Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
Monday.com's Privacy Policy explains what personal information the company collects when you use its work management platform, including your name, email, payment details, device data, and the content you and your team upload. The most important thing to know is that monday.com shares your data with third-party advertising and analytics partners, and your personal information may be transferred to the United States even if you are based in the EU or UK. You can review and adjust your cookie and tracking preferences using the cookie consent tool on the monday.com website, and EU and California users can request access to, correction of, or deletion of their personal data by contacting privacy@monday.com.
This document is monday.com's Privacy Policy, governing the collection, use, storage, and sharing of personal data for visitors to its website and users of its work management platform, with the stated legal basis varying by jurisdiction (consent, legitimate interests, and contractual necessity under GDPR for EEA users; statutory compliance obligations for California residents under CCPA/CPRA). The policy states that monday.com collects a broad range of personal data including account registration information, payment details, usage and log data, device identifiers, location data, and content users upload to the platform, and the terms authorize sharing this data with third-party sub-processors, affiliated companies, advertising partners, and in the context of business transfers. A notable structural distinction is monday.com's dual role as both a data controller (for visitor and marketing data) and a data processor (for customer-uploaded content within the platform), with the policy explicitly stating that customer data processed within the service is governed by the applicable customer agreement rather than this policy, limiting consumer-facing rights disclosures for that data category. The policy engages GDPR, CCPA/CPRA, and potentially other regional frameworks, and explicitly addresses the transfer of personal data from the EEA, UK, and Switzerland to the United States, relying on Standard Contractual Clauses and adequacy decisions as transfer mechanisms. Compliance teams should note the policy's acknowledgment of cookie-based advertising and analytics tracking, AI feature disclosures, and the need to evaluate sub-processor agreements, data processing addenda, and regional consent mechanisms.
Institutional analysis available with Professional
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.
Start Professional free trialMonitoring
Monday.com has updated this document before.
Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
Professional Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Professional free trialCross-platform context
See how other platforms handle Third-Party Advertising and Analytics Data Sharing and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.