Create charts and scheduled reports from your data.
Use the library of 15+ charts to create the exact chart you’re looking for. See a high-level overview across all of your boards, track KPIs and longer-term trends.
✅ Track completed work by assignee / project / client etc.
✅ Create charts based on your time tracking columns.
✅ Compare multiple values with multi-bar and line charts.
✅ Track lead & cycle times to Identify bottlenecks.
✅ Use burndown and burnup charts to stay on track.
✅ Get data-driven forecasts of your delivery dates.
✅ Track KPIs across all of your monday boards.
✅ Export to CSV, PNG, and JSON.
✅ Share charts with public share links or embed them to monday dashboards.
What our customers are saying:
"I'm really in love with this tool. It provides useful, actionable insights that actually help to identify process improvement opportunities with a few clicks!" — João Otávio Vieira, A5 Labs
💙 Read 90+ reviews to learn why modern teams use Screenful to unblock the flow, align on business objectives, and drive continuous improvement.
Does the app restrict redirects and forwards only to approved destinations, or show a warning when redirecting to potentially untrusted content?
Yes
There are only two cases in which Screenful would redirect the user. 1) Authorisation OAuth flow. 2) Opening a task in Monday. In both cases the link leads to monday.com domain
Does the app protect against mass parameter assignment attacks?
Yes
Incoming parameters are explicitly white-listed and/or blacklisted in the API implementation, so properties that users should not be able to change cannot be changed.
Does the app perform encoding and sanitization on all user supplied parameters to protect against Cross-Site Scripting?
Yes
The user interface sanitises all data before showing it. On the server side user input is sanitised, for example when pulling in data via the monday API.
Does the developer protect all state-changing actions against Cross-Site Request Forgery (CSRF)?
Yes
Screenful is a single-page app that uses a REST API for getting and manipulating data. There is no concept of a session, and no cookies are sent with the request for authorization. Instead, when user logs in, a JWT is returned by the API, and stored in the browser local storage. The app uses it to authorise further API requests. The authorisation token is sent in the HTTPS request header.
Does the developer have mechanisms to notify monday.com in case of a security breach?
Yes
As per our Product Security Guidelines document: In the event of a security breach we will take the following actions. • When the breach comes to our attention it is escalated immediately to the CTO. • We evaluate which users are affected and notify them via email. • We notify partners via their specified channels, in the case of monday.com we would first contact [email protected] • We promptly answer queries from customers and partners. • After the incident is resolved we notify our users and partners about the resolution. • We update our policies and practices accordingly.
Does this developer have a process for installing application-level updates and security patches for the service (such as software packages and databases)?
Yes
Screenful uses the Heroku PaaS as the platform for application hosting and managed databases. You can read more about their security from here: https://heroku.com/escurity. On the application level we use tools that check for vulnerabilities on each source code commit, and we resolve those promptly.
Compliance
Is the app certified with the information security standard ISO/IEC 27001:2022?
Not answered
Is the app compliant with the Health Insurance Portability and Accountability Act (HIPAA)?
No
Is the app certified with System and Organization Controls (SOC 2 or SOC 3)?
No
Is the app compliant with the General Data Protection Regulation (GDPR)?
Yes
Data
Does the app send any data outside of monday.com? If yes, indicate whether the data is customer-submitted (e.g., board names, item names, doc content) or non-customer-submitted (e.g., account ID, board ID, user ID).
Not answered
Where does the app store logs data?
Not answered
Where does the app store the app data?
Not answered
Does the developer ensure application logs do not contain secrets or personally-identifiable information (PII)?
Yes
The main principle is that all data that passes through Screenful API is sent in the HTTPS request body. Only the request URL and query parameters are logged. The same goes for requests Screenful makes to other services. This ensures personal informations is not logged. All authentication and authorisation secrets are passed in HTTPS request headers, which are not logged, or in the request body. As second line of defence we treat logs with confidentiality. They are transferred over secure connections to a centralised logging service to which only authorised employees have access to.
Is customer data segregated from the data of other customers (for example logically or physically)?
Yes
Screenful keeps customer data logically separated. All users are authenticated and every requests is authorised so that users see data only from their own account.
Privacy
Does the developer enforce multi-factor authentication on employees access to systems which may process customer data?
Yes
MFA is required for access to all systems that contain customer data
Does the developer protect access to customer data based on the principle of least privilege?
