Run engaging and customizable retrospectives inside monday.com!
Run your retrospective ceremonies inside monday.com to share insights about your project’s performance and agree on action items to be worked on with ease and highly customizable settings. Achieving continuous improvement has never been easier!
Start with a template or use your own technique.
Run your sessions in a few steps:
Input ideas
Vote to prioritize topics
Discuss and define action items
Transform action items into monday items for improved follow-up in your boards.
Easily keep track of all your sessions.
Upcoming features:
Anonymous mode to make people more comfortable sharing ideas.
Pre-defined retrospective templates - Group ideas by theme
Security & Compliance
Security
Does the developer periodically perform penetration testing?
Not answered
Does the developer have a dedicated security and privacy point of contact for such issues or questions?
Not answered
Does the app restrict redirects and forwards only to approved destinations, or show a warning when redirecting to potentially untrusted content?
Yes
We do not redirect out of our app
Does the app protect against mass parameter assignment attacks?
Yes
Before storing any data we transfer request data fields to DTO objects to avoid store undesired data.
Does the app perform encoding and sanitization on all user supplied parameters to protect against Cross-Site Scripting?
Yes
Sanitization is performed before data is stored in the database, and we do not store secrets or tokens
Does the developer protect all state-changing actions against Cross-Site Request Forgery (CSRF)?
Yes
The app uses a JWT token for api requests. There is a validation in the API to prevent unauthorized requests
Does the developer have mechanisms to notify monday.com in case of a security breach?
Yes
Our Data Breach Management Plan phases: Detection/Identification The breach is discovered internally or Customer’s notified. Analysis/Classification The incident response team is assembled to investigate and mitigate the breach by following these steps: Collection and analysis of information Classifying the personal data breach and assess the level of harm that the incident could cause to data subjects' rights and freedoms, and determine as precisely as possible the severity level of consequences to the individuals. Activate the notification process to monday.com, competent authorities, and data subjects affected. Response process Containment stage: The objective is to follow initial containment measures by isolating the affected system(s) to prevent further damage. Solution/ Eradication stage: Eradication might be needed in order to resolve certain effects of the security incident. The incident response team will also identify and mitigate the vulnerabilities that have been exploited. Recovery stage: Once the breach has been contained and the security vulnerabilities mitigated, the incident response team will work on restoring services to their normal levels while preventing any new incidents from occurring. Notification process This process happens in parallel to the Response process. During this process it is vital to notify the following parties: monday.com: The app security incident will be sent to [email protected]. specifying the security incident, the app, the product affected, and the severity level of the incident. Data subjects affected: App users affected by the breach or security incident will be contacted via email and notified of its potential harm. Appropriate authorities: If it’s probable that the personal data security breach poses a high risk to individual’s rights and freedoms, GDPR established that a competent supervisory authority must be notified with 72 hours of becoming aware of the breach.
Does this developer have a process for installing application-level updates and security patches for the service (such as software packages and databases)?
Yes
Our release management process is the following: We create a release plan detailing all the features and changes that will be rolled out in that specific version. We deploy the new release to a staging environment. Our QA team needs to approve the release according to the acceptance criteria. We deploy to production. Our QA team performs testing in production to ensure everything runs as expected. Also, app architecture is hosted in managed services (Heroku, Mongo atlas), so any kind of security patch is automatically applied by providers. (Please see the image “Release management process” attached, to better understand our process) (See “Priority levels” attachment to understand our time frames)
Compliance
Is the app certified with the information security standard ISO/IEC 27001:2022?
Not answered
Is the app compliant with the Health Insurance Portability and Accountability Act (HIPAA)?
Not answered
Is the app certified with System and Organization Controls (SOC 2 or SOC 3)?
Not answered
Is the app compliant with the General Data Protection Regulation (GDPR)?
Not answered
Data
Does the app send any data outside of monday.com? If yes, indicate whether the data is customer-submitted (e.g., board names, item names, doc content) or non-customer-submitted (e.g., account ID, board ID, user ID).
Not answered
Where does the app store logs data?
Not answered
Where does the app store the app data?
Not answered
Does the developer ensure application logs do not contain secrets or personally-identifiable information (PII)?
Yes
We do not store secrets, or personal information, only IDs to create the data relations required by the app.
