Does the app restrict redirects and forwards only to approved destinations, or show a warning when redirecting to potentially untrusted content?
Yes
The app only redirects monday.com OAuth flow when getting a user's access token.
Does the app protect against mass parameter assignment attacks?
Yes
All requests are verified using a session token. The app retrieves only the necessary parameters from the request before performing an action. The app sanitizes these parameters before putting their values into the database.
Does the app perform encoding and sanitization on all user supplied parameters to protect against Cross-Site Scripting?
Yes
React has a built-in mechanism to prevent this on the frontend. The app has no place to input any malicious scripts in the UI. To ensure security, the backend uses parameter filtering, sanitization, and session tokens.
Does the developer protect all state-changing actions against Cross-Site Request Forgery (CSRF)?
Yes
In all cases, whenever the app state is changed by a user, the app authorizes all requests with a monday.com session token. Changes can only be made through integration and cannot be forged.
Does the developer have mechanisms to notify monday.com in case of a security breach?
Yes
We will restrict access to AWS systems and any unusual activity will be reported to Naveed Choudhury. These will then be forward to monday.com. 1. Initial Notification. We will notify monday.com within 24 hours of detecting a security breach. The initial notification will be sent via email. Alongside this email, this will also be escalated with the Partner Manager. The initial notification will include: (1) A brief description of the breach; (2) The potential impact on monday.com; (3) Immediate actions taken to mitigate the breach 2. Ongoing Updates. We will provide ongoing updates as we gather more information and as the situation evolves. Each update will include: (1) Latest findings and status of the breach; (2) Actions taken since the last update; (3) Next steps in our response plan 3. Post-Incident Report. Once the breach is contained and resolved, we will provide a detailed post-incident report. The report will include: (1) A detailed account of the breach: (2) Root cause analysis; (3) Steps taken to resolve the breach; and (4) Measures implemented to prevent future breaches
Does this developer have a process for installing application-level updates and security patches for the service (such as software packages and databases)?
Yes
We are using AWS as infrastructure: it takes care for DB updates. There are enabled, and any security patch will be applied by the AWS itself. For the app itself, we are using Dependabot tool in Github, to notify us about any security updates in dependent packages. So the security patches will be applies as soon as we get a notification.
Compliance
Is the app certified with the information security standard ISO/IEC 27001:2022?
Not answered
Is the app compliant with the Health Insurance Portability and Accountability Act (HIPAA)?
No
We are not collecting any HIPAA-sensitive data.
Is the app certified with System and Organization Controls (SOC 2 or SOC 3)?
No
N/A
Is the app compliant with the General Data Protection Regulation (GDPR)?
Yes
We are compliant with the General Data Protection Regulation (GDPR). By using our app, users acknowledge and agree to our collection, use, and sharing of their information as described in the Data Privacy Clause of our T&C, ensuring full compliance with GDPR. Our Terms and Conditions for app usage outline the data privacy policies of Mint, which align with the seven protection and accountability principles outlined in Article 5.1-2 of the GDPR.
Data
Does the app send any data outside of monday.com? If yes, indicate whether the data is customer-submitted (e.g., board names, item names, doc content) or non-customer-submitted (e.g., account ID, board ID, user ID).
Not answered
Where does the app store logs data?
Not answered
Where does the app store the app data?
Not answered
Does the developer ensure application logs do not contain secrets or personally-identifiable information (PII)?
Yes
The app logs errors, synchronization results, and monday.com app events. The only user information logged is accountId and userId.
Is customer data segregated from the data of other customers (for example logically or physically)?
Yes
We store three types of data: Data required for proper synchronization: This includes only IDs and timestamps. Account details (account slug and user’s email): We obtain these from app events to resolve payment issues. These details are deleted if users uninstall the integration. Access tokens: These are used to perform the actual synchronization. Access tokens are encoded before being saved in the database and removed when users uninstall the integration. The DB is encrypted by default using the built-in AWS tools. The encryption token is saved separately from DB.
Privacy
Does the developer enforce multi-factor authentication on employees access to systems which may process customer data?
Yes
AWS MFA
Does the developer protect access to customer data based on the principle of least privilege?
Yes
Apps data is stored inside AWS. We use MFA to provide access to this data.
Reviews
March 26, 2025
BK: This app did exactly what it advertised and saved a tonne of manual handling that was otherwise complicated to automate natively.
October 14, 2024
TH: Great app
Installation history
We have data for December 28, 2024 onwards only. Collected sometime after 00:00 UTC daily.
