Privacy Policy

Last updated: February 4, 2026

1. Who we are

Lectonia Devs ("we", "us", "our") operates the website lectonia.dev (the "Site") and develops the Connected Automations application (the "App") for use with the monday.com work operating system ("monday.com").

This Privacy Policy explains how we process personal data in connection with:

• Visitors to our Site, and
• Users of our App, when it is installed and used within monday.com accounts.

If you do not agree with this Policy, please do not use our Site or install or use our App.

2. Data controllers and processors

For the purposes of the EU General Data Protection Regulation (GDPR) and similar laws:

• For data you enter and store in monday.com, monday.com Ltd. is generally the data processor acting on behalf of your organisation (the data controller).
• Where our App processes data from your monday.com account to provide its functionalities, we act as a data processor (or sub-processor) on behalf of your organisation and only on your documented instructions as configured through monday.com.
• For data collected directly via our Site (for example, when you contact us via email or a contact form), we act as a data controller.

Our App uses infrastructure operated by third-party providers, including Firebase (Google LLC or its affiliates) ("Firebase"), for hosting, logging and operational purposes. These providers act as processors on our behalf.

3. What data we process

3.1 Data processed via the App (within monday.com)

When you install and configure the App, we may process, through monday.com’s APIs and your configured recipes, the following categories of data:

• monday.com account and technical data:
  • Account ID, user ID, short-lived tokens or API tokens provided by monday.com
  • Board IDs, item IDs, column IDs and types
  • Integration recipe configuration and logs necessary to operate the App
• monday.com board and item data:
  • Item names and column values for the columns you explicitly configure
  • Column values may include, depending on your configuration: text, numbers, statuses, dates and times, people (user references), teams, tags, links, emails, phone numbers, locations, and other custom or system fields.
  • For file or doc columns, we may process metadata or identifiers and not necessarily the full file content.

We do not independently create or collect monday.com data; we only process it through monday.com’s APIs as required to provide the App functionality you configure.

3.2 Data processed via our Site and support channels

If you visit our Site or contact us for support, we may collect:

• Contact information: name, email address, and any other details you choose to provide.
• Support information: the content of your support request, including screenshots or logs you voluntarily send.
• Technical and usage information (via standard web server logs or analytics tools, if used): IP address, browser type and version, device identifiers, pages visited, timestamps, and referring URLs.

We do not combine Site visitor data with monday.com board data except as needed to respond to a support request you initiate.

4. Purpose and legal basis of processing

We process personal data only for the following purposes:

• To provide and operate the App: executing your configured automations and recipes within monday.com; reading, transforming, and writing monday.com board and item data as configured.
• To maintain and improve the App and Site: monitoring performance, debugging errors and ensuring security and reliability.
• To provide support: responding to emails or messages you send us regarding issues, questions or feedback.
• To comply with legal obligations: maintaining records required by applicable law and responding to lawful requests.

Where GDPR applies, our legal bases typically include performance of a contract, legitimate interests, and where required, consent (for example, for certain analytics or cookies on our Site).

5. No unsolicited contact

We do not use monday.com installation data to contact you for marketing or sales.

• We do not proactively contact people or organisations who install the App.
• We only communicate with you when you contact us first (for example, via support email or contact form), or when monday.com forwards us a request or ticket that you have initiated.

6. Use of monday.com and Firebase

6.1 monday.com

The App runs within the monday.com environment and uses official monday.com APIs and SDKs. Your data remains stored in monday.com’s systems in accordance with your agreement with monday.com. We access and process this data only via authenticated API calls and only as needed to perform your configured recipes.

Please refer to monday.com’s own privacy documentation and data processing agreements for details on their hosting locations, sub-processors, and security measures.

6.2 Firebase

We may use Firebase services for backend infrastructure, such as Cloud Functions, databases, and logging or monitoring tools. These services may process limited personal data (such as identifiers, log data, and any board or item information necessary to perform the configured automations).

Firebase is provided by Google LLC or its affiliates and may store data in data centers located outside your country, including in the European Union and/or the United States. We configure Firebase and our App to store only the minimum operational data necessary and to respect security best practices, including encryption in transit and at rest where provided by Firebase.

7. Data retention

We retain personal data for no longer than necessary:

• monday.com board and item data: we generally do not persist the full content of board data outside monday.com, except transiently in memory or logs necessary for operation and debugging. Any persisted identifiers or logs are retained only as long as needed for security, troubleshooting, and performance monitoring.
• Support and contact data: we retain emails, tickets and related correspondence for as long as necessary to resolve your request and for a reasonable period thereafter for reference and legal compliance.
• Technical logs: retention periods for logs (including any personal data contained in them) are limited and subject to periodic deletion or anonymisation.

If your organisation uninstalls the App from monday.com, we will cease processing new data from your monday.com account. Residual logs or backups may remain for a limited time, after which they are deleted or anonymised.

8. Data sharing and international transfers

We do not sell or rent your personal data.

We may share personal data with:

• Service providers and sub-processors: monday.com, Firebase / Google Cloud and other infrastructure providers, and other carefully selected vendors necessary to operate the App and Site. These parties only process data on our behalf and under data processing agreements that require appropriate security and confidentiality.
• Authorities: where required by law, court order, or competent authority, or to protect our rights, property, or safety, or that of others.

Where data is transferred outside the European Economic Area (EEA), for example to the United States, we rely on appropriate safeguards such as the EU Standard Contractual Clauses or other recognized transfer mechanisms, as required by applicable law.

9. Security

We implement technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures include, where appropriate:

• Use of secure connections (HTTPS/TLS);
• Access controls and authentication for administrative interfaces;
• Limiting data access to personnel and systems on a need-to-know basis;
• Leveraging security features provided by monday.com and Firebase.

However, no system can be guaranteed 100% secure. You are responsible for maintaining the security of your monday.com account credentials and access.

10. Your rights (GDPR and similar laws)

Where GDPR or similar data protection laws apply, you may have rights such as:

• Right of access to know whether we process your data and to obtain a copy;
• Right to rectification of inaccurate or incomplete data;
• Right to erasure in certain circumstances;
• Right to restriction of processing in certain cases;
• Right to data portability where processing is based on consent or contract and carried out by automated means;
• Right to object to processing based on legitimate interests, including profiling;
• Right to withdraw consent where processing is based on consent, without affecting the lawfulness of processing before withdrawal.

For data stored in monday.com, your primary contact is your organisation (as controller) and/or monday.com. For data we control (such as support communications), you can exercise your rights by contacting us using the details below. We may need to verify your identity before responding.

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State where you live or work, or where an alleged infringement has occurred.

11. Children’s privacy

Our Site and App are not directed to children under 16, and we do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data without appropriate consent, please contact us and we will take steps to delete such data.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by a revised "Last updated" date at the top. Material changes will be notified in a manner we consider appropriate (for example, via our Site).

13. Contact us

If you have questions about this Privacy Policy or our data practices, or if you wish to exercise your data protection rights, please contact us at:

Email: support@lectonia.dev

Postal address: Lectonia Devs, [Registered address], [City], [Country]

This document is a template and does not constitute legal advice. Please consult with your legal counsel before relying on it.