Last updated: 7 July 2026
This policy explains what data Approvals v2 ("the app") processes when you install and use it on monday.com, why, how we protect it, and your rights. The data controller is GetCompliant (RVDH Interim Management B.V.), contactable at info@getcompliant.online.
We store the minimum needed to run the approval workflow. We do not collect your monday login credentials, and we do not read board data beyond what a request references.
| Data | Why |
|---|---|
| monday account ID | To associate installations, requests, and your subscription with your account. |
| OAuth access token (encrypted) | To post updates and send notifications on your behalf. Stored encrypted at rest (AES-256-GCM); never exposed to end users. |
| Approval requests — title, optional description, status, and the board & item identifiers (and item name) they belong to | To create and track each approval on the right item. |
| monday user IDs (and, where shown, display names) of requesters, assigned approvers, and anyone who comments or decides | To route requests to the right approvers, enforce who may decide, and record an accurate audit trail. |
| Audit events — action type, optional comment, and timestamp | To provide the immutable audit trail (who approved/rejected/commented, when). |
Data is used solely to provide the app’s functionality: creating approval requests, routing them to approvers, recording decisions and comments, mirroring outcomes into the item’s Updates, and determining your subscription tier. We do not sell your data, use it for advertising, or share it with third parties for their own purposes.
The only personal data we process are monday user identifiers and, where monday displays them, associated names. These are used strictly to operate the approval workflow. The OAuth token is treated as a secret: encrypted at rest and transmitted only over TLS. We apply the principle of data minimisation and request only the monday permission scopes the app actually uses.
Under the GDPR you have the right to access, correct, export, or delete your personal data, and to object to or restrict its processing. To exercise any of these, contact info@getcompliant.online. You also have the right to lodge a complaint with your local data protection authority.
We may update this policy as the app evolves. Material changes will be reflected here with a new "Last updated" date.