Legal overview
Home Privacy
Last Updated: May 11, 2026

monday.com & Brazil’s LGPD

Last Updated: May 11, 2026

The Brazilian General Personal Data Protection Law (LGPD) establishes a framework for processing personal data in Brazil. 

monday.com has developed a robust privacy program that supports compliance with the requirements of global privacy laws, including LGPD requirements.

Roles and Responsibilities

The LGPD defines two central roles for the processing of personal data: the “Data Controller” and “Data Processor” (or “Operator”).

  • Data Controller: the entity that determines the purposes and means for the processing of personal data.
    monday.com’s Customers are generally the Controllers of personal data submitted onto the platform (e.g., via boards, workdocs, or CRM items).
    monday.com acts as a Controller in some contexts, for example, over Customer account and billing information, and website visitor and lead information, as further described in our Privacy Policy.
  • Data Processor/Operator: the entity that processes personal data on behalf of the Controller. Under the LGPD, monday.com serves as the Processor (or Operator) over personal data submitted onto the platform (e.g., via boards, workdocs, or CRM items), when handling data according to the instructions of the ‘Controller’ (the Customer). Where monday.com engages third parties to process such data on its behalf, these third parties are considered monday.com’s subprocessors.

For a more detailed breakdown of these roles and our obligations, please refer to our Terms of ServicePrivacy Policy and Data Processing Addendum.

What steps has monday.com taken to support compliance with the requirements of the LGPD?

At monday.com, we regularly monitor and review our practices to support compliance with the LGPD, including:

  • Data Subject Rights: We enable Customers to respond to data subject requests to exercise privacy rights, and have a process in place to respond to data subject requests where we are the controller.
  • International transfers: We ensure that personal information remains protected when transferred overseas, including by ensuring that we transfer personal data to receiving entities in countries that benefit from adequacy decisions, or are otherwise bound by contractual undertakings to comply with the LGPD and to keep personal information safe.
  • Security & breach reporting: We adopt security measures aligned with ISO 27001 standards. We maintain procedures to report security incidents causing relevant risk to the National Data Protection Authority (ANPD) and data subjects within the regulatory timeframe, per ANPD regulations.
  • Transparency: We ensure transparency around the collection, use and disclosure of personal data through easily accessible notices , including via our Privacy Policy and Job Candidate Privacy Notice.
  • Legal and contractual controls: We have a robust Data Processing Addendum (DPA) for Customers in place to ensure the protection of personal data. Such DPAs allow us to perform our role as a data Processor for our Customers, and similar DPAs allow the same when we engage with our data processing vendors.
  • DPO: We have appointed a Data Protection Officer to monitor compliance with ANPD regulations.

If you have any questions concerning monday.com’s privacy program, please feel free to contact our Data Protection Officer at [email protected]

Empowering teams to accomplish more, together

14-day free trial | No credit card needed