We take data security seriously. Visit the appserve Trust Center to learn about our commitment to privacy and compliance, including ISO 27001, SOC 1 Type 2, and SOC 2 Type 2 certifications.
About Appserve
At appserve.ai, we build high-performance apps that help teams worldwide solve complex business challenges with simplicity and speed.
Security & Compliance
Security
Does the developer periodically perform penetration testing?
Not answered
Does the developer have a dedicated security and privacy point of contact for such issues or questions?
Yes
Yes, we have a dedicated security and privacy point of contact for such issues or questions.
Does the app restrict redirects and forwards only to approved destinations, or show a warning when redirecting to potentially untrusted content?
Yes
Yes, the app does not forward to any unapproved destinations.
Does the app protect against mass parameter assignment attacks?
Yes
Yes, the app protects against mass parameter assignment attacks. Only explicitly allowed fields are bound to data models or database operations. Input is whitelisted or validated server-side, and sensitive fields such as roles, permissions, and internal IDs are never exposed to the client or modifiable via user input.
Does the app perform encoding and sanitization on all user supplied parameters to protect against Cross-Site Scripting?
Yes
Yes, the app performs input sanitization and output encoding to protect against Cross-Site Scripting (XSS) attacks. We ensure that any user-supplied input is validated and sanitized before processing or storing, and HTML encoding is applied when displaying user data in the frontend. We also use secure libraries/frameworks that automatically escape outputs in templates and prevent script injection.
Does the developer protect all state-changing actions against Cross-Site Request Forgery (CSRF)?
Yes
Yes, all state-changing actions are protected against Cross-Site Request Forgery (CSRF). The app implements CSRF tokens for all forms and API endpoints that modify state. These tokens are validated server-side, and only requests with valid, trusted tokens are processed.
Does the developer have mechanisms to notify monday.com in case of a security breach?
Yes
Yes, we have a mechanism to notify monday.com in the event of a security breach.
Does this developer have a process for installing application-level updates and security patches for the service (such as software packages and databases)?
Yes
Yes, the developer follows a defined process for regularly applying application-level updates and security patches. This includes: Monitoring official sources (e.g., package managers, vendor advisories) for updates. Periodically updating software packages, libraries, and dependencies. Applying database security patches in coordination with the infrastructure team. Using automated tools (e.g., Dependabot, npm audit, pip-audit, etc.) to detect vulnerabilities. Testing updates in a staging environment before deployment to production.
Compliance
Is the app certified with the information security standard ISO/IEC 27001:2022?
Yes
Empyra is a ISO certified company
Is the app compliant with the Health Insurance Portability and Accountability Act (HIPAA)?
Not answered
Is the app certified with System and Organization Controls (SOC 2 or SOC 3)?
Not answered
Is the app compliant with the General Data Protection Regulation (GDPR)?
Yes
Data
Does the app send any data outside of monday.com? If yes, indicate whether the data is customer-submitted (e.g., board names, item names, doc content) or non-customer-submitted (e.g., account ID, board ID, user ID).
Yes
The app does not send any data outside of monday.com
Where does the app store logs data?
other
The app stores log data securely on our server. Access to these logs is restricted to authorized personnel and is used solely for monitoring, debugging, and ensuring the proper functioning of the application.
Where does the app store the app data?
other
The app stores all application data securely on our server. Access is restricted to authorized personnel, and the data is protected using appropriate security measures to ensure confidentiality and integrity.
Does the developer ensure application logs do not contain secrets or personally-identifiable information (PII)?
Yes
Yes, the developer ensures that application logs do not contain secrets or personally identifiable information (PII). All console and log statements are reviewed before deployment to confirm that no confidential or sensitive data is included in the logs.
Is customer data segregated from the data of other customers (for example logically or physically)?
Yes
Yes, customer data is logically segregated from the data of other customers. This is achieved through the use of unique identifiers (IDs) for each customer, ensuring that their data is kept separate and secure.
