Turn any monday.com item into a real-world action using smart QR codes.
PokeFlow allows teams to generate QR codes for items, connect them to automated workflows, and track every scan directly inside monday. It bridges the gap between physical actions and digital workflows—making operations faster, smarter, and fully traceable.
🚀 What you can do with PokeFlow:
• Generate unique QR codes for any item or process
• Trigger actions when a QR code is scanned
• Update item status, move items, or log activity automatically
• Add optional security layers like secret codes for controlled actions
• Track every scan with full visibility and audit logs
🎯 Use cases:
• Inventory management (check-in / check-out)
• Field operations and task execution
• Attendance and check-in systems
• Delivery confirmation and proof of action
• Approval checkpoints and controlled workflows
💡 Why teams love PokeFlow:
• Eliminate manual updates and human errors
• Connect real-world actions directly to monday boards
• Improve visibility and accountability
• Build secure and controlled operational flows
• Easy setup with no technical knowledge required
🔐 Security & control:
PokeFlow ensures secure execution by allowing optional verification steps and controlled access to actions triggered via QR scans.
📈 Result:
Faster operations, fewer mistakes, and full traceability of every action performed in the real world.
👉 Want to see it in action? Book a demo or try the app to experience how QR-powered workflows can transform your operations.
Security & Compliance
Security
Does the developer periodically perform penetration testing?
Not answered
Does the developer have a dedicated security and privacy point of contact for such issues or questions?
Yes
Security and privacy related inquiries can be directed to: support@elasticday.com We actively monitor and respond to security, privacy, and compliance reports.
Does the app restrict redirects and forwards only to approved destinations, or show a warning when redirecting to potentially untrusted content?
Yes
The app only allows redirects to approved and trusted domains that are predefined in the application configuration and monday OAuth settings. User-controlled redirects are not allowed, and all external redirects are validated before execution to prevent open redirect vulnerabilities or malicious destinations.
Does the app protect against mass parameter assignment attacks?
Yes
Database operations never use raw request bodies directly. All models use controlled field mapping and validation middleware before persistence.
Does the app perform encoding and sanitization on all user supplied parameters to protect against Cross-Site Scripting?
Yes
The application sanitizes and validates all user-supplied input on both the client and server side to protect against Cross-Site Scripting (XSS) attacks. User input is escaped or sanitized before rendering, and unsafe HTML or script content is not executed. The backend also validates incoming payloads and rejects malicious or invalid content. On the frontend, React’s built-in escaping mechanisms are used, and additional sanitization is applied where necessary.
Does the developer protect all state-changing actions against Cross-Site Request Forgery (CSRF)?
Yes
The application protects state-changing operations against CSRF attacks by validating authenticated sessions and request origins. Sensitive API routes require valid authorization tokens and are protected through backend authentication and request validation mechanisms.
Does the developer have mechanisms to notify monday.com in case of a security breach?
Yes
We have internal monitoring and incident response procedures in place. In the event of a confirmed security incident or data breach affecting monday.com users or services, we will promptly notify monday.com through the appropriate support and security communication channels.
Does this developer have a process for installing application-level updates and security patches for the service (such as software packages and databases)?
Yes
We regularly monitor and update application dependencies, backend services, and infrastructure components to apply security patches and reduce known vulnerabilities. Security updates are reviewed and deployed as part of our ongoing maintenance process.
Compliance
Is the app certified with the information security standard ISO/IEC 27001:2022?
No
Is the app compliant with the Health Insurance Portability and Accountability Act (HIPAA)?
No
Is the app certified with System and Organization Controls (SOC 2 or SOC 3)?
No
Is the app compliant with the General Data Protection Regulation (GDPR)?
Yes
The application follows GDPR security and privacy principles, including data minimization, secure storage, encrypted sensitive data, limited data retention, and user data deletion upon uninstall or request. Customer data is processed only for legitimate application functionality and protected using industry-standard security practices.
Data
Does the app send any data outside of monday.com? If yes, indicate whether the data is customer-submitted (e.g., board names, item names, doc content) or non-customer-submitted (e.g., account ID, board ID, user ID).
Yes
The app sends and stores limited data outside of monday.com in order to provide its core functionality, including QR automation processing, scan logging, recipe configuration, and authentication handling. Stored data may include customer-submitted data such as board IDs, item IDs, item names, scan logs, and automation settings. Sensitive data such as access tokens are encrypted before storage.
Where does the app store logs data?
other
Application logs are stored on secured backend infrastructure hosted on DigitalOcean servers. Logs are used for debugging, monitoring, and security auditing purposes.
Where does the app store the app data?
DB
Application data is stored in a secured MongoDB database hosted on DigitalOcean Managed MongoDB infrastructure. Data is encrypted in transit using TLS and sensitive information is encrypted before storage.
