Privacy Policy: Client Report Generator

App name: Client Report Generator
Developer: LifeDesign
Contact: support@lifedesignos.com
Website: https://lifedesignos.com
Last updated: June 2026

1. Overview

Client Report Generator is a monday.com board view application that helps agencies generate branded PDF project status reports from their board data. This Privacy Policy explains what data the application accesses, how it is used, where it is stored, and your rights in relation to that data.

By installing or using this application, you agree to the practices described in this policy.

2. Who We Are

This application is developed and maintained by LifeDesign. We are the data processor acting on behalf of your organisation (the data controller) when you use this application within your monday.com workspace.

For privacy-related enquiries, contact us at: support@lifedesignos.com

3. What Data the Application Accesses

3.1 Data read from your monday.com board

The application reads the following data from your monday.com workspace using OAuth 2.0 with read-only scopes (boards:read, me:read):

  • Board column names and types

  • Board item names (task titles)

  • Column values for each item — including status labels, text values, and date values

  • Status column label definitions (e.g. which labels mean Done, Planned, or Blocked)

The application has no write access to your monday.com boards. It cannot create, edit, or delete any items, columns, or boards.

3.2 Data you provide directly

When configuring the application and generating reports, you provide:

  • Your agency name

  • Your brand colour (hex code)

  • Your agency logo (image file — PNG, JPEG, or SVG, maximum 2 MB)

  • Project-specific details entered during report generation: project name, project lead name, project start date, report period dates, milestone names, and any additional notes you choose to include

3.3 Data included in generated PDFs

Each PDF report you generate contains the board data and manually entered details listed above — specifically: project name, client name, task lists, milestone timeline, blockers, and any notes you add. You control what goes into every report before generating it.

3.4 Data we do NOT collect
  • We do not collect or store monday.com user names, email addresses, or profile information beyond what is temporarily held in the session token during your active session.

  • We do not collect payment card details or financial information.

  • We do not use cookies, analytics trackers, or third-party tracking scripts.

  • We do not collect any data from people who are not active users of the application.

4. How We Use Your Data

We use the data described above solely to provide the functionality of the application:

  1. Board configuration (agency name, colours, column mappings): Retained until you reconfigure the application or uninstall it from the board

  2. Milestone data: Retained until overwritten by new milestones or the app is uninstalled

  3. Uploaded logo: Retained until you upload a replacement logo or uninstall the app

  4. Generated PDFs: Retained in Object Storage until storage is cleared upon app uninstallation

  5. OAuth access token: Stored in your browser's sessionStorage only — automatically cleared when you close the browser tab. Not stored on our servers.

  6. Session tokens: Verified on each request and not persisted server-side

We do not use your data for advertising, profiling, or any purpose unrelated to generating your reports.

5. Where Your Data Is Stored

All data is stored exclusively within monday code infrastructure — monday.com's own managed cloud platform, hosted on Google Cloud Platform (GCP). We do not use any external databases, third-party storage providers, or servers outside the monday code environment.

Specifically:

  • Application configuration (agency name, brand colour, column mappings): stored in monday code Key-Value Store, scoped to your board.

  • Milestone data: stored in monday code Key-Value Store, scoped to your board and client name.

  • Logo files: stored in monday code Object Storage, under a path scoped to your board ID.

  • Generated PDF files: stored temporarily in monday code Object Storage after generation.

Your data never leaves monday's infrastructure.

6. Data Retention

DataRetention periodBoard configuration (agency name, colours, column mappings)Retained until you reconfigure the application or uninstall it from the boardMilestone dataRetained until overwritten by new milestones or the app is uninstalledUploaded logoRetained until you upload a replacement logo or uninstall the appGenerated PDFsRetained in Object Storage until storage is cleared upon app uninstallationOAuth access tokenStored in your browser's sessionStorage only — automatically cleared when you close the browser tab. Not stored on our servers.Session tokensVerified on each request and not persisted server-side

When the application is uninstalled from a board, all associated configuration and stored files are no longer accessible.

7. Data Sharing and Third Parties

We do not sell, rent, or share your data with any third party.

The only data flow outside your own browser is:

  1. monday.com's API — the application reads your board data through monday.com's official GraphQL API using the access token you authorise. This is a direct call between our backend and monday.com's servers.

  2. monday code Object Storage — your logo and generated PDFs are stored in monday's own managed storage infrastructure. This is operated by monday.com and subject to their infrastructure security standards.

No data is sent to any analytics service, advertising network, or external database.

8. Security

The application is built with the following security measures:

  • All API communication uses HTTPS/TLS encryption in transit.

  • Your OAuth access token is stored in browser sessionStorage only (not localStorage) — it is cleared automatically when you close the tab and is never logged server-side.

  • Session tokens (provided by monday.com's SDK) are cryptographically verified on every request using HMAC-SHA256.

  • The application uses HTTP security headers (HSTS, X-Content-Type-Options, X-Frame-Options, Referrer-Policy) on all responses.

  • Rate limiting is applied to all API endpoints to prevent abuse.

  • Input validation and length limits are enforced on all data submitted to the backend.

  • Logo files are sanitised before storage (scripts and executable content are stripped from SVG files).

We follow security best practices appropriate for a monday.com marketplace application. However, no system is completely immune to security risks, and we cannot guarantee absolute security.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the application or applicable law. When we do, we will update the "Last updated" date at the top of this page. If changes are material, we will notify users through the monday.com marketplace listing or via the application itself.

Continued use of the application after changes are posted constitutes your acceptance of the updated policy.

10. Contact

For any questions, concerns, or data requests related to this Privacy Policy:

Lifedesign
Email: support@lifedesignos.com
Website: https://lifedesignos.com