Security & Privacy

Security & Privacy

TL;DR: Your  monday.com  board and item data never leaves  monday.com . The only data we keep is subscription metadata (plan, quota, admin email) — encrypted in transit and at rest. The app is reviewed and approved by  monday.com , and runs on infrastructure with SOC 2 and ISO 27001 certifications.

Our approach: trust is everything

Trusting a third-party vendor with your work data is a real decision — and we don't take it lightly. At Fantasy Media, we've built Subitem Automations around a simple commitment: your data never leaves  monday.com 's secure environment.
The sections below answer the questions IT and security teams ask most often — exactly what we touch, how it's protected, who's vetted us, and what happens if you ever decide to leave.

Does the app store any of my data?

No board or item data leaves  monday.com .
The only data we store on our end is subscription metadata:
  • Billing cycle start and end dates
  • Remaining action quota
  • Account ID, account name, and the email of the admin who installed the app
This metadata is stored in encrypted Google Cloud storage and handled under GDPR. It never includes board, item, subitem, or column content.

Do you log any of my  monday.com  data?

No. We do not log details of your boards, items, subitems, columns, or any other  monday.com  content.

Is my data encrypted?

Yes — both in transit and at rest.
  • In transit: all data is transmitted over TLS
  • At rest: the subscription metadata we store is encrypted in Google Cloud storage

Has  monday.com  reviewed the app?

Yes. Subitem Automations passed  monday.com 's security and compliance review before being approved on the Marketplace. The review covers OAuth permissions, data handling, and privacy policy.
 monday.com 's own infrastructure carries SOC 2 Type II, ISO 27001, and ISO 27701 certifications, which apply to the environment your work data lives in.

Is Subitem Automations GDPR compliant?

Yes. The app is built and operated to comply with GDPR. The minimal subscription metadata we store is handled under GDPR safeguards.

Where is the app hosted?

Subitem Automations is hosted on Google Cloud Platform. We do not run our own data centers.
GCP holds the following certifications, which apply to all data we store:
  • SOC 2
  • ISO 27001
  • ISO 27017 (cloud-specific security)
  • ISO 27018 (PII protection in the cloud)

What happens to my data if I uninstall the app?

Uninstalling immediately:
  • Revokes our API access to your  monday.com  account
  • Deletes the subscription metadata we stored
  • Stops all automation processing
For written confirmation of full deletion, email  hello@fantasymedia.io .

Important links

  •  End User License Agreement 
  •  Privacy Policy 

Next up

Related

  •  Plans, Billing & Usage 

Still have questions?

If anything here isn't clear or you need help with a security review, email  hello@fantasymedia.io . We're happy to walk through it with you.