Yes
Customer support staff and system admins need access to user’s data in order to do their jobs. Access is limited to only those employees that really need it and when they need it, as stated in our information security policy
Reviews
June 12, 2023
M: Doesn't work. Full of bugs
Installation history
We have data for December 28, 2024 onwards only. Collected sometime after 00:00 UTC daily.
{
"id": 102,
"description": "<p>Use the library of 15+ charts to create the exact chart you’re looking for. See a high-level overview across all of your boards, track KPIs and longer-term trends.</p><p><br></p><p>✅ Track completed work by assignee / project / client etc.</p><p>✅ Create charts based on your time tracking columns.</p><p>✅ Compare multiple values with multi-bar and line charts.</p><p>✅ Track lead & cycle times to Identify bottlenecks.</p><p>✅ Use burndown and burnup charts to stay on track.</p><p>✅ Get data-driven forecasts of your delivery dates.</p><p>✅ Track KPIs across all of your monday boards.</p><p>✅ Export to CSV, PNG, and JSON.</p><p>✅ Share charts with public share links or embed them to monday dashboards.</p><p><br></p><p><strong>What our customers are saying:</strong></p><p><em>\"I'm really in love with this tool. It provides useful, actionable insights that actually help to identify process improvement opportunities with a few clicks!\"</em> — João Otávio Vieira, A5 Labs</p><p><br></p><p>💙 <a href=\"https://www.capterra.com/p/139635/Screenful-for-Agile/reviews/\" rel=\"noopener noreferrer\" target=\"_blank\"><strong>Read 90+ reviews</strong></a> to learn why modern teams use Screenful to unblock the flow, align on business objectives, and drive continuous improvement.</p><p><br></p><p>📖 <a href=\"https://screenful.com/monday\" rel=\"noopener noreferrer\" target=\"_blank\">Learn more about Custom Charts for monday.com</a> or <a href=\"https://screenful.com/tour/charts\" rel=\"noopener noreferrer\" target=\"_blank\">check out the product tour.</a></p>",
"short_description": "Create charts and scheduled reports from your data.",
"compliance_answers": [
{
"questionId": 1,
"shortAnswer": true,
"detailedAnswer": "Screenful keeps customer data logically separated. All users are authenticated and every requests is authorised so that users see data only from their own account. "
},
{
"questionId": 2,
"shortAnswer": true,
"detailedAnswer": "Screenful uses the Heroku PaaS as the platform for application hosting and managed databases. You can read more about their security from here: https://heroku.com/escurity. On the application level we use tools that check for vulnerabilities on each source code commit, and we resolve those promptly."
},
{
"questionId": 3,
"shortAnswer": true,
"detailedAnswer": "As per our Product Security Guidelines document:\n\nIn the event of a security breach we will take the following actions.\n\n•\tWhen the breach comes to our attention it is escalated immediately to the CTO.\n•\tWe evaluate which users are affected and notify them via email.\n•\tWe notify partners via their specified channels, in the case of monday.com we would first contact [email protected]\n•\tWe promptly answer queries from customers and partners.\n•\tAfter the incident is resolved we notify our users and partners about the resolution.\n•\tWe update our policies and practices accordingly."
},
{
"questionId": 4,
"shortAnswer": true,
"detailedAnswer": "Screenful is a single-page app that uses a REST API for getting and manipulating data. There is no concept of a session, and no cookies are sent with the request for authorization. Instead, when user logs in, a JWT is returned by the API, and stored in the browser local storage. The app uses it to authorise further API requests. The authorisation token is sent in the HTTPS request header."
},
{
"questionId": 5,
"shortAnswer": true,
"detailedAnswer": "The user interface sanitises all data before showing it. On the server side user input is sanitised, for example when pulling in data via the monday API."
},
{
"questionId": 6,
"shortAnswer": true,
"detailedAnswer": "Customer support staff and system admins need access to user’s data in order to do their jobs. Access is limited to only those employees that really need it and when they need it, as stated in our information security policy"
},
{
"questionId": 7,
"shortAnswer": true,
"detailedAnswer": "MFA is required for access to all systems that contain customer data"
},
{
"questionId": 8,
"shortAnswer": true,
"detailedAnswer": "The main principle is that all data that passes through Screenful API is sent in the HTTPS request body. Only the request URL and query parameters are logged. The same goes for requests Screenful makes to other services. This ensures personal informations is not logged.\n\nAll authentication and authorisation secrets are passed in HTTPS request headers, which are not logged, or in the request body. \n\nAs second line of defence we treat logs with confidentiality. They are transferred over secure connections to a centralised logging service to which only authorised employees have access to. "
},
{
"questionId": 9,
"shortAnswer": true,
"detailedAnswer": "Incoming parameters are explicitly white-listed and/or blacklisted in the API implementation, so properties that users should not be able to change cannot be changed."