Is customer data segregated from the data of other customers (for example logically or physically)?
No
all customers data is in the same database, we use the Monday client id to keep the data related to each client
Privacy
Does the developer enforce multi-factor authentication on employees access to systems which may process customer data?
Yes
Mongo atlas and Heroku provide multi-factor authentication (See multifactor screenshots)
Does the developer protect access to customer data based on the principle of least privilege?
{
"id": 124,
"description": "<p>Run your <strong>retrospective ceremonies</strong> inside monday.com to share insights about your project’s performance and agree on action items to be worked on with ease and highly customizable settings. Achieving continuous improvement has never been easier! </p><ul><li>Start with a template or use your own technique. </li><li>Run your sessions in a few steps: </li><li class=\"ql-indent-1\">Input ideas</li><li class=\"ql-indent-1\">Vote to prioritize topics</li><li>Discuss and define action items </li><li>Transform action items into monday items for improved follow-up in your boards. </li><li>Easily keep track of all your sessions.</li></ul><p><br></p><p>Upcoming features:</p><ul><li>Anonymous mode to make people more comfortable sharing ideas.</li><li>Pre-defined retrospective templates - Group ideas by theme</li></ul>",
"short_description": "Run engaging and customizable retrospectives inside monday.com!",
"compliance_answers": [
{
"questionId": 1,
"shortAnswer": false,
"detailedAnswer": "all customers data is in the same database, we use the Monday client id to keep the data related to each client\n"
},
{
"questionId": 2,
"shortAnswer": true,
"detailedAnswer": "Our release management process is the following: \n\nWe create a release plan detailing all the features and changes that will be rolled out in that specific version. \n\nWe deploy the new release to a staging environment. \n\nOur QA team needs to approve the release according to the acceptance criteria. \n\nWe deploy to production. \n\nOur QA team performs testing in production to ensure everything runs as expected. \n\nAlso, app architecture is hosted in managed services (Heroku, Mongo atlas), so any kind of security patch is automatically applied by providers.\n\n(Please see the image “Release management process” attached, to better understand our process)\n\n(See “Priority levels” attachment to understand our time frames)"
},
{
"questionId": 3,
"shortAnswer": true,
"detailedAnswer": "Our Data Breach Management Plan phases: \n\nDetection/Identification \nThe breach is discovered internally or Customer’s notified. \n\nAnalysis/Classification \nThe incident response team is assembled to investigate and mitigate the breach by following these steps: \nCollection and analysis of information\nClassifying the personal data breach and assess the level of harm that the incident could cause to data subjects' rights and freedoms, and determine as precisely as possible the severity level of consequences to the individuals. \nActivate the notification process to monday.com, competent authorities, and data subjects affected.\n\nResponse process \nContainment stage: The objective is to follow initial containment measures by isolating the affected system(s) to prevent further damage. \nSolution/ Eradication stage: Eradication might be needed in order to resolve certain effects of the security incident. The incident response team will also identify and mitigate the vulnerabilities that have been exploited. \nRecovery stage: Once the breach has been contained and the security vulnerabilities mitigated, the incident response team will work on restoring services to their normal levels while preventing any new incidents from occurring. \n\nNotification process \nThis process happens in parallel to the Response process. \nDuring this process it is vital to notify the following parties: \nmonday.com: The app security incident will be sent to [email protected]. specifying the security incident, the app, the product affected, and the severity level of the incident.\nData subjects affected: App users affected by the breach or security incident will be contacted via email and notified of its potential harm. \nAppropriate authorities: If it’s probable that the personal data security breach poses a high risk to individual’s rights and freedoms, GDPR established that a competent supervisory authority must be notified with 72 hours of becoming aware of the breach. "
