Approvals v2 — Privacy Policy

Last updated: 7 July 2026

This policy explains what data Approvals v2 ("the app") processes when you install and use it on monday.com, why, how we protect it, and your rights. The data controller is GetCompliant (RVDH Interim Management B.V.), contactable at info@getcompliant.online.

1. What we store

We store the minimum needed to run the approval workflow. We do not collect your monday login credentials, and we do not read board data beyond what a request references.

DataWhy
monday account IDTo associate installations, requests, and your subscription with your account.
OAuth access token (encrypted)To post updates and send notifications on your behalf. Stored encrypted at rest (AES-256-GCM); never exposed to end users.
Approval requests — title, optional description, status, and the board & item identifiers (and item name) they belong toTo create and track each approval on the right item.
monday user IDs (and, where shown, display names) of requesters, assigned approvers, and anyone who comments or decidesTo route requests to the right approvers, enforce who may decide, and record an accurate audit trail.
Audit events — action type, optional comment, and timestampTo provide the immutable audit trail (who approved/rejected/commented, when).

2. How we use it

Data is used solely to provide the app’s functionality: creating approval requests, routing them to approvers, recording decisions and comments, mirroring outcomes into the item’s Updates, and determining your subscription tier. We do not sell your data, use it for advertising, or share it with third parties for their own purposes.

3. Personal data (PII)

The only personal data we process are monday user identifiers and, where monday displays them, associated names. These are used strictly to operate the approval workflow. The OAuth token is treated as a secret: encrypted at rest and transmitted only over TLS. We apply the principle of data minimisation and request only the monday permission scopes the app actually uses.

4. Data storage & security

5. Retention & deletion

6. Sub-processors

7. Your rights

Under the GDPR you have the right to access, correct, export, or delete your personal data, and to object to or restrict its processing. To exercise any of these, contact info@getcompliant.online. You also have the right to lodge a complaint with your local data protection authority.

8. Changes to this policy

We may update this policy as the app evolves. Material changes will be reflected here with a new "Last updated" date.

Contact
GetCompliant (RVDH Interim Management B.V.)
info@getcompliant.online