},
{
"questionId": 10,
"shortAnswer": true,
"detailedAnswer": "There are only two cases in which Screenful would redirect the user. 1) Authorisation OAuth flow. 2) Opening a task in Monday. In both cases the link leads to monday.com domain"
},
{
"questionId": 11,
"shortAnswer": true
},
{
"questionId": 12,
"shortAnswer": false
},
{
"questionId": 13,
"shortAnswer": false
},
{
"questionId": 14,
"shortAnswer": true,
"detailedAnswer": "[email protected]"
},
{
"questionId": 15,
"shortAnswer": false,
"detailedAnswer": "We use a third party vulnerability scanner"
}
],
"badges_data": {
"pricing_data": "14 days trial",
"acquisition_source": "Existing legacy",
"app_values": [
"Make data-driver decisions"
]
},
"data": {
"terms_of_service_url": "https://screenful.com/legal/terms-of-service"
},
"keywords": "metrics,analytics,chart, report,dashboard, agile, burnup,burndown,forecast, business intelligence",
"thumbnail_url": "https://dapulse-res.cloudinary.com/image/upload/v1614614707/monday-apps-marketplace/Dashboards%20by%20Screenful/App_Card_-_Dashboards_by_Screenful.png",
"logo_url": "https://dapulse-res.cloudinary.com/image/upload/v1613492689/monday-apps-marketplace/Dashboards%20by%20Screenful/icon_192.png",
"feedback_url": "[email protected]",
"privacy_policy_url": "https://screenful.com/data-and-security",
"external_pricing_url": "https://screenful.com/pricing",
"featured": null,
"security": null,
"display_in_template_store": null,
"acquisition_source": "Existing legacy",
"terms_of_service_url": "https://screenful.com/legal/terms-of-service",
"label": null,
"app_values": [
"Make data-driver decisions"
],
"security_info": null,
"gallery_assets": [
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1705236995/monday-apps-marketplace/Dashboards%20by%20Screenful/Jan%2024/Gallery_Image_1.png"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1705236995/monday-apps-marketplace/Dashboards%20by%20Screenful/Jan%2024/Gallery_Image_2.png"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1705236995/monday-apps-marketplace/Dashboards%20by%20Screenful/Jan%2024/Gallery_Image_3.png"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1705236995/monday-apps-marketplace/Dashboards%20by%20Screenful/Jan%2024/Gallery_Image_4.png"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1705236995/monday-apps-marketplace/Dashboards%20by%20Screenful/Jan%2024/Gallery_Image_5.png"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1705236995/monday-apps-marketplace/Dashboards%20by%20Screenful/Jan%2024/Gallery_Image_6.png"
}
],
"pricing_data": "14 days trial",
"marketplace_developer_id": 16,
"app_id": 19544,
"marketplace_category_ids": [],
"name": "Custom Charts by Screenful",
"app_scope_str": "me:read,boards:read,users:read,account:read,updates:read,tags:read,teams:read,workspaces:read",
"app_client_id": "af2301bffe636f89a73c978908463ffc",
"app_color": {
"rgb": {
"r": 255,
"g": 255,
"b": 255,
"a": 1
},
"hex": "#ffffff"
},
"created_at": "2021-02-16T16:31:06.000Z",
"updated_at": "2024-10-13T08:07:34.566Z",
"how_to_use_url": "https://screenful.com/guide/monday/dashboards-embed",
"automation_app_id": null,
"plans": null,
"featured_for_categories_ids": null,
"pinned_for_categories_ids": null,
"pricing_model": null,
"app_type": null,
"display": null,
"is_connector": null,
"google_analytics_tag_id": null,
"app_live_version": {
"updated_at": "2024-08-20T11:27:43Z",
"id": 10317111
},
"is_solution": null,
"available_for_tiers": null,
"available_for_products": null
}