Privacy
Does the developer enforce multi-factor authentication on employees access to systems which may process customer data?
Yes
Yes, we enforce multi-factor authentication (MFA) for all employee access to systems that may process customer data. MFA is enabled for signing in to our servers, ensuring that access requires both a password and a second authentication factor to enhance security.
Does the developer protect access to customer data based on the principle of least privilege?
Yes
Yes, access to customer data is protected based on the principle of least privilege. Employees and services are granted only the minimum level of access necessary to perform their specific roles. Access controls are reviewed periodically to ensure that permissions remain appropriate and unnecessary access is promptly removed.
Reviews
No reviews yet.
Historical data
Installation history
We have data for December 28, 2024 onwards only. Collected sometime after 00:00 UTC daily.
Total number of installs
Change in total number of installs in last 1 day(s)
Compares the number of installs on each date with 1 days previously:
Max
Min
Current
Change in total number of installs in last 7 day(s)
Compares the number of installs on each date with 7 days previously:
Max
Min
Current
Change in total number of installs in last 30 day(s)
Compares the number of installs on each date with 30 days previously:
Max
Min
Current
Change in total number of installs in last 90 day(s)
Compares the number of installs on each date with 90 days previously:
Max
Min
Current
Change in total number of installs in last 180 day(s)
Compares the number of installs on each date with 180 days previously:
Max
Min
Current
Ratings history
Categories history
Each of the following is a yes/no answer, so the graphs show 1 for yes, and 0 for no.
{
"id": 10000858,
"marketplace_developer_id": 10000184,
"app_id": 10405497,
"app_type": "app",
"security_info": null,
"gallery_assets": [
{
"url": "https://cdn.monday.com/marketplace/10000858/10000858_2025_6_3_8_55_10_apsat45.png",
"type": "image"
},
{
"url": "https://cdn.monday.com/marketplace/10000858/10000858_2025_6_3_8_55_13_ia10tfk.png",
"type": "image"
},
{
"url": "https://cdn.monday.com/marketplace/10000858/10000858_2025_6_3_8_55_17_mw61ksbk.png",
"type": "image"
}
],
"description": "<p>The <strong>Org Tree</strong> app helps you easily <strong>create, manage, and visualize your organizational structure</strong>.</p><p>It simplifies onboarding, team restructuring, and hierarchy management, and provides clear visibility into reporting lines and team structures.</p><p><br></p><p><strong>What You’ll Get with Org Tree</strong></p><p><br></p><p><strong>Interactive Org Chart Builder: </strong>Visualize your company’s structure in real time with a clean, interactive interface.</p><p><strong>User Role Assignment: </strong>Assign Mondaydotcom users to roles in just a few clicks.</p><p><strong>Easy Role & Manager Mapping: </strong>Define departments, assign designations, and set up reporting lines effortlessly.</p><p><strong>Custom Departments & Job Titles: </strong>Create and manage department names and job titles to match your organization’s structure.</p><p><strong>CSV Import: </strong>Quickly upload roles, users, and managers from a CSV file to populate your org tree instantly.</p><p><strong>Live Preview of Changes: </strong>Preview updates in real time before saving and stay aligned.</p><p><strong>Custom Fields for Flexibility: </strong>Add your data fields to personalize the org chart for your business needs.</p><p><strong>Editable Employee Profiles: </strong>Click any user card to instantly view and edit detailed profile information.</p><p><br></p><p><strong>Use Cases</strong></p><ul><li><strong>HR Teams:</strong> Streamline onboarding and offboarding.</li><li><strong>Managers:</strong> Restructure teams during organizational changes.</li><li><strong>Executives:</strong> Gain clear visibility into the company hierarchy.