Privacy Policy: Client Report Generator

App name: Client Report Generator
Developer: LifeDesign
Contact: support@lifedesignos.com
Website: https://lifedesignos.com
Last updated: June 2026

1. Overview

Client Report Generator is a monday.com board view application that helps agencies generate branded PDF project status reports from their board data. This Privacy Policy explains what data the application accesses, how it is used, where it is stored, and your rights in relation to that data.

By installing or using this application, you agree to the practices described in this policy.

2. Who We Are

This application is developed and maintained by LifeDesign. We are the data processor acting on behalf of your organisation (the data controller) when you use this application within your monday.com workspace.

For privacy-related enquiries, contact us at: support@lifedesignos.com

3. What Data the Application Accesses

3.1 Data read from your monday.com board

The application reads the following data from your monday.com workspace using OAuth 2.0 with read-only scopes (boards:read, me:read):

  • Board column names and types

  • Board item names (task titles)

  • Column values for each item — including status labels, text values, and date values

  • Status column label definitions (e.g. which labels mean Done, Planned, or Blocked)

The application has no write access to your monday.com boards. It cannot create, edit, or delete any items, columns, or boards.

3.2 Data you provide directly

When configuring the application and generating reports, you provide:

  • Your agency name

  • Your brand colour (hex code)

  • Your agency logo (image file — PNG, JPEG, or SVG, maximum 2 MB)

  • Project-specific details entered during report generation: project name, project lead name, project start date, report period dates, milestone names, and any additional notes you choose to include

3.3 Data included in generated PDFs

Each PDF report you generate contains the board data and manually entered details listed above — specifically: project name, client name, task lists, milestone timeline, blockers, and any notes you add. You control what goes into every report before generating it.

3.4 Data we do NOT collect
  • We do not collect or store monday.com user names, email addresses, or profile information beyond what is temporarily held in the session token during your active session.
  • We do not collect payment card details or financial information.

  • We do not use cookies, analytics trackers, or third-party tracking scripts.

  • We do not collect any data from people who are not active users of the application.

4. How We Use Your Data

We use the data described above solely to provide the functionality of the application:

  1. Board configuration (agency name, colours, column mappings): Retained until you reconfigure the application or uninstall it from the board

  2. Milestone data: Retained until overwritten by new milestones or the app is uninstalled

  3. Uploaded logo: Retained until you upload a replacement logo or uninstall the app

  4. Generated PDFs: Retained in Object Storage until storage is cleared upon app uninstallation

  5. OAuth access token: Stored in your browser's sessionStorage only — automatically cleared when you close the browser tab. Not stored on our servers.

  6. Session tokens: Verified on each request and not persisted server-side

We do not use your data for advertising, profiling, or any purpose unrelated to generating your reports.

5. Where Your Data Is Stored

All data is stored exclusively within monday code infrastructure — monday.com's own managed cloud platform, hosted on Google Cloud Platform (GCP). We do not use any external databases, third-party storage providers, or servers outside the monday code environment.

Specifically:

  • Application configuration (agency name, brand colour, column mappings): stored in monday code Key-Value Store, scoped to your board.

  • Milestone data: stored in monday code Key-Value Store, scoped to your board and client name.

  • Logo files: stored in monday code Object Storage, under a path scoped to your board ID.

  • Generated PDF files: stored temporarily in monday code Object Storage after generation.

Your data never leaves monday's infrastructure.

6. Data Retention

What we store and how long we keep it:

  • Board configuration (agency name, brand colour, column mappings) — retained until you reconfigure the application or uninstall it from the board

  • Milestone data — retained until overwritten by new milestones or the app is uninstalled

  • Uploaded logo — retained until you upload a replacement or uninstall the app

  • Generated PDFs — stored temporarily in Object Storage solely to issue a download link. The download link expires shortly after generation. The file is not retained for ongoing access.

  • OAuth access token — stored in your browser's local storage within the monday.com iframe sandbox. This storage is isolated to the monday.com domain and is not accessible to external websites. It persists across sessions so you are not required to re-authenticate each time you open the app. It is cleared if you clear your browser data or uninstall the app. It is not stored on our servers.

  • Session tokens — verified on each request and not persisted server-side

What happens when you uninstall:

Configuration data, milestone data, and uploaded logos are stored on Monday code's infrastructure. Upon uninstallation, your OAuth token is revoked and this data becomes inaccessible to all parties including us. We do not operate an active deletion process for residual storage data, as this is managed at the infrastructure level by monday.com

7. Data Sharing and Third Parties

We do not sell, rent, or share your data with any third party.

The only data flow outside your own browser is:

  1. monday.com's API — the application reads your board data through monday.com's official GraphQL API using the access token you authorise. This is a direct call between our backend and monday.com's servers.

  2. monday code Object Storage — your logo and generated PDFs are stored in monday's own managed storage infrastructure. This is operated by monday.com and subject to their infrastructure security standards.

No data is sent to any analytics service, advertising network, or external database.

8. Security

The application is built with the following security measures:

  • All API communication uses HTTPS/TLS encryption in transit.

  • Your OAuth access token is stored in browser sessionStorage only (not localStorage) — it is cleared automatically when you close the tab and is never logged server-side.

  • Session tokens (provided by monday.com's SDK) are cryptographically verified on every request using HMAC-SHA256.

  • The application uses HTTP security headers (HSTS, X-Content-Type-Options, X-Frame-Options, Referrer-Policy) on all responses.

  • Rate limiting is applied to all API endpoints to prevent abuse.

  • Input validation and length limits are enforced on all data submitted to the backend.

  • Logo files are sanitised before storage (scripts and executable content are stripped from SVG files).

We follow security best practices appropriate for a monday.com marketplace application. However, no system is completely immune to security risks, and we cannot guarantee absolute security.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the application or applicable law. When we do, we will update the "Last updated" date at the top of this page. If changes are material, we will notify users through the monday.com marketplace listing or via the application itself.

Continued use of the application after changes are posted constitutes your acceptance of the updated policy.

10. Contact

For any questions, concerns, or data requests related to this Privacy Policy:

Lifedesign
Email: support@lifedesignos.com
Website: https://lifedesignos.com