Checkmarks

Privacy Policy

Thank you for using our customer onboarding app for monday.com ("Checkmarks", "we", "our", or "us"). Your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your personal data when you use our app.

What Information We Collect

When you use Checkmarks, we may collect the following information:

  • monday.com account details: Your name, email address, team name, and other data you authorize via the monday.com API.
  • Onboarding data: Any information you or your team input into your onboarding plans, such as tasks, customer names, status updates, etc.
  • Usage data: Logs of how you use the app (e.g., timestamps, usage frequency, feature usage) to help us improve the experience.
  • Communication data: If you contact us for support, we may store messages and contact information.

How We Use Your Data

We use your data to:

  • Provide and operate our onboarding features
  • Sync and display onboarding information from monday.com
  • Improve the app and develop new features
  • Respond to your support requests and inquiries
  • Send essential service-related notifications (never spam)

We do not sell, rent, or trade your personal data.

Legal Basis (GDPR)

Under the General Data Protection Regulation (GDPR), our lawful bases for processing personal data are:

  • Contractual necessity: To provide the services you've signed up for
  • Legitimate interest: To improve our app and ensure security
  • Consent: Where applicable (e.g., when subscribing to optional updates)

Data Sharing and Subprocessors

We may share data with trusted service providers and third-party services:

Infrastructure & Core Services

  • Render.com: Application and database hosting
  • Cloudflare R2: File storage for user uploads
  • Brevo (Sendinblue): Email delivery for transactional emails (magic links, notifications)
  • monday.com: Core platform integration and API (required for app functionality)

Analytics & Monitoring

  • PostHog: Product analytics (cookieless mode, EU-hosted)
  • Sentry: Error monitoring and debugging

Optional Feature Integrations

When you use specific features, we may integrate with:

  • monday.com Workforms: Form builder integration (only when using form tasks)
  • PandaDoc: Document signature collection (only when using signature tasks)
  • Calendly / Cal.com: Meeting scheduling (only when using meeting booking tasks)
  • Iframely: Embed previews for rich content display

All subprocessors are GDPR-compliant and only process data on our behalf under strict confidentiality agreements. These services use secure HTTPS connections with TLS 1.2+ encryption.

Cookies and Tracking Technologies

We use cookies and similar technologies to provide and improve our service:

Essential Cookies

We use a single essential cookie (_checkmarks_session) for authentication and session management. This cookie is strictly necessary to provide the service and does not require consent under GDPR Article 5(3) ePrivacy Directive.

  • Purpose: Authentication and security
  • Expiration: 4 weeks
  • Security: httpOnly and secure flags enabled

Analytics and Error Monitoring

We use the following third-party services to improve our app:

PostHog (Product Analytics): We use PostHog in cookieless mode to understand how users interact with our app and improve the experience. PostHog does not set tracking cookies and instead uses server-generated hashing with a daily salt to identify sessions. This hash is not considered Personal Data under GDPR as it cannot be reversed to identify individuals. The daily salt ensures users appear as different sessions each day, preventing persistent cross-day tracking. Data collected includes page views, feature usage, and user flows. PostHog is hosted in the EU (https://eu.i.posthog.com) and is GDPR-compliant.

Sentry (Error Monitoring): We use Sentry to monitor and fix technical errors. The Sentry SDK does not set cookies. It collects error reports, stack traces, and technical context to help us identify and resolve issues quickly. Sentry is GDPR-compliant and processes data under strict security standards.

Your Choices

You can control tracking and analytics through your browser settings:

  • Clear your browser's localStorage to reset analytics data
  • Enable "Do Not Track" in your browser preferences
  • Contact us at hello@checkmarks.app to request opt-out from analytics

Please note that blocking essential cookies may affect your ability to use certain features of our service.

Data Storage and Retention

Data is stored securely with providers that offer GDPR-compliant safeguards.

We retain onboarding data as long as your account is active. You can delete your data at any time by contacting support or uninstalling the app.

Your Rights

If you are located in the EU or UK, you have the right to:

  • Access the data we hold about you
  • Correct or update inaccurate data
  • Delete your data ("right to be forgotten")
  • Object to or restrict processing
  • Export your data in a portable format

Security

We take appropriate technical and organizational measures to protect your data against unauthorized access, alteration, or loss.

Changes to This Policy

We may update this policy from time to time. We’ll notify you via monday.com or email if any significant changes are made.

Contact Us

If you have questions or concerns about your privacy, please contact: hello@checkmarks.app