not answered
Does the developer ensure application logs do not contain secrets or personally-identifiable information (PII)?
Yes
Code changes requires at least one team member to review it. It's part of the review process to make sure that no secrets neither PII will be logged.
Is customer data segregated from the data of other customers (for example logically or physically)?
Yes
Customer data is logically segregated using the Account ID of monday.com.
Privacy
Does the developer enforce multi-factor authentication on employees access to systems which may process customer data?
Yes
All our infrastructure implements 2FA, both our servers and our persistence providers require its use.
Does the developer protect access to customer data based on the principle of least privilege?
Yes
Only the company's CTO has access to the database, and the access is only permitted for support and optimization purposes, with 2FA.
Reviews
August 22, 2024
AP: doesn't work
Installation history
We have data for December 28, 2024 onwards only. Collected sometime after 00:00 UTC daily.
{
"id": 10000539,
"description": "<p>Introducing <strong>Board Connections</strong>, a must-have app for monday.com users!</p><p><br></p><p>With Board Connections, you can:</p><p>- Effortlessly view all your board connections and relationships in one place.</p><p>- Streamline your workflow and enhance productivity.</p><p>- Gain clear insights into your account hierarchy.</p><p>- Understand how your boards interlink and collaborate.</p><p><br></p><p><strong>Best of all, it's completely free!</strong></p><p>Install now and transform the way you manage your projects and teams with Board Connections</p><p>Looking for more information?</p><p><strong>📆 </strong><a href=\"https://calendar.google.com/calendar/u/0/appointments/schedules/AcZssZ1fjr7zbnRu4EH7ijrmnhWuWj1kwjlZfg4Zokzvuyimhk6JAtuOxwKUHhKYgtT2gfJlGEKZMvVV\" rel=\"noopener noreferrer\" target=\"_blank\"><strong>Book a 1-on-1 demo</strong></a><strong> or 💬 </strong><a href=\"mailto:[email protected]\" rel=\"noopener noreferrer\" target=\"_blank\"><strong>Chat with us</strong></a><strong>!</strong></p>",
"short_description": "View all your board connections in one place, 100% free!",
"compliance_answers": [
{
"questionId": 1,
"shortAnswer": true,
"detailedAnswer": "Customer data is logically segregated using the Account ID of monday.com."
},
{
"questionId": 2,
"shortAnswer": true,
"detailedAnswer": "Yes, we have a process for installing application-level updates and security patches is applied in multiple steps of our development. We are using dependency tools to check for security issues - DependencyCheck, Sneak. Cannot create a new build unless the security issues are resolved. We also receive notifications about new vulnerabilities, assert the impact and actively fix the issue."
},
{
"questionId": 3,
"shortAnswer": true,
"detailedAnswer": "This involves reaching out to their security team via email or their designated incident reporting channels as outlined in our incident response plan."
},
{
"questionId": 4,
"shortAnswer": true,
"detailedAnswer": "All the requests to our backend api require a security header with a token generated by the monday SDK, obtained inside of the monday.com app iframe. There's no authentication or session data on the client side linked to our api URL."
},
{
"questionId": 5,
"shortAnswer": true,
"detailedAnswer": "We use Helmet security middleware in which provides XSS encoding and sanitization. See Helmet.js We validate user-supplied parameters on the backend. We also rely on the React.js library in which has built-in sanitization methods enabled by default."
},
{
"questionId": 6,
"shortAnswer": true,
"detailedAnswer": "Only the company's CTO has access to the database, and the access is only permitted for support and optimization purposes, with 2FA."
},
{
"questionId": 7,
"shortAnswer": true,
"detailedAnswer": "All our infrastructure implements 2FA, both our servers and our persistence providers require its use.\n"
},
{
"questionId": 8,
"shortAnswer": true,
"detailedAnswer": "Code changes requires at least one team member to review it. It's part of the review process to make sure that no secrets neither PII will be logged."
},
{
"questionId": 9,
"shortAnswer": true,
"detailedAnswer": "The app protects against mass parameter assignment attacks by implementing strict an advanced input validation and sanitization techniques."
},
{
"questionId": 10,
"shortAnswer": true,
"detailedAnswer": "This is not relevant as we have monday automation recipes only and we do not redirect anywhere else."
},
{
"questionId": 11,
"shortAnswer": false
},
{
"questionId": 12,
"shortAnswer": false
},
{
"questionId": 13,
"shortAnswer": false
},
{
"questionId": 14,
"shortAnswer": true,
"detailedAnswer": "[email protected]"
},
{
"questionId": 15,
"shortAnswer": true
}
],
"badges_data": {
"pricing_data": "Free",
"acquisition_source": "No touch",
"app_values": [
"Everyday tasks"
]
},
"data": {
"terms_of_service_url": "https://www.pickapps-solutions.com/terms-conditions",
"google_analytics_tag_id": "G-5B0VGZTR95"
},
"keywords": "connect, mirror, connected, items, board, sync, integration, gantt, view",
"thumbnail_url": "https://dapulse-res.cloudinary.com/image/upload/v1721549154/monday-apps-marketplace/Board%20Connections/548_card_-_bora_connection.png",
"logo_url": "https://dapulse-res.cloudinary.com/image/upload/v1721549154/monday-apps-marketplace/Board%20Connections/board_connections_logo.png",
"feedback_url": "[email protected]",
"privacy_policy_url": "https://www.pickapps-solutions.com/#:~:text=Terms%20%26%20Conditions-,Privacy%20Policy,-Follow",
"external_pricing_url": null,
"featured": null,
"security": null,
"display_in_template_store": null,
"acquisition_source": "No touch",
"terms_of_service_url": "https://www.pickapps-solutions.com/terms-conditions",
"label": null,
"app_values": [
"Everyday tasks"
],
"security_info": null,
"gallery_assets": [
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1721549163/monday-apps-marketplace/Board%20Connections/board_connection_-_gallery_1.png"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1721549163/monday-apps-marketplace/Board%20Connections/board_connection_-_gallery_2.png"
}
],
"pricing_data": "Free",
"marketplace_developer_id": 10000188,
"app_id": 10156805,
"marketplace_category_ids": [
8,
4
],
"name": "Board Connections",
"app_scope_str": "me:read,boards:read,workspaces:read,account:read",
"app_client_id": "6723754c9de5aac2bc778931db3a8034",
"app_color": {
"hsl": {
"h": 228.00000000000003,
"s": 1,
"l": 0.9705882352941176,
"a": 1
},
"hex": "#f0f3ff",
"rgb": {
"r": 240,
"g": 243,
"b": 255,
"a": 1
},
"hsv": {
"h": 228.00000000000003,
"s": 0.05882352941176472,
"v": 1,
"a": 1
},
"oldHue": 90,
"source": "hex"
},
"created_at": "2024-07-21T08:04:48.779Z",
"updated_at": "2025-01-11T22:00:56.408Z",
"how_to_use_url": "https://view.monday.com/1555776549-8017794c9a4340f6f6cdcf987eb6d453?r=euc1",
"automation_app_id": null,
"plans": null,
"featured_for_categories_ids": [],
"pinned_for_categories_ids": [],
"pricing_model": null,
"app_type": "app",
"display": null,
"is_connector": null,
"google_analytics_tag_id": "G-5B0VGZTR95",
"app_live_version": {
"updated_at": "2024-10-12T10:17:43Z",
"id": 10389046
},
"is_solution": null,
"available_for_tiers": null,
"available_for_products": null
}
