Manage Agile Retrospectives right inside monday.com
Appgami Retrospectives is a versatile app for agile teams run engaging realtime remote retrospective sessions right inside monday.com.
Start with a template or create your own to walk your team through retrospectives from start to finish.
Discuss, add and group ideas into similar categories to facilitate discussions.
Set up a timer for focused time boxed discussions.
Team members can anonymously vote and create action items natively integrated with monday.com boards.
Appgami Retrospectives enables teams to have effective conversations and surface insights that fuel continuous improvement.
Security & Compliance
Security
Does the developer periodically perform penetration testing?
Not answered
Does the developer have a dedicated security and privacy point of contact for such issues or questions?
Not answered
Does the app restrict redirects and forwards only to approved destinations, or show a warning when redirecting to potentially untrusted content?
No
There are no redirects and forwards.
Does the app protect against mass parameter assignment attacks?
Yes
All data goes through Firebase, which has their own communication protocol rather than separate requests for each operation.
Does the app perform encoding and sanitization on all user supplied parameters to protect against Cross-Site Scripting?
Yes
This is done by using best practices of React programming. No user input is directly appended to the html, but goes through React expressions.
Does the developer protect all state-changing actions against Cross-Site Request Forgery (CSRF)?
Yes
- React-based frontend: we use best practices of React programming to prevent attacks. - Firebase authentication and connections: by using firebase, authentication is partially delegated to the framework.
Does the developer have mechanisms to notify monday.com in case of a security breach?
Yes
When a new security breach is identified, we would get in touch with monday.com via email, providing an estimated time for resolution. Once the patch is released, we would inform monday.com.
Does this developer have a process for installing application-level updates and security patches for the service (such as software packages and databases)?
Yes
Dependencies are constantly checked and updated based on dependabot (Github). We use a database as a service provided by Google Firebase (Firestore), which already provides superior security then managing our own database.
Compliance
Is the app certified with the information security standard ISO/IEC 27001:2022?
Not answered
Is the app compliant with the Health Insurance Portability and Accountability Act (HIPAA)?
Not answered
Is the app certified with System and Organization Controls (SOC 2 or SOC 3)?
Not answered
Is the app compliant with the General Data Protection Regulation (GDPR)?
Not answered
Data
Does the app send any data outside of monday.com? If yes, indicate whether the data is customer-submitted (e.g., board names, item names, doc content) or non-customer-submitted (e.g., account ID, board ID, user ID).
Not answered
Where does the app store logs data?
Not answered
Where does the app store the app data?
Not answered
Does the developer ensure application logs do not contain secrets or personally-identifiable information (PII)?
Yes
- We do not store any Personal identifiable information. - Only IDs can be part of logs. We use code review for preventing any other logs to be added to the codebase.
Is customer data segregated from the data of other customers (for example logically or physically)?
Yes
The data is segregated logically. The application has a multi-tenant approach to storing data. All data is linked to a specific tenant ID and filtered accordingly when retrieving the information. In addition to that, there are Firebase Security Rules preventing one customer from accessing data from others, verifying the resources being retrieved against the tenant ID present in the JWT token provided by Monday, making sure that no DB queries will run on other customers' data.
Privacy
Does the developer enforce multi-factor authentication on employees access to systems which may process customer data?
Yes
Firebase access is controlled through our company's Google account. Two-auth authentication and other security mechanisms are used by Google for signing in.
Does the developer protect access to customer data based on the principle of least privilege?
Yes
Only the director of technology has access to the production Firebase project (including the database - Firestore). For development and staging, there are separate Firebase projects in place.
Reviews
No reviews yet.
Installation history
We have data for December 28, 2024 onwards only. Collected sometime after 00:00 UTC daily.
{
"id": 84,
"description": "<p><strong>Appgami Retrospectives</strong> is a versatile app for agile teams run engaging realtime remote retrospective sessions right inside monday.com.</p><p><br></p><p>Start with a template or create your own to walk your team through retrospectives from start to finish.</p><p><br></p><ul><li>Discuss, add and group ideas into similar categories to facilitate discussions.</li><li>Set up a timer for focused time boxed discussions.</li><li>Team members can anonymously vote and create action items natively integrated with monday.com boards.</li></ul><p><br></p><p>Appgami Retrospectives enables teams to have effective conversations and surface insights that fuel continuous improvement.</p>",
"short_description": "Manage Agile Retrospectives right inside monday.com",
"compliance_answers": [
{
"questionId": 1,
"shortAnswer": true,
"detailedAnswer": "The data is segregated logically. The application has a multi-tenant approach to storing data. All data is linked to a specific tenant ID and filtered accordingly when retrieving the information.\n\nIn addition to that, there are Firebase Security Rules preventing one customer from accessing data from others, verifying the resources being retrieved against the tenant ID present in the JWT token provided by Monday, making sure that no DB queries will run on other customers' data.\n"
},
{
"questionId": 2,
"shortAnswer": true,
"detailedAnswer": "Dependencies are constantly checked and updated based on dependabot (Github). We use a database as a service provided by Google Firebase (Firestore), which already provides superior security then managing our own database.\n"
},
{
"questionId": 3,
"shortAnswer": true,
"detailedAnswer": "When a new security breach is identified, we would get in touch with monday.com via email, providing an estimated time for resolution. Once the patch is released, we would inform monday.com."