},
{
"questionId": 4,
"shortAnswer": true,
"detailedAnswer": "The app uses a JWT token for api requests. There is a validation in the API to prevent unauthorized requests\n"
},
{
"questionId": 5,
"shortAnswer": true,
"detailedAnswer": "Sanitization is performed before data is stored in the database, and we do not store secrets or tokens\n"
},
{
"questionId": 6,
"shortAnswer": true,
"detailedAnswer": "Only classified company employees have access to this account\n\nHector Benitez - [email protected]\n\nFrancisco Neri - [email protected]\n\nMaury zapata - [email protected]\n"
},
{
"questionId": 7,
"shortAnswer": true,
"detailedAnswer": "Mongo atlas and Heroku provide multi-factor authentication\n\n(See multifactor screenshots)\n"
},
{
"questionId": 8,
"shortAnswer": true,
"detailedAnswer": "We do not store secrets, or personal information, only IDs to create the data relations required by the app.\n"
},
{
"questionId": 9,
"shortAnswer": true,
"detailedAnswer": "Before storing any data we transfer request data fields to DTO objects to avoid store undesired data.\n"
},
{
"questionId": 10,
"shortAnswer": true,
"detailedAnswer": "We do not redirect out of our app"
}
],
"badges_data": {
"pricing_data": "14 days trial",
"acquisition_source": "Existing legacy",
"app_values": [
"Make data-driver decisions"
]
},
"data": {
"terms_of_service_url": "https://www.catapultlabs.com/legal"
},
"keywords": "vote,voting,retro,sprint,iteration,scrum,ceremonies",
"thumbnail_url": "https://dapulse-res.cloudinary.com/image/upload/v1621878179/monday-apps-marketplace/Agile%20Retrospectives/App_Card_Image-Retros.png",
"logo_url": "https://dapulse-res.cloudinary.com/image/upload/v1621878180/monday-apps-marketplace/Agile%20Retrospectives/App_Icon-Retros.png",
"feedback_url": "[email protected]",
"privacy_policy_url": "https://www.catapultlabs.com/legal",
"external_pricing_url": "",
"featured": null,
"security": null,
"display_in_template_store": null,
"acquisition_source": "Existing legacy",
"terms_of_service_url": "https://www.catapultlabs.com/legal",
"label": null,
"app_values": [
"Make data-driver decisions"
],
"security_info": null,
"gallery_assets": [
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1621878179/monday-apps-marketplace/Agile%20Retrospectives/Gallery_Image_1_1.png"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1621878179/monday-apps-marketplace/Agile%20Retrospectives/Gallery_Image_2_1.png"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1621878181/monday-apps-marketplace/Agile%20Retrospectives/Gallery_Image_3_2.png"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1621878180/monday-apps-marketplace/Agile%20Retrospectives/Gallery_Image_4_2.png"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1621878180/monday-apps-marketplace/Agile%20Retrospectives/Gallery_Image_5_1.png"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1621878179/monday-apps-marketplace/Agile%20Retrospectives/Gallery_Image_6_2.png"
},
{
"url": "https://dapulse-res.cloudinary.com/video/upload/v1646843306/monday-apps-marketplace/Agile%20Retrospectives/Retrospectives_1.mp4",
"type": "video"
}
],
"pricing_data": "14 days trial",
"marketplace_developer_id": 56,
"app_id": 26486,
"marketplace_category_ids": [
10000000,
6
],
"name": "Agile Retrospectives",
"app_scope_str": "users:read,boards:read,boards:write,account:read,me:read",
"app_client_id": "db374025aeb5179ae7e55584de966837",
"app_color": {
"rgb": {
"r": 255,
"g": 255,
"b": 255,
"a": 1
},
"hex": "#ffffff"
},
"created_at": "2021-05-24T17:49:07.000Z",
"updated_at": "2024-10-13T08:07:36.657Z",
"how_to_use_url": "https://softwaredevtools.com/documentation/retrospectives-monday/",
