← Back to home

Privacy Policy

Last updated: March 22, 2026

This Privacy Policy explains how Sorobu ("we", "us", "our") collects, uses, and protects your personal data when you use our website and monday.com extensions. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Who We Are

Sorobu operates the website sorobu.io and develops native extensions for monday.com, including Mind Map View.

Data Controller: Sorobu

Contact: hello@sorobu.io

2. How Our Extensions Work with Your Data

Key Principle: Your data stays in monday.com

Our extensions (including Mind Map View) operate as client-side applications running in your browser. They communicate directly with monday.com's API to read and write board data. We do not operate external servers that store or process your board data. However, support data submitted through our forms is stored separately (see Section 4).

What our extensions access

  • Board structure — groups, items, subitems, and their hierarchy
  • Item names — to display and edit node labels
  • Person column data — for person assignment features
  • Board metadata — board name, view configuration
  • Local debug logs — the extension stores diagnostic logs (board IDs, action history) in your browser's localStorage for troubleshooting purposes. This data never leaves your device unless you choose to share it with us.

What our extensions do NOT do

  • Store board data on external servers
  • Send board data to third parties
  • Access data from boards where the extension is not installed
  • Retain any board data on external servers after you close the view

3. What Data We Collect

Beyond your monday.com board data (which we do not store), we may collect:

Website Data

  • IP address (for security and analytics)
  • Browser type and version
  • Pages visited and time spent

Account & Subscription Data

  • monday.com account ID (to manage your subscription plan)
  • Email address (if you contact support)
  • Payment information (processed by monday.com, not stored by us)

4. Support Forms & Bug Reports

How we collect support data

We use monday.com WorkForms to allow users to submit bug reports and feature requests. These forms are accessible from within our extensions.

Data collected through support forms

  • Report title — a summary of the bug or feature request
  • Description — free-text details provided by you
  • Email address (required) — so we can follow up with you
  • App version — collected automatically via URL parameter
  • Subscription plan — collected automatically to help prioritize and contextualize your request

Debug logs shared during support

When you export debug logs from the application and share them with us for support purposes, these logs may contain:

  • User ID — your monday.com user identifier
  • Board ID — the identifier of the board you were working on
  • Action history — a record of actions performed in the extension

This data is used solely to diagnose your issue and is subject to the same 3-year retention policy as other support data.

How this data is stored and used

  • Storage: Submissions are stored in a monday.com workspace managed by Sorobu. Unlike board data (which stays client-side), this data is persisted on monday.com's servers under our control.
  • Purpose: User support, bug resolution, and feature prioritization.
  • Retention: Support data is kept for 3 years after the ticket is resolved, then permanently deleted.
  • Legal basis: Legitimate interest (Article 6(1)(f) GDPR) — maintaining product quality and providing user support.

5. Why We Collect Your Data

Service Delivery

To provide and maintain our monday.com extensions and manage your subscription.

Service Improvement

To analyze usage patterns and improve our extensions.

User Support

To respond to bug reports and feature requests submitted through our support forms.

Security & Compliance

To prevent fraud, ensure security, and comply with legal obligations.

Legal Basis (GDPR): We process your data based on your consent (Article 6(1)(a) GDPR), contractual necessity (Article 6(1)(b) GDPR), and our legitimate interests (Article 6(1)(f) GDPR).

6. How We Protect Your Data

Security Measures

  • ✓ Client-side architecture — no external storage of board data
  • ✓ All communications over HTTPS (TLS 1.3)
  • ✓ OAuth authentication via monday.com (we never see your password)
  • ✓ Regular security updates and monitoring
  • ✓ GDPR-compliant data processing

Data Breach Notification

In the event of a data breach likely to result in a high risk to your rights and freedoms, we will notify you within 72 hours in accordance with Article 34 GDPR.

7. How Long We Keep Your Data

Board Data

Not retained. Board data is processed in-memory and never stored outside monday.com.

Account Data

As long as your subscription is active. Deleted within 30 days of account closure.

Analytics

Anonymized analytics data is kept for 3 years to track long-term trends.

Support Data

Bug reports and feature requests are kept for 3 years after resolution, then permanently deleted.

Legal

Records required for legal compliance are kept for 7 years after account closure.

8. Who Accesses Your Data

monday.com

Purpose: Platform provider — our extensions run within their ecosystem

Data: Board data is accessed via their API according to their own privacy policy

Data processor: monday.com also acts as a data processor for support form submissions (bug reports, feature requests) stored in our workspace

Vercel

Purpose: Website and static asset hosting

Data: Access logs, IP addresses

We never sell your data or share it with advertisers or third-party marketers.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right to Access

Request a copy of the personal data we hold about you.

Right to Rectification

Correct any inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Portability

Receive your data in a machine-readable format.

Right to Object

Object to processing of your personal data.

Right to Withdraw Consent

Withdraw your consent at any time.

How to Exercise Your Rights

Contact us at hello@sorobu.io. We will respond within 30 days as required by GDPR.

10. Cookies and Tracking

Our website does not set cookies

This website is a static site that does not use cookies, tracking scripts, or analytics tools. We do not set any first-party cookies on your device.

Third-Party Hosting

Our website is hosted on Vercel, which may use technical cookies or collect server-level data (such as access logs and IP addresses) as part of its hosting infrastructure. For more information, refer to Vercel's privacy policy.

If we introduce cookies or analytics tools in the future, we will update this policy accordingly and, where required, obtain your consent before setting any non-essential cookies.

11. International Data Transfers

If we need to transfer data outside the EU, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Transfers to countries with adequacy decisions
  • Additional security measures where required

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will:

  • Update the "Last updated" date at the top of this page
  • Post a notice on our website
  • Notify affected users where required by law

13. Contact & Complaints

Contact Information

Website:

sorobu.io

Right to Lodge a Complaint

If you believe we have not handled your data properly, you have the right to lodge a complaint with your local data protection authority. Our supervisory authority is the CNIL (Commission Nationale de l'Informatique et des Libertés): cnil.fr

← Back to Home