</li><li><strong>Departments:</strong> Keep organizational records up to date.</li><li><strong>Employees:</strong> View reporting lines and team structures easily.</li></ul><p><br></p><p><strong>Book a Demo</strong></p><p>See it in action: <a href=\"https://www.appserve.ai/get-a-demo?utm_source=monday_marketplace&utm_medium=app_listing\" rel=\"noopener noreferrer\" target=\"_blank\">Get a Demo</a></p><p>Learn more: <a href=\"https://docs-appserve-ai.scrollhelp.site/Org-Tree/\" rel=\"noopener noreferrer\" target=\"_blank\">View Documentation</a></p><p><br></p><p><strong>Data Security & Compliance</strong></p><p>We take data security seriously. Visit the <strong>appserve Trust Center</strong> to learn about our commitment to privacy and compliance, including ISO 27001, SOC 1 Type 2, and SOC 2 Type 2 certifications.</p><p><br></p><p><strong>About Appserve</strong></p><p>At <strong>appserve.ai</strong>, we build high-performance apps that help teams worldwide solve complex business challenges with simplicity and speed.</p>",
"short_description": "Visualize Your Team Structure with Interactive Org Charts",
"thumbnail_url": "https://cdn.monday.com/marketplace/10000858/10000858_2025_6_3_8_54_56_szy2p2n.png",
"logo_url": "https://cdn.monday.com/marketplace/10000858/10000858_2025_6_3_8_54_52_v2rhnqg.png",
"feedback_url": "appsupport@empyra.com",
"privacy_policy_url": "https://www.appserve.ai/privacy-policy",
"featured": null,
"name": "Org Tree",
"how_to_use_url": "https://docs-appserve-ai.scrollhelp.site/Org-Tree/app-overview",
"external_pricing_url": null,
"keywords": "Org Chart Software,\nOrg Chart Builder,\nOrganization Chart Tool,\nManage Organizational Structure,\nAutomated Org Charts,\nOrg Chart Data Export,\nHierarchy Mapping Software,\nOrg Structure Builder,\nDynamic Org Tree,\nEmployee Chart",
"compliance_answers": [
{
"questionId": 20,
"shortAnswer": true,
"detailedAnswer": "Empyra is a ISO certified company",
"fileName": "3hjo3xcg.pdf"
},
{
"questionId": 19,
"shortAnswer": true,
"detailedAnswer": "The app does not send any data outside of monday.com"
},
{
"questionId": 18,
"logHostingProvider": "other",
"detailedAnswer": "The app stores log data securely on our server. Access to these logs is restricted to authorized personnel and is used solely for monitoring, debugging, and ensuring the proper functioning of the application."
},
{
"questionId": 17,
"dataHostingProvider": "other",
"detailedAnswer": "The app stores all application data securely on our server. Access is restricted to authorized personnel, and the data is protected using appropriate security measures to ensure confidentiality and integrity."
},
{
"questionId": 14,
"shortAnswer": true,
"detailedAnswer": "Yes, we have a dedicated security and privacy point of contact for such issues or questions."
},
{
"questionId": 11,
"shortAnswer": true,
"detailedAnswer": ""
},
{
"questionId": 10,
"shortAnswer": true,
"detailedAnswer": "Yes, the app does not forward to any unapproved destinations."
},
{
"questionId": 9,
"shortAnswer": true,
"detailedAnswer": "Yes, the app protects against mass parameter assignment attacks. Only explicitly allowed fields are bound to data models or database operations. Input is whitelisted or validated server-side, and sensitive fields such as roles, permissions, and internal IDs are never exposed to the client or modifiable via user input."
},
{
"questionId": 8,
"shortAnswer": true,
"detailedAnswer": "Yes, the developer ensures that application logs do not contain secrets or personally identifiable information (PII). All console and log statements are reviewed before deployment to confirm that no confidential or sensitive data is included in the logs."
},
{
"questionId": 7,
"shortAnswer": true,
"detailedAnswer": "Yes, we enforce multi-factor authentication (MFA) for all employee access to systems that may process customer data. MFA is enabled for signing in to our servers, ensuring that access requires both a password and a second authentication factor to enhance security."