"automation_app_id": null,
"plans": [
{
"id": "26486-1-5-seats",
"appId": 26486,
"appPlanId": "5-seats",
"versionId": 1,
"versionState": "live",
"name": "Free - Up to 5 seats",
"description": "",
"extraData": {
"bullets": [],
"monthlyFee": 0,
"yearlyFee": 0,
"maxSeats": 5
},
"isTrial": false,
"isRecommended": false,
"isFree": true,
"currency": "USD",
"prices": {
"type": "seat_based",
"monthly": 0,
"yearly": 0,
"maxSeats": 5
}
},
{
"id": "26486-1-50-seats",
"appId": 26486,
"appPlanId": "50-seats",
"versionId": 1,
"versionState": "live",
"name": "Up to 50 seats",
"description": "",
"extraData": {
"bullets": [],
"monthlyFee": 50,
"yearlyFee": 42,
"maxSeats": 50
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "seat_based",
"monthly": 50,
"yearly": 42,
"maxSeats": 50
}
},
{
"id": "26486-1-100-seats",
"appId": 26486,
"appPlanId": "100-seats",
"versionId": 1,
"versionState": "live",
"name": "Up to 100 seats",
"description": "",
"extraData": {
"bullets": [],
"monthlyFee": 100,
"yearlyFee": 83,
"maxSeats": 100
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "seat_based",
"monthly": 100,
"yearly": 83,
"maxSeats": 100
}
},
{
"id": "26486-1-500-seats",
"appId": 26486,
"appPlanId": "500-seats",
"versionId": 1,
"versionState": "live",
"name": "Up to 500 seats",
"description": "",
"extraData": {
"bullets": [],
"monthlyFee": 325,
"yearlyFee": 271,
"maxSeats": 500
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "seat_based",
"monthly": 325,
"yearly": 271,
"maxSeats": 500
}
},
{
"id": "26486-1-700-seats",
"appId": 26486,
"appPlanId": "700-seats",
"versionId": 1,
"versionState": "live",
"name": "Up to 700 seats",
"description": "",
"extraData": {
"bullets": [],
"monthlyFee": 455,
"yearlyFee": 379,
"maxSeats": 700
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "seat_based",
"monthly": 455,
"yearly": 379,
"maxSeats": 700
}
},
{
"id": "26486-1-1000-seats",
"appId": 26486,
"appPlanId": "1000-seats",
"versionId": 1,
"versionState": "live",
"name": "Up to 1000 seats",
"description": "",
"extraData": {
"bullets": [],
"monthlyFee": 650,
"yearlyFee": 542,
"maxSeats": 1000
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "seat_based",
"monthly": 650,
"yearly": 542,
"maxSeats": 1000
}
},
{
"id": "26486-1-unlimited-seats",
"appId": 26486,
"appPlanId": "unlimited-seats",
"versionId": 1,
"versionState": "live",
"name": "Unlimited seats",
"description": "",
"extraData": {
"bullets": [],
"monthlyFee": 1200,
"yearlyFee": 1000,
"maxSeats": 1000000
},
"isTrial": true,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "seat_based",
"monthly": 1200,
"yearly": 1000,
"maxSeats": 1000000
}
},
{
"id": "26486-1-25-seats",
"appId": 26486,
"appPlanId": "25-seats",
"versionId": 1,
"versionState": "live",
"name": "Up to 25 seats",
"description": "",
"extraData": {
"bullets": [],
"monthlyFee": 25,
"yearlyFee": 21,
"maxSeats": 25
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "seat_based",
"monthly": 25,
"yearly": 21,
"maxSeats": 25
}
},
{
"id": "26486-1-200-seats",
"appId": 26486,
"appPlanId": "200-seats",
"versionId": 1,
"versionState": "live",
"name": "Up to 200 seats",
"description": "",
"extraData": {
"bullets": [],
"monthlyFee": 150,
"yearlyFee": 125,
"maxSeats": 200
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "seat_based",
"monthly": 150,
"yearly": 125,
"maxSeats": 200
}
},
{
"id": "26486-1-300-seats",
"appId": 26486,
"appPlanId": "300-seats",
"versionId": 1,
"versionState": "live",
"name": "Up to 300 seats",
"description": "",
"extraData": {
"bullets": [],
"monthlyFee": 225,
"yearlyFee": 188,
"maxSeats": 300
},
"isTrial": false,
"isRecommended": false,
"isFree": false,
"currency": "USD",
"prices": {
"type": "seat_based",
"monthly": 225,
"yearly": 188,
"maxSeats": 300
}
}
],
"featured_for_categories_ids": [],
"pinned_for_categories_ids": [],
"pricing_model": "seat_based",
"app_type": null,
"display": null,
"is_connector": null,
"google_analytics_tag_id": null,
"app_live_version": {
"updated_at": "2024-03-24T08:46:50Z",
"id": 10077017
},
"is_solution": null,
"available_for_tiers": null,
"available_for_products": null
}