{
"id": 10000552,
"description": "<p><strong>Merge and sync data from multiple boards into one Master Board!</strong></p><p><br></p><p>Master Data by Mint allows you to consolidate items from across different boards into one master board to provide complete visibility and control.</p><p><br></p><p>With Master Data, you can:</p><ul><li>Combine data from multiple boards into one powerful overview</li><li>Say goodbye to tedious copy-pasting between boards</li><li>Get rid of the clutter from connected and mirrored columns</li><li>Simplify your dashboard by linking to a single master board, setting your filters just once</li><li>Bypass complicated board permissions and ensure visibility of multi-board data in a single board</li><li>Retain information from archived data</li><li>Eliminate fragmentation and disparate information silos</li><li>Enable reporting on long term data and trends</li><li>Share different views (Charts/Gantts/Kanban) of your Master Board with anyone</li></ul><p>Take advantage of the full potential of your CRM and Work Management data</p><p><br></p><p>You can :</p><ul><li>Try out the app for free, it’s super simple!</li><li><a href=\"https://wkf.ms/3TZSPdp\" rel=\"noopener noreferrer\" target=\"_blank\">Contact us</a> for questions or queries</li><li>Not sure how to architect your database? <a href=\"https://calendar.app.google/8gRSxsT1Qn9YwFyQA\" rel=\"noopener noreferrer\" target=\"_blank\">Book a 1-on-1 with our Solution Architect</a> to help with data structures</li><li>See our installation guide <a href=\"https://mintconsulting.org/master-data/help/installation/\" rel=\"noopener noreferrer\" target=\"_blank\">here</a>, and our help page <a href=\"https://mintconsulting.org/master-data/help/\" rel=\"noopener noreferrer\" target=\"_blank\">here</a></li></ul>",
"short_description": "Merge & Sync data from multiple boards into a Master Board!",
"compliance_answers": [
{
"questionId": 1,
"shortAnswer": true,
"detailedAnswer": "We store three types of data:\nData required for proper synchronization: This includes only IDs and timestamps.\nAccount details (account slug and user’s email): We obtain these from app events to resolve payment issues. These details are deleted if users uninstall the integration.\nAccess tokens: These are used to perform the actual synchronization. Access tokens are encoded before being saved in the database and removed when users uninstall the integration.\nThe DB is encrypted by default using the built-in AWS tools. The encryption token is saved separately from DB."
},
{
"questionId": 2,
"shortAnswer": true,
"detailedAnswer": "We are using AWS as infrastructure: it takes care for DB updates. There are enabled, and any security patch will be applied by the AWS itself.\nFor the app itself, we are using Dependabot tool in Github, to notify us about any security updates in dependent packages. So the security patches will be applies as soon as we get a notification."
},
{
"questionId": 3,
"shortAnswer": true,
"detailedAnswer": "We will restrict access to AWS systems and any unusual activity will be reported to Naveed Choudhury. These will then be forward to monday.com.\n\n 1. Initial Notification. We will notify monday.com within 24 hours of detecting a security breach. The initial notification will be sent via email. Alongside this email, this will also be escalated with the Partner Manager. The initial notification will include: (1) A brief description of the breach; (2) The potential impact on monday.com; (3) Immediate actions taken to mitigate the breach\n\n2. Ongoing Updates. We will provide ongoing updates as we gather more information and as the situation evolves. Each update will include: (1) Latest findings and status of the breach; (2) Actions taken since the last update; (3) Next steps in our response plan\n\n3. Post-Incident Report. Once the breach is contained and resolved, we will provide a detailed post-incident report. The report will include: (1) A detailed account of the breach: (2) Root cause analysis; (3) Steps taken to resolve the breach; and (4) Measures implemented to prevent future breaches"
},
{
"questionId": 4,
"shortAnswer": true,
"detailedAnswer": "In all cases, whenever the app state is changed by a user, the app authorizes all requests with a monday.com session token. Changes can only be made through integration and cannot be forged.\n"
},
{
"questionId": 5,
"shortAnswer": true,
"detailedAnswer": "React has a built-in mechanism to prevent this on the frontend. The app has no place to input any malicious scripts in the UI. To ensure security, the backend uses parameter filtering, sanitization, and session tokens."
},
{
"questionId": 6,
"shortAnswer": true,
"detailedAnswer": "Apps data is stored inside AWS. We use MFA to provide access to this data."