},
{
"questionId": 6,
"shortAnswer": true,
"detailedAnswer": "Yes, access to customer data is protected based on the principle of least privilege. Employees and services are granted only the minimum level of access necessary to perform their specific roles. Access controls are reviewed periodically to ensure that permissions remain appropriate and unnecessary access is promptly removed."
},
{
"questionId": 5,
"shortAnswer": true,
"detailedAnswer": "Yes, the app performs input sanitization and output encoding to protect against Cross-Site Scripting (XSS) attacks. We ensure that any user-supplied input is validated and sanitized before processing or storing, and HTML encoding is applied when displaying user data in the frontend. We also use secure libraries/frameworks that automatically escape outputs in templates and prevent script injection."
},
{
"questionId": 4,
"shortAnswer": true,
"detailedAnswer": "Yes, all state-changing actions are protected against Cross-Site Request Forgery (CSRF). The app implements CSRF tokens for all forms and API endpoints that modify state. These tokens are validated server-side, and only requests with valid, trusted tokens are processed."
},
{
"questionId": 3,
"shortAnswer": true,
"detailedAnswer": "Yes, we have a mechanism to notify monday.com in the event of a security breach."
},
{
"questionId": 2,
"shortAnswer": true,
"detailedAnswer": "Yes, the developer follows a defined process for regularly applying application-level updates and security patches. This includes:\n\nMonitoring official sources (e.g., package managers, vendor advisories) for updates.\n\nPeriodically updating software packages, libraries, and dependencies.\n\nApplying database security patches in coordination with the infrastructure team.\n\nUsing automated tools (e.g., Dependabot, npm audit, pip-audit, etc.) to detect vulnerabilities.\n\nTesting updates in a staging environment before deployment to production."
},
{
"questionId": 1,
"shortAnswer": true,
"detailedAnswer": "Yes, customer data is logically segregated from the data of other customers. This is achieved through the use of unique identifiers (IDs) for each customer, ensuring that their data is kept separate and secure."
}
],
"created_at": "2025-07-03T08:53:23.788Z",
"updated_at": "2026-01-27T13:30:36.148Z",
"automation_app_id": null,
"marketplace_category_ids": [
8,
6,
5
],
"pinned_for_categories_ids": [],
"featured_for_categories_ids": [],
"pricing_data": "Free",
"label": null,
"app_values": [
"Easier resource management"
],
"security": true,
"display_in_template_store": null,
"acquisition_source": "No touch",
"is_connector": null,
"terms_of_service_url": "https://www.appserve.ai/term-of-use",
"available_for_tiers": null,
"available_for_products": null,
"google_analytics_tag_id": "G-M1EXPMSZTW",
"is_solution": null,
"app_scope_str": "users:read",
"app_client_id": "b0329d29468dbc4fa33805252c4a7534",
"app_color": {
"hsl": {
"h": 0,
"s": 1,
"l": 0.99705,
"a": 1
},
"hex": "#fffdfd",
"rgb": {
"r": 255,
"g": 253,
"b": 253,
"a": 1
},
"hsv": {
"h": 0,
"s": 0.005900000000000016,
"v": 1,
"a": 1
},
"oldHue": 0,
"source": "hsv"
},
"plans": null,
"app_live_version": {
"updated_at": "2025-10-10T10:50:14.773Z",
"id": 11437420
},
"pricing_model": null,
"badges_data": {
"pricing_data": "Free",
"acquisition_source": "No touch",
"app_values": [
"Easier resource management"
],
"security": true
},
"data": {
"terms_of_service_url": "https://www.appserve.ai/term-of-use",
"google_analytics_tag_id": "G-M1EXPMSZTW"
},
"display": null,
"installsDelta": {
"totalInstalls": 158,
"sevenDays": 2,
"thirtyDays": 12,
"ninetyDays": 41
}
}
