Tivio IT
Home

Privacy Policy

Last updated: December 2025

1. Who we are

Tivio IT ("we", "us") is the data controller for the information processed by our apps. We are operated by Timi Vovk s.p., located in Slovenia.

2. Scope

This Privacy Policy applies to your use of our software, including our monday.com marketplace apps such as "Subitem rollups & summaries".

3. Data we access via monday.com

To provide our services, we access certain data from your monday.com account via the monday.com API:

  • Board Data: Item and subitem values, specifically the columns you configure for rollups.
  • Identifiers: Account IDs, Board IDs, Item IDs, and Column IDs to locate and update data.
  • User Information: We