Does the developer ensure application logs do not contain secrets or personally-identifiable information (PII)?
Yes
The application is designed to avoid logging sensitive information such as access tokens, secrets, authentication credentials, or personally identifiable information (PII). Sensitive fields are filtered or masked before logging.
Is customer data segregated from the data of other customers (for example logically or physically)?
Yes
Customer data is logically segregated by account and workspace identifiers. Each customer can only access data associated with their own monday.com account and authorized resources.
Privacy
Does the developer enforce multi-factor authentication on employees access to systems which may process customer data?
Yes
Multi-factor authentication (MFA) is enabled on all critical systems and services used to access or manage customer data, including cloud infrastructure, source control, and administrative accounts.
Does the developer protect access to customer data based on the principle of least privilege?
Yes
Access to customer data is restricted based on the principle of least privilege. The application only requests the minimum OAuth scopes required for functionality, and access to infrastructure, databases, and administrative systems is limited to authorized personnel only.
Reviews
No reviews yet.
Historical data
Installation history
We have data for December 28, 2024 onwards only. Collected sometime after 00:00 UTC daily.
Total number of installs
Change in total number of installs in last 1 day(s)
Compares the number of installs on each date with 1 days previously:
Max
Min
Current
Change in total number of installs in last 7 day(s)
Compares the number of installs on each date with 7 days previously:
Max
Min
Current
Change in total number of installs in last 30 day(s)
Compares the number of installs on each date with 30 days previously:
Max
Min
Current
Change in total number of installs in last 90 day(s)
Compares the number of installs on each date with 90 days previously:
Max
Min
Current
Change in total number of installs in last 180 day(s)
Compares the number of installs on each date with 180 days previously:
Max
Min
Current
Ratings history
Categories history
Each of the following is a yes/no answer, so the graphs show 1 for yes, and 0 for no.
{
"id": 10001176,
"marketplace_developer_id": 10000032,
"app_id": 10949371,
"app_type": "app",
"security_info": {},
"gallery_assets": [
{
"url": "https://cdn.monday.com/marketplace/10001176/10001176_2026_4_13_8_41_13_3kibae1.png",
"type": "image"
},
{
"url": "https://cdn.monday.com/marketplace/10001176/10001176_2026_4_13_8_41_22_yjo7avp.png",
"type": "image"
},
{
"url": "https://cdn.monday.com/marketplace/10001176/10001176_2026_4_13_8_41_25_n3s0tlul.png",
"type": "image"
},
{
"url": "https://cdn.monday.com/marketplace/10001176/10001176_2026_4_13_8_41_29_cz4lt8x.png",
"type": "image"
}
],
"description": "<p>Turn any <a href=\"http://monday.com/\" rel=\"noopener noreferrer\" target=\"_blank\">monday.com</a> item into a real-world action using smart QR codes.</p><p>PokeFlow allows teams to generate QR codes for items, connect them to automated workflows, and track every scan directly inside monday. It bridges the gap between physical actions and digital workflows—making operations faster, smarter, and fully traceable.</p><p>🚀 What you can do with PokeFlow:</p><p>• Generate unique QR codes for any item or process</p><p>• Trigger actions when a QR code is scanned</p><p>• Update item status, move items, or log activity automatically</p><p>• Add optional security layers like secret codes for controlled actions</p><p>• Track every scan with full visibility and audit logs</p><p>🎯 Use cases:</p><p>• Inventory management (check-in / check-out)</p><p>• Field operations and task execution</p><p>• Attendance and check-in systems</p><p>• Delivery confirmation and proof of action</p><p>• Approval checkpoints and controlled workflows</p><p>💡 Why teams love PokeFlow:</p><p>• Eliminate manual updates and human errors</p><p>• Connect real-world actions directly to monday boards</p><p>• Improve visibility and accountability</p><p>• Build secure and controlled operational flows</p><p>• Easy setup with no technical knowledge required</p><p>🔐 Security & control:</p><p>PokeFlow ensures secure execution by allowing optional verification steps and controlled access to actions triggered via QR scans.</p><p>📈 Result:</p><p>Faster operations, fewer mistakes, and full traceability of every action performed in the real world.</p><p>👉 Want to see it in action? Book a demo or try the app to experience how QR-powered workflows can transform your operations.</p>",
"short_description": "Smart QR-powered workflows for monday.com",
"thumbnail_url": "https://cdn.monday.com/marketplace/10001176/10001176_2026_4_13_8_41_0_ql67p2a.png",
"logo_url": "https://cdn.monday.com/marketplace/10001176/10001176_2026_4_13_8_40_58_hb8ncna.png",
"feedback_url": "support@elasticday.com",
"privacy_policy_url": "https://pokeflow.app/privacy",
"featured": false,
"name": "PokeFlow – Smart QR Automation",
"how_to_use_url": "https://pokeflow.app/how-to-use",
"external_pricing_url": null,
"keywords": "monday Integration,Check-in,Audit,Field Service,Operations,Tracking,Inventory,Workflow,Automation,QR Code",
"compliance_answers": [
{
"questionId": 20,
"shortAnswer": false,
"detailedAnswer": ""
},
{
"questionId": 19,
"shortAnswer": true,
"detailedAnswer": "The app sends and stores limited data outside of monday.com in order to provide its core functionality, including QR automation processing, scan logging, recipe configuration, and authentication handling.\n\nStored data may include customer-submitted data such as board IDs, item IDs, item names, scan logs, and automation settings.\nSensitive data such as access tokens are encrypted before storage."
