JSON Export for monday.com
Effective Date: 01.03.2026
Last Updated: 21.03.2026
1. Introduction
This Privacy Policy explains how JSON Export (“App”) handles information when exporting monday.com board and item data into JSON format. We are committed to privacy, security, and transparency in how we process data through the App.
2. Data We Collect
To provide the App’s functionality, we may process the following categories of data:
- Account and user identifiers
accountId, userId, and related identifiers included in monday.com requests, used to authenticate requests and perform actions in the correct monday.com account.
- Authentication tokens
Short-lived monday.com tokens used during request processing to read board data, create export items, and upload JSON files. These are used only to perform the requested action.
- monday.com content and metadata
Board, item, subitem, group, and column data selected by the user for export. This may include column values, item names, board names, updates, and other metadata available through the monday.com API.
- Exported JSON output
The App generates structured JSON based on the selected monday.com board or item and uploads that JSON file to a file column in a monday.com board chosen by the user.
- Optional webhook delivery data
If the user provides a webhook URL, the exported JSON payload may also be sent to that external endpoint.
- Operational logs
Limited technical and operational metadata used for troubleshooting, monitoring, reliability, and error handling. We do not intentionally log secrets.
3. How We Use Data
We use data only to operate the App and provide its requested features, including to:
- authenticate and validate incoming monday.com requests
- read selected board and item data from monday.com
- generate JSON exports
- create an item on the designated exports board
- upload the JSON file to the selected file column
- optionally send the JSON payload to a webhook URL configured by the user
- monitor, secure, troubleshoot, and improve the App
4. Legal Bases (if applicable)
Where required by applicable law, we rely on the following legal bases:
- Performance of a contract
Processing is necessary to provide the App’s export functionality requested by the user.
- Legitimate interests
Processing is necessary for security, reliability, troubleshooting, abuse prevention, and service improvement.
- Consent or authorization
Processing occurs after the App is authorized within monday.com and when users configure export actions.
5. Data Sharing and Subprocessors
We share data only as necessary to provide the App:
- monday.com
We access and write monday.com data only to perform the export actions configured by the user.
- User-configured webhook recipients
If a webhook URL is provided by the user, the exported JSON payload is sent to that external endpoint. The handling of data by that endpoint is governed by the recipient’s own privacy and security practices.We do not sell or rent personal data.
6. Security
We take reasonable measures to protect data processed through the App, including:
- Request authentication
Incoming monday.com requests are verified using signed tokens.
- Secrets management
App secrets, such as signing secrets, are stored using monday.com-provided secret management tools where applicable.
- Transport security
Communications with monday.com and user-provided webhook endpoints are performed over HTTPS where supported.
- Least privilege
We request only the OAuth scopes needed for the App’s functionality.
- Operational safeguards
We use validation, controlled API access, and rate-limiting approaches to help maintain service stability and reduce misuse.
7. Data Retention
- Exported content
JSON export data is generated in order to perform the requested export and deliver the output to monday.com or to the user-configured webhook. We do not intend to retain exported JSON content on our servers longer than necessary to complete the request.
- Authentication data
Short-lived tokens are used during request execution and are not intended for long-term storage by the App.
- Logs
Operational logs may be retained for a limited period for diagnostics, monitoring, and security purposes.
8. Your Rights
Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict processing of your personal data.You may also:
- revoke the App in monday.com to stop future access
- remove or disable configured automations using the App
- contact us to request deletion of retained operational data, where applicable
9. International Transfers
Data processed through monday.com or user-configured webhook destinations may be transferred to and processed in countries outside your own. Where applicable, we rely on the safeguards provided by those service providers or otherwise required by law.
10. Children’s Privacy
The App is not directed to children, and we do not knowingly collect personal data from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect operational, legal, or product changes. When we do, we will update the Last Updated date above.
12. Contact
If you have questions or requests regarding this Privacy Policy or our data handling practices, contact us at:Email: support@otomosolutions.com
13. Data Deletion and Uninstall
If the App is uninstalled or access is revoked in monday.com, the App will no longer be able to perform exports for that account. You may also contact us to request deletion of any retained operational data, where applicable.
14. Scopes and Permissions
The App requests only the scopes necessary to perform JSON exports:
- boards:read
Used to read board, item, group, column, and subitem data needed to generate JSON exports.
- boards:write
Used to create an item on the selected exports board and upload the generated JSON file to a file column.
- updates:read
Used when item updates are included in the JSON export.
- me:read
Used to validate access and support request/runtime verification.