Legal overview
Home Privacy
Last Updated: May 11, 2026

monday.com & the CCPA

Last Updated: May 11, 2026

At monday.com, we are committed to designing our products and practices to support compliance with global data protection and privacy laws that apply to us and our Customers.

The California Consumer Privacy Act of 2018 (CCPA) grants California residents specific rights over their personal information. monday.com is committed to transparency and providing the tools necessary for our Customers to manage these rights.

This page provides information about the steps monday.com has taken to support compliance with the requirements of the CCPA.

Roles & responsibilities

The CCPA distinguishes between certain roles and responsibilities for companies involved in the processing of personal information (relevant roles at monday.com set out below):

  • Business: the entity that determines the purposes and means of processing personal information of California residents and that does business in California.
    monday.com’s Customers are generally considered the “Business” when using the platform (e.g., via boards, workdocs, or CRM items).
    monday.com acts as a “Business” when processing personal information of California residents for our independent purposes (e.g., with respect to billing and profile information, website and lead information), as further detailed in our Privacy Policy.
  • Service Provider: the entity that processes personal information on behalf of a Business for a specific business purpose pursuant to a written contract that restricts how the information can be used or disclosed. monday.com acts as a “Service Provider” when processing personal information included in Customer Data solely as necessary to provide our services to our Customers (the “Business”), and in accordance with our contractual obligations.

What steps has monday.com taken to support compliance with the requirements of the CCPA?

At monday.com, we regularly monitor and review our practices to support compliance with CCPA requirements, including:

  • Sale or Sharing: In our role as a Service Provider, monday.com does not “sell” or “share” the personal information of California consumers. We act strictly as a Service Provider regarding Customer Data, processing it only for the specific business purposes outlined in our written agreements. Where we act as a Business, monday.com offers California consumers the opportunity to opt out of the sale or sharing of their personal information (e.g. the use of advertising cookies via our website).
  • Global certifications: We undergo annual external audits for SOC 2 Type II security certification from the American Institute of Certified Public Accountants (AICPA), ISO 27001 ISMS (information security management system) and ISO 27018 (for protecting personal data in the cloud).
  • Transparency: We ensure transparency around the collection, use and disclosure of personal data through easily accessible notices, including via our Privacy Policy and Job Candidate Privacy Notice.
  • Legal and contractual controls: We have a robust Data Processing Addendum (DPA) and internal procedures to reflect the specific requirements of the CCPA (such as with respect to entity roles, the maximum response time and data subject verification process, and the commitments required of a Service Provider towards the Business under the CCPA).
  • Breach handling: We have robust procedures for handling suspected breaches concerning personal information, limiting use, disclosure and retention of personal information, and regularly conducting privacy training for all relevant members of our staff.
  • Consumer requests support: We have established procedures and technical capabilities to enable us, where we act as a “Business” under the CCPA, or to help our Customers, where we act as their “Service Provider”, respond to consumer requests to know, delete, and opt-out. We provide self-service tools that allow Customers and their users to correct inaccurate data and export information easily, supporting the right to correction.
  • Privacy support: We have internal as well as external dedicated privacy teams for monitoring and ensuring that personal information processed by monday.com is protected.

If you have any questions concerning monday.com’s privacy program, please feel free to contact our Data Protection Officer and privacy team at [email protected]

Empowering teams to accomplish more, together

14-day free trial | No credit card needed