},
{
"questionId": 18,
"detailedAnswer": "Application logs are stored on secured backend infrastructure hosted on DigitalOcean servers.\nLogs are used for debugging, monitoring, and security auditing purposes.",
"logHostingProvider": "other"
},
{
"questionId": 17,
"detailedAnswer": "Application data is stored in a secured MongoDB database hosted on DigitalOcean Managed MongoDB infrastructure.\nData is encrypted in transit using TLS and sensitive information is encrypted before storage.",
"dataHostingProvider": "DB"
},
{
"questionId": 14,
"shortAnswer": true,
"detailedAnswer": "Security and privacy related inquiries can be directed to:\nsupport@elasticday.com\n\nWe actively monitor and respond to security, privacy, and compliance reports."
},
{
"questionId": 13,
"shortAnswer": false,
"detailedAnswer": ""
},
{
"questionId": 12,
"shortAnswer": false,
"detailedAnswer": ""
},
{
"questionId": 11,
"shortAnswer": true,
"detailedAnswer": "The application follows GDPR security and privacy principles, including data minimization, secure storage, encrypted sensitive data, limited data retention, and user data deletion upon uninstall or request.\n\nCustomer data is processed only for legitimate application functionality and protected using industry-standard security practices."
},
{
"questionId": 10,
"shortAnswer": true,
"detailedAnswer": "The app only allows redirects to approved and trusted domains that are predefined in the application configuration and monday OAuth settings.\n\nUser-controlled redirects are not allowed, and all external redirects are validated before execution to prevent open redirect vulnerabilities or malicious destinations."
},
{
"questionId": 9,
"shortAnswer": true,
"detailedAnswer": "Database operations never use raw request bodies directly.\nAll models use controlled field mapping and validation middleware before persistence."
},
{
"questionId": 8,
"shortAnswer": true,
"detailedAnswer": "The application is designed to avoid logging sensitive information such as access tokens, secrets, authentication credentials, or personally identifiable information (PII).\nSensitive fields are filtered or masked before logging."
},
{
"questionId": 7,
"shortAnswer": true,
"detailedAnswer": "Multi-factor authentication (MFA) is enabled on all critical systems and services used to access or manage customer data, including cloud infrastructure, source control, and administrative accounts."
},
{
"questionId": 6,
"shortAnswer": true,
"detailedAnswer": "Access to customer data is restricted based on the principle of least privilege.\n\nThe application only requests the minimum OAuth scopes required for functionality, and access to infrastructure, databases, and administrative systems is limited to authorized personnel only."
},
{
"questionId": 5,
"shortAnswer": true,
"detailedAnswer": "The application sanitizes and validates all user-supplied input on both the client and server side to protect against Cross-Site Scripting (XSS) attacks.\n\nUser input is escaped or sanitized before rendering, and unsafe HTML or script content is not executed.\n\nThe backend also validates incoming payloads and rejects malicious or invalid content.\n\nOn the frontend, React’s built-in escaping mechanisms are used, and additional sanitization is applied where necessary."
},
{
"questionId": 4,
"shortAnswer": true,
"detailedAnswer": "The application protects state-changing operations against CSRF attacks by validating authenticated sessions and request origins.\n\nSensitive API routes require valid authorization tokens and are protected through backend authentication and request validation mechanisms."
},
{
"questionId": 3,
"shortAnswer": true,
"detailedAnswer": "We have internal monitoring and incident response procedures in place.\nIn the event of a confirmed security incident or data breach affecting monday.com users or services, we will promptly notify monday.com through the appropriate support and security communication channels."
},
{
"questionId": 2,
"shortAnswer": true,
"detailedAnswer": "We regularly monitor and update application dependencies, backend services, and infrastructure components to apply security patches and reduce known vulnerabilities.\n\nSecurity updates are reviewed and deployed as part of our ongoing maintenance process."