},
{
"questionId": 7,
"shortAnswer": true,
"detailedAnswer": "AWS MFA"
},
{
"questionId": 8,
"shortAnswer": true,
"detailedAnswer": "The app logs errors, synchronization results, and monday.com app events. The only user information logged is accountId and userId. "
},
{
"questionId": 9,
"shortAnswer": true,
"detailedAnswer": "All requests are verified using a session token. The app retrieves only the necessary parameters from the request before performing an action. The app sanitizes these parameters before putting their values into the database."
},
{
"questionId": 10,
"shortAnswer": true,
"detailedAnswer": "The app only redirects monday.com OAuth flow when getting a user's access token. "
},
{
"questionId": 11,
"shortAnswer": true,
"detailedAnswer": "We are compliant with the General Data Protection Regulation (GDPR). By using our app, users acknowledge and agree to our collection, use, and sharing of their information as described in the Data Privacy Clause of our T&C, ensuring full compliance with GDPR. Our Terms and Conditions for app usage outline the data privacy policies of Mint, which align with the seven protection and accountability principles outlined in Article 5.1-2 of the GDPR."
},
{
"questionId": 12,
"shortAnswer": false,
"detailedAnswer": "N/A"
},
{
"questionId": 13,
"shortAnswer": false,
"detailedAnswer": "We are not collecting any HIPAA-sensitive data."
},
{
"questionId": 14,
"shortAnswer": true,
"detailedAnswer": "Naveed Choudhury, Director, [email protected]"
},
{
"questionId": 15,
"shortAnswer": false
}
],
"badges_data": {
"pricing_data": "14 days trial",
"acquisition_source": "No touch",
"app_values": [
"Centralize your work on monday.com"
]
},
"data": {
"terms_of_service_url": "https://mintconsulting.org/master-data/terms/",
"google_analytics_tag_id": "G-1Y27C8B3H9"
},
"keywords": "Consolidate, \nMerge,\nUnify,\nSync,\nSubitems,\nFilter,\nMultiple,\nIntegrate,\nFunnel,\nDashboard",
"thumbnail_url": "https://dapulse-res.cloudinary.com/image/upload/v1721918241/monday-apps-marketplace/Master%20Data/_DRAFT_Master_Data_by_Mint_App_Card_1.png",
"logo_url": "https://dapulse-res.cloudinary.com/image/upload/v1721918241/monday-apps-marketplace/Master%20Data/_Master_Data_by_Mint_App_Icon.png",
"feedback_url": "[email protected]",
"privacy_policy_url": "https://mintconsulting.org/master-data/privacy/",
"external_pricing_url": null,
"featured": null,
"security": null,
"display_in_template_store": null,
"acquisition_source": "No touch",
"terms_of_service_url": "https://mintconsulting.org/master-data/terms/",
"label": null,
"app_values": [
"Centralize your work on monday.com"
],
"security_info": null,
"gallery_assets": [
{
"type": "video",
"url": "https://dapulse-res.cloudinary.com/video/upload/v1721918243/monday-apps-marketplace/Master%20Data/Master_Data_Video.mp4"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1721918255/monday-apps-marketplace/Master%20Data/_DRAFT__Master_Data_by_Mint_App_Gallery_-_1.png"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1721918256/monday-apps-marketplace/Master%20Data/_DRAFT__Master_Data_by_Mint_App_Gallery_Images_-_2___3_1.png"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1721918256/monday-apps-marketplace/Master%20Data/_DRAFT__Master_Data_by_Mint_App_Gallery_Images_-_2___3.png"
}
],
"pricing_data": "14 days trial",
"marketplace_developer_id": 10000233,
"app_id": 10149422,
"marketplace_category_ids": [
10,
9,
6
],
"name": "Master Data",
"app_scope_str": "boards:read,boards:write,account:read,notifications:write,workspaces:read",
"app_client_id": "34514157c3a863fb6d1a372333cd3562",
"app_color": {
"hsl": {
"h": 180,
"s": 1,
"l": 0.9803921568627452,
"a": 1
},
"hex": "#f5ffff",
"rgb": {
"r": 245,
"g": 255,
"b": 255,
"a": 1
},
"hsv": {
"h": 180,
"s": 0.039215686274509776,
"v": 1,
"a": 1
},
"oldHue": 177.98882681564243,
"source": "hex"
},
"created_at": "2024-07-25T14:38:09.151Z",
"updated_at": "2025-03-03T12:36:29.850Z",
"how_to_use_url": "https://mintconsulting.org/master-data/help/",
"automation_app_id": null,
"plans": [
{
"id": "10149422-1-standard",
