Leverage templates to manage, merge, calculate and export board items to Excel spreadsheets and email them periodically with automations.
Security
Client Portal Builder for monday.com security and compliance
Like every app in the monday.com app marketplace, Client Portal Builder went through a review process where it was checked for certain security aspects. Learn about what we do for security and compliance on this page.
Data storage
Client Portal Builder makes use of your monday.com account storage to store data such as the clients, accounts, and the portal configuration – monday.com encrypts the account storage at rest, learn more here. If you uninstall the Client Portal Builder app from your monday.com account, we as vendor lose access to your monday.com account storage.
Hosting
The backend of the Client Portal Builder app is hosted on the infrastructure provided by monday.com using monday code. To provide the best performance possible, the frontend of the Client Portal Builder is hosted on Cloudflare. Both of these service providers are SOC2 certified and regularly audited.
Encryption
The data stored in your monday.com account is encrypted at rest, learn more here. All data transferred between the Client Portal Builder frontend and backend is encrypted through SSL. If you are using the apps custom domain feature, an SSL certificate will be issued for your domain using TLS 1.3.
Multi-region
We make use of a multi-region setup. For example, if your monday.com account is located in the US, monday.com will use US servers to store your data, and the Client Portal Builder backend will also be served from a US server. If your monday.com account is located in the EU, storage and backend will be served from an EU server. Currently, the regions US, EU, and AU are supported. The frontend, hosted on Cloudflare, will automatically be served from a data center near the end-user.
The following is an incomplete list of things we do for security, it might be of interest if you are a technical person. Most of them are considered industry standard and best practices:
- Access tokens are stored in the monday.com secure storage (Hashicorp Vault)
- Passwords are hashed with Scrypt
- The frontend uses React with built-in protection against XSS attacks
- Session tokens expire after two minutes and are stored in a secure cookie
- Secrets get redacted in the logs
- Cloudflare is used as a layer to protect against DDOS and other common attacks
- Login attempts an account can perform is limited to protect against brute-force attacks
- We use Socketto regularly scan third-party dependencies for potential vulnerabilities
- Locally we are using a password manager to store secrets
If your monday.com account has its region set to EU, then the data stored by Client Portal Builder will also be stored on EU servers because it uses the storage provided by monday. In addition, the Client Portal Builder backend will also run on EU servers and the frontend will be delivered from servers near your users. We are not storing account data outside of monday.com – in the Client Portal, we only use a technically necessary session cookie, that's why no cookie banner is shown there.
Is Client Portal Builder SOC2 certified?
Client Portal Builder itself is currently not SOC2 certified, this might be something we'll do in the future – the app is still new. However, the app is heavily dependent on the infrastructure of monday.com and Cloudflare, which are both SOC2 certified.
Does Client Portal Builder support 2FA and SSO?
We would love to add support for 2FA and SSO to the app. If this is something you require, please contact us.
Interested in a product demo?
Let's learn about your requirements, answer questions, and
review ways how we can help you and your organization with
our monday.com apps and solutions.
