PDFs, Forms & eSignatures built natively for monday.com
BoloSign is built specifically for monday.com teams that want to manage their contracts, forms, and eSignatures without leaving their boards. Itβs a 3-in-1 platform for PDF generation, form building, and eSignatures, crafted to work seamlessly with items, subitems, mirrored, and formula columns.
1. PDF Generator β Create documents from board data
Generate PDFs or Word files from items, subitems, mirrored, and formula columns.
Use subitems as line items for invoices, POs, or delivery notes.
Attach the generated documents back to the same monday item for record-keeping.
Does the developer periodically perform penetration testing?
Yes
Yes, the developer periodically conducts penetration testing to identify and address potential security vulnerabilities, ensuring the application remains secure and resilient against threats.
Does the developer have a dedicated security and privacy point of contact for such issues or questions?
Yes
Yes, the developer has a dedicated security and privacy point of contact to address any issues or questions related to security and privacy. Security contact email: security@bustbrainlabs.com
Does the app restrict redirects and forwards only to approved destinations, or show a warning when redirecting to potentially untrusted content?
Not answered
Does the app protect against mass parameter assignment attacks?
Not answered
Does the app perform encoding and sanitization on all user supplied parameters to protect against Cross-Site Scripting?
Yes
PDF Maker - Automate Documents interface is developed using React.js, which inherently addresses most common XSS vulnerabilities. In PDF Maker - Automate Documents, there are no scenarios where users can or need to generate HTML, making HTML sanitization unnecessary in our user interface. Templates are created in Google Docs using placeholders that are replaced with actual board data during processing. PDF Maker - Automate Documents performs this replacement using a defined pattern without storing any data in a data source. Additionally, all placeholders are validated using specific REGEX patterns to ensure they are valid and to prevent the insertion of malicious code into the document. Similarly, filenames provided by users are validated against REGEX patterns to exclude unsupported characters, ensuring the security and integrity of the application.
Does the developer protect all state-changing actions against Cross-Site Request Forgery (CSRF)?
Yes
We implement CSRF tokens to validate and secure all incoming requests.
Does the developer have mechanisms to notify monday.com in case of a security breach?
Yes
In the event of a security breach, we will promptly notify monday.com via email as soon as the scope of the breach is identified. Additionally, we will directly contact our monday.com representatives through the platform.
Does this developer have a process for installing application-level updates and security patches for the service (such as software packages and databases)?
Yes
Critical patches are applied immediately upon issue identification. High vulnerabilities are addressed within a week, medium vulnerabilities within a month, and low vulnerabilities within a quarter
Compliance
Is the app certified with the information security standard ISO/IEC 27001:2022?
Not answered
Is the app compliant with the Health Insurance Portability and Accountability Act (HIPAA)?
Yes
Is the app certified with System and Organization Controls (SOC 2 or SOC 3)?
Not answered
Is the app compliant with the General Data Protection Regulation (GDPR)?
Yes
Data
Does the app send any data outside of monday.com? If yes, indicate whether the data is customer-submitted (e.g., board names, item names, doc content) or non-customer-submitted (e.g., account ID, board ID, user ID).
Not answered
Where does the app store logs data?
aws
Where does the app store the app data?
DB
Does the developer ensure application logs do not contain secrets or personally-identifiable information (PII)?
Yes
Yes, the developer ensures that application logs do not contain secrets or personally identifiable information (PII) to maintain data security and privacy.
Is customer data segregated from the data of other customers (for example logically or physically)?
Yes
Yes, customer data is segregated from the data of other customers, either logically or physically, to ensure data isolation and maintain security.
Privacy
Does the developer enforce multi-factor authentication on employees access to systems which may process customer data?
Yes
Full access to the data is restricted to the CTO and is secured through the use of an encrypted key and a secure connection.
Does the developer protect access to customer data based on the principle of least privilege?
Yes
Access to systems that process or store customer data is secured through authentication using a secure private key.
Reviews
January 27, 2025
AT: The app is really good, easy to use and has helped us save so much time. Even better, BustBrians, are really responsive and helpful! Highly recommend this app and developer. 5 stars from us!
Developer response:
Thank You for your kind words
Historical data
Installation history
We have data for December 28, 2024 onwards only. Collected sometime after 00:00 UTC daily.
Total number of installs
Change in total number of installs in last 7 days
Compares the number of installs on each date with 7 days previously:
Max
Min
Current
Change in total number of installs in last 30 days
Compares the number of installs on each date with 30 days previously:
Max
Min
Current
Change in total number of installs in last 90 days
Compares the number of installs on each date with 90 days previously:
Max
Min
Current
Ratings history
Categories history
Each of the following is a yes/no answer, so the graphs show 1 for yes, and 0 for no.