"appId": 10149422,
"appPlanId": "standard",
"versionId": 1,
"versionState": "live",
"name": "Standard",
"description": "",
"extraData": {
"bullets": [
"Up to 1000 sync actions per month",
"Get started with unifying your project tasks",
"Suitable for individuals running multiple projects, or small teams"
],
"monthlyFee": 15,
"yearlyFee": 10,
"maxSeats": null
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "standard",
"monthly": 15,
"yearly": 10
}
},
{
"id": "10149422-1-pro",
"appId": 10149422,
"appPlanId": "pro",
"versionId": 1,
"versionState": "live",
"name": "Pro",
"description": "",
"extraData": {
"bullets": [
"Up to 25,000 sync actions per month",
"Suitable for growing teams",
"Up to 1 Data Architecture review per year"
],
"monthlyFee": 30,
"yearlyFee": 25,
"maxSeats": null
},
"isTrial": true,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "standard",
"monthly": 30,
"yearly": 25
}
},
{
"id": "10149422-1-master",
"appId": 10149422,
"appPlanId": "master",
"versionId": 1,
"versionState": "live",
"name": "Master",
"description": "",
"extraData": {
"bullets": [
"Up to 250,000 sync actions per month",
"Enterprise Ready",
"Dedicated Account Contact",
"Free Setup call",
"Up to 3 system Check-ins per year"
],
"monthlyFee": 100,
"yearlyFee": 90,
"maxSeats": null
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "standard",
"monthly": 100,
"yearly": 90
}
},
{
"id": "10149422-2-standard",
"appId": 10149422,
"appPlanId": "standard",
"versionId": 2,
"versionState": "live",
"name": "Standard",
"description": "Master Data Standard",
"extraData": {
"bullets": [
"Up to 1000 sync actions per month",
"Get started with unifying your project tasks",
"Suitable for individuals running multiple projects, or small teams",
"Unlimited Users on every tier",
"Unlimited Boards on every tier"
],
"monthlyFee": 15,
"yearlyFee": 10
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "standard",
"monthly": 15,
"yearly": 10
}
},
{
"id": "10149422-2-pro",
"appId": 10149422,
"appPlanId": "pro",
"versionId": 2,
"versionState": "live",
"name": "Pro",
"description": "Master Data Pro",
"extraData": {
"bullets": [
"Up to 25,000 sync actions per month",
"Suitable for growing teams",
"Up to 1 Data Architecture review per year"
],
"monthlyFee": 30,
"yearlyFee": 25
},
"isTrial": true,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "standard",
"monthly": 30,
"yearly": 25
}
},
{
"id": "10149422-2-master",
"appId": 10149422,
"appPlanId": "master",
"versionId": 2,
"versionState": "live",
"name": "Master",
"description": "Master Data Master",
"extraData": {
"bullets": [
"Up to 250,000 sync actions per month",
"Enterprise Ready",
"Dedicated Account Contact",
"Free Setup call",
"Up to 3 system Check-ins per year"
],
"monthlyFee": 100,
"yearlyFee": 90
},
"isTrial": false,
"isRecommended": true,
"isFree": false,
"currency": "USD",
"prices": {
"type": "standard",
"monthly": 100,
"yearly": 90
}
},
{
"id": "10149422-2-ultimate",
"appId": 10149422,
"appPlanId": "ultimate",
"versionId": 2,
"versionState": "live",
"name": "Ultimate",
"description": "Master Data Ultimate",
"extraData": {
"bullets": [
"Up to 500,000 sync actions per month",
"Priority Support"
],
"monthlyFee": 275,
"yearlyFee": 225
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "standard",
"monthly": 275,
"yearly": 225
}
},
{
"id": "10149422-2-global",
"appId": 10149422,
"appPlanId": "global",
"versionId": 2,
"versionState": "live",
"name": "Global",
"description": "Master Data Global",
"extraData": {
"bullets": [
"Up to 1,000,000 sync actions per month",
"Priority Support"
],
"monthlyFee": 397,
"yearlyFee": 297
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "standard",
"monthly": 397,
"yearly": 297
}
}
],
"featured_for_categories_ids": [],
"pinned_for_categories_ids": [],
"pricing_model": null,
"app_type": "app",
"display": null,
"is_connector": null,
"google_analytics_tag_id": "G-1Y27C8B3H9",
"app_live_version": {
"updated_at": "2024-07-22T12:38:38Z",
"id": 10282512
},
"is_solution": null,
"available_for_tiers": null,
"available_for_products": null
}
