Monday.com updated its Privacy Policy on June 29, 2026, clarifying complaint and appeal procedures for data subject rights violations. The revised language broadens the complaint submission process, allowing users to lodge complaints directly with Monday.com if they believe their personal data processing violates applicable data protection law, in addition to complaints to supervisory authorities. The updated terms also establish a specific acknowledgment and response timeline, stating that Monday.com will acknowledge receipt of complaints and respond within applicable regulatory timeframes.
The updated policy establishes a direct complaint submission mechanism for users who believe Monday.com's personal data processing violates applicable data protection law. Previously, the policy stated that GDPR-protected individuals could lodge complaints with supervisory authorities; the revised language broadens this to acknowledge that users may have rights under various regulatory frameworks, including GDPR. The updated terms now explicitly authorize users to submit complaints directly to Monday.com regarding either data protection violations or how the company handled a data subject rights request, with a commitment to acknowledge receipt and respond within applicable regulatory timeframes. You can submit a complaint to support@monday.com or the Data Protection Officer at dpo@monday.com.
The updated language formalizes and clarifies Monday.com's complaint procedures under data protection law, establishing explicit timelines for acknowledgment and response. This change makes the company's complaint process more transparent and creates a documented procedure that strengthens user rights to escalate concerns about data protection violations directly to the company, separate from supervisory authority complaints.
→ If you believe Monday.com's processing of your personal data violates applicable data protection law, you can submit a complaint directly to support@monday.com or the Data Protection Officer at dpo@monday.com and expect acknowledgment and response within applicable regulatory timeframes.
→ If you do not submit a complaint to Monday.com directly, you may pursue complaints through supervisory authorities, but you will not have formalized Monday.com acknowledgment and response timelines for internal escalation.
Users may now submit complaints directly to Monday.com regarding data protection violations or mishandling of data subject rights requests.
Monday.com commits to acknowledge receipt of complaints and respond within applicable regulatory timeframes.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
Monday.com revised its complaint procedures to establish a direct submission pathway for data protection violation complaints and formalize response commitments. The change adds specificity around acknowledgment and response timelines governed by 'applicable regulatory timeframes,' which would be interpreted under GDPR, CCPA, and equivalent frameworks applicable to the complainant's jurisdiction. Organizations using Monday.com for personal data processing should confirm this change does not create new vendor accountability obligations under their own privacy policies or Data Processing Agreements. The change does not materially alter Monday.com's stated authority but does create a documented procedure that may be audited under compliance reviews.
GDPR (complaint rights under Articles 77-78); CCPA (complaint procedures); UK GDPR; Swiss Federal Data Protection Act; Israel's Protection of Privacy Law. These frameworks establish user rights to lodge complaints with supervisory authorities and, in some cases, directly with organizations.
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-003338.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorAd personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.