Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
Monday.com's Privacy Policy establishes the framework for collection, use, and sharing of personal data generated through the platform, including account identifiers, payment information, device data, and user-uploaded content. The policy authorizes monday.com to share personal data with third-party advertising partners, analytics providers, and affiliated entities, and permits international transfer of data from EU and UK users to the United States under Standard Contractual Clauses. Users may submit data access, correction, or deletion requests to privacy@monday.com and manage cookie preferences through the platform's consent tool.
This document is monday.com's Privacy Policy, governing the collection, use, storage, and sharing of personal data for visitors to its website and users of its work management platform, with the stated legal basis varying by jurisdiction (consent, legitimate interests, and contractual necessity under GDPR for EEA users; statutory compliance obligations for California residents under CCPA/CPRA). The policy states that monday.com collects a broad range of personal data including account registration information, payment details, usage and log data, device identifiers, location data, and content users upload to the platform, and the terms authorize sharing this data with third-party sub-processors, affiliated companies, advertising partners, and in the context of business transfers. A notable structural distinction is monday.com's dual role as both a data controller (for visitor and marketing data) and a data processor (for customer-uploaded content within the platform), with the policy explicitly stating that customer data processed within the service is governed by the applicable customer agreement rather than this policy, limiting consumer-facing rights disclosures for that data category. The policy engages GDPR, CCPA/CPRA, and potentially other regional frameworks, and explicitly addresses the transfer of personal data from the EEA, UK, and Switzerland to the United States, relying on Standard Contractual Clauses and adequacy decisions as transfer mechanisms. Compliance teams should note the policy's acknowledgment of cookie-based advertising and analytics tracking, AI feature disclosures, and the need to evaluate sub-processor agreements, data processing addenda, and regional consent mechanisms.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Start Compliance free trialMonitoring
Monday.com has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Compliance free trialCross-platform context
See how other platforms handle Third-Party Advertising and Analytics Data Sharing and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.