Legal overview
Home Privacy
Last Updated: May 11, 2026

monday.com & Israel’s PPL

Last Updated: May 11, 2026

Israel’s Protection of Privacy Law, 5741–1981 (the “PPL”), together with the Protection of Privacy Regulations (Data Security), 5777–2017 (the “Data Security Regulations”), governs the processing of personal data in Israel. monday.com ensures its operations are designed to support compliance with the PPL and applicable guidance issued by the Israeli Privacy Protection Authority (PPA).

Roles and Responsibilities

The PPL distinguishes between entities based on their control over personal data:

  • Database Controller: monday.com’s Customers are generally considered the Database Controller of personal data submitted to the platform (e.g., via boards, workdocs, or CRM items), as they determine the purposes for which personal data is processed.
    monday.com acts as the Database Controller in some contexts, for example, over Customer account and billing information, and website visitor and lead information, as further described in our Privacy Policy.
  • Holder (Processor): monday.com acts as a “Holder” (processor) when processing personal data on behalf of its Customers in connection with the provision of the Services, and processes such data strictly in accordance with Customer instructions.

What steps has monday.com taken to support compliance with the requirements of the PPL?

We regularly monitor and review our practices to support compliance with the PPL and Data Security Regulations, including:

  • Data processing on behalf of Customers: monday.com processes Customer Data solely in accordance with documented instructions from its Customers and does not use such data for its own independent purposes without the Customer’s permission.
  • Data Security: We implement rigorous systemic, physical, and technological security measures designed to comply with the stringent requirements of the Israeli Data Security Regulations. These measures are supported by internationally recognized certifications such as ISO 27001, ISO 27017, ISO 27018, ISO 27701, and SOC 2 Type II.
  • Sub-processors: Where monday.com engages third parties to process personal data on its behalf, we ensure that such subprocessors are subject to contractual obligations that provide a level of protection consistent with the PPL and applicable regulations.
  • International transfers: Israel is recognized by the European Commission as providing an adequate level of data protection. Where personal data is transferred outside of Israel, we implement appropriate safeguards, including contractual protections, to ensure that such data remains protected in accordance with applicable law.
  • Security incidents: We maintain procedures to detect, investigate and respond to security incidents involving personal data. In compliance with Israeli law, we have protocols to notify the Israeli Privacy Protection Authority (PPA) and affected data subjects of severe security incidents within the regulatory timeframe, where relevant.
  • Transparency: We provide clear and accessible information regarding our data practices through our Privacy Policy and other relevant notices.
  • Data subject rights: We provide tools and functionality designed to support our Customers in responding to requests from individuals to access, correct or delete their personal data, in accordance with applicable law.
  • Legal and contractual controls: We maintain a robust Data Processing Addendum (DPA) and internal procedures to ensure that personal data processed on behalf of Customers is protected in accordance with applicable legal requirements, including those under the PPL.

If you have any questions concerning monday.com’s privacy program, please feel free to contact our Data Protection Officer and privacy team at [email protected].

Empowering teams to accomplish more, together

14-day free trial | No credit card needed