},
{
"questionId": 1,
"shortAnswer": true,
"detailedAnswer": "Customer data is logically segregated by account and workspace identifiers.\nEach customer can only access data associated with their own monday.com account and authorized resources."
}
],
"created_at": "2026-05-13T08:40:29.000Z",
"updated_at": "2026-05-13T17:30:54.000Z",
"automation_app_id": null,
"marketplace_category_ids": [
6
],
"pinned_for_categories_ids": [],
"featured_for_categories_ids": [],
"pricing_data": null,
"label": null,
"app_values": [
"Centralize your work on monday.com"
],
"security": false,
"display_in_template_store": false,
"acquisition_source": "No touch",
"is_connector": false,
"terms_of_service_url": "https://pokeflow.app/terms",
"available_for_tiers": [],
"available_for_products": [],
"google_analytics_tag_id": null,
"is_solution": false,
"cta_override": null,
"app_scope_str": "boards:read,boards:write,users:read,me:read,account:read,notifications:write,webhooks:write,webhooks:read",
"app_client_id": "40aff98d3176ddc98cf54e125e99fad0",
"app_color": {
"hsl": {
"h": 260.14925373134326,
"s": 0.5929203539823008,
"l": 0.5568627450980392,
"a": 1
},
"hex": "#784bd1",
"rgb": {
"r": 120,
"g": 75,
"b": 209,
"a": 1
},
"hsv": {
"h": 260.14925373134326,
"s": 0.6411483253588516,
"v": 0.8196078431372549,
"a": 1
},
"oldHue": 75.37190082644628,
"source": "hex"
},
"plans": [
{
"id": "10949371-1-starter",
"appPlanId": "starter",
"name": "STARTER",
"versionId": 1,
"isTrial": true,
"prices": {
"type": "standard",
"monthly": 29,
"yearly": 29
},
"versionState": "live",
"appId": 10949371,
"description": "Perfect for small teams getting started with QR workflows and scan tracking inside monday.com.",
"extraData": {
"bullets": [
"1,000 QR Codes",
"3,000 Scans/month",
"Unlimited Boards"
],
"monthlyFee": 29,
"yearlyFee": 29
},
"isFree": false,
"isRecommended": false,
"currency": "USD"
},
{
"id": "10949371-1-business",
"appPlanId": "business",
"name": "BUSINESS",
"versionId": 1,
"isTrial": false,
"prices": {
"type": "standard",
"monthly": 135,
"yearly": 135
},
"versionState": "live",
"appId": 10949371,
"description": "Built for operational teams that need scalable QR processes, advanced management, and higher usage limits.",
"extraData": {
"bullets": [
"20,000 QR Codes",
"50,000 Scans/month",
"Unlimited Boards"
],
"monthlyFee": 135,
"yearlyFee": 135
},
"isFree": false,
"isRecommended": false,
"currency": "USD"
},
{
"id": "10949371-1-unlimited",
"appPlanId": "unlimited",
"name": "UNLIMITED",
"versionId": 1,
"isTrial": false,
"prices": {
"type": "standard",
"monthly": 249,
"yearly": 249
},
"versionState": "live",
"appId": 10949371,
"description": "Full access to all features, maximum limits, and enterprise-ready QR workflow management without restrictions.",
"extraData": {
"bullets": [
"Unlimited QR Codes",
"Unlimited Scans",
"Unlimited Boards"
],
"monthlyFee": 249,
"yearlyFee": 249
},
"isFree": false,
"isRecommended": false,
"currency": "USD"
},
{
"id": "10949371-1-pro",
"appPlanId": "pro",
"name": "PRO",
"versionId": 1,
"isTrial": false,
"prices": {
"type": "standard",
"monthly": 69,
"yearly": 69
},
"versionState": "live",
"appId": 10949371,
"description": "Advanced automation, tracking, and workflow control for growing teams and daily operations.",
"extraData": {
"bullets": [
"5,000 QR Codes",
"15,000 Scans/month",
"Unlimited Boards"
],
"monthlyFee": 69,
"yearlyFee": 69
},
"isFree": false,
"isRecommended": false,
"currency": "USD"
}
],
"app_live_version": {
"updated_at": "2026-04-30T17:44:10.660Z",
"id": 14335253
},
"pricing_model": null,
"badges_data": {
"security": false,
"app_values": [
"Centralize your work on monday.com"
],
"acquisition_source": "No touch",
"display_in_template_store": false
},
"data": {
"is_solution": false,
"cta_override": null,
"is_connector": false,
"available_for_tiers": [],
"terms_of_service_url": "https://pokeflow.app/terms",
"available_for_products": [],
"google_analytics_tag_id": null
},
"display": null,
"installsDelta": {
"totalInstalls": 4
}
}