},
{
"questionId": 4,
"detailedAnswer": "- React-based frontend: we use best practices of React programming to prevent attacks.\n- Firebase authentication and connections: by using firebase, authentication is partially delegated to the framework.\n",
"shortAnswer": true
},
{
"questionId": 5,
"shortAnswer": true,
"detailedAnswer": "This is done by using best practices of React programming. No user input is directly appended to the html, but goes through React expressions.\n"
},
{
"questionId": 6,
"shortAnswer": true,
"detailedAnswer": "Only the director of technology has access to the production Firebase project (including the database - Firestore). For development and staging, there are separate Firebase projects in place."
},
{
"questionId": 7,
"shortAnswer": true,
"detailedAnswer": "Firebase access is controlled through our company's Google account. Two-auth authentication and other security mechanisms are used by Google for signing in.\n"
},
{
"questionId": 8,
"shortAnswer": true,
"detailedAnswer": "- We do not store any Personal identifiable information.\n- Only IDs can be part of logs. We use code review for preventing any other logs to be added to the codebase."
},
{
"questionId": 9,
"shortAnswer": true,
"detailedAnswer": "All data goes through Firebase, which has their own communication protocol rather than separate requests for each operation."
},
{
"questionId": 10,
"shortAnswer": false,
"detailedAnswer": "There are no redirects and forwards.\n"
}
],
"badges_data": {
"pricing_data": "Free",
"acquisition_source": "Existing legacy",
"app_values": [
"Make data-driver decisions"
]
},
"data": {
"terms_of_service_url": "https://www.appgami.com/terms-of-service"
},
"keywords": "Agile ,Continuous improvement ,Software development ,PDCA ,Teamwork ,Postmortem ,Post-mortem ,Sprint review ,Facilitation",
"thumbnail_url": "https://dapulse-res.cloudinary.com/image/upload/v1606666442/monday-apps-marketplace/Appgami%20Retrospectives/Card_Image_Appgami_Retrospectives.png",
"logo_url": "https://dapulse-res.cloudinary.com/image/upload/v1606666443/monday-apps-marketplace/Appgami%20Retrospectives/Icon_1.png",
"feedback_url": "[email protected]",
"privacy_policy_url": "https://www.appgami.com/privacy-policy",
"external_pricing_url": null,
"featured": null,
"security": null,
"display_in_template_store": null,
"acquisition_source": "Existing legacy",
"terms_of_service_url": "https://www.appgami.com/terms-of-service",
"label": null,
"app_values": [
"Make data-driver decisions"
],
"security_info": null,
"gallery_assets": [
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1608015487/monday-apps-marketplace/Appgami%20Retrospectives/v2/Monday_Retrospectives.001.png"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1608015488/monday-apps-marketplace/Appgami%20Retrospectives/v2/Monday_Retrospectives.002.png"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1608015488/monday-apps-marketplace/Appgami%20Retrospectives/v2/Monday_Retrospectives.003.png"
},
{
"url": "https://dapulse-res.cloudinary.com/image/upload/v1608015488/monday-apps-marketplace/Appgami%20Retrospectives/v2/Monday_Retrospectives.004.png"
},
{
"url": "https://dapulse-res.cloudinary.com/video/upload/v1649362467/monday-apps-marketplace/Appgami%20Retrospectives/v2/Appgami_-1080p-220326.mp4",
"type": "video"
},
{
"url": "https://cdn.monday.com/marketplace/84/84_2025_0_12_14_8_35_zhssxa3.png",
"type": "image"
}
],
"pricing_data": "Free",
"marketplace_developer_id": 32,
"app_id": 19525,
"marketplace_category_ids": [
8,
6,
5
],
"name": "Appgami Retrospectives",
"app_scope_str": "me:read,boards:read,boards:write,users:read",
"app_client_id": "563dae1ef47e1e3ee7556b6df385aa37",
"app_color": {
"rgb": {
"r": 209,
"g": 233,
"b": 75,
"a": 1
},
"hex": "#d1e94b"
},
"created_at": "2020-11-29T16:30:39.000Z",
"updated_at": "2025-01-13T16:51:17.128Z",
"how_to_use_url": "https://monday-retrospectives.web.app/how-to-use/monday/index.html",
"automation_app_id": null,
"plans": null,
"featured_for_categories_ids": [],
"pinned_for_categories_ids": [],
"pricing_model": null,
"app_type": null,
"display": null,
"is_connector": null,
"google_analytics_tag_id": null,
"app_live_version": {
"updated_at": "2024-03-24T08:42:21Z",
"id": 10007486
},
"is_solution": null,
"available_for_tiers": null,
"available_for_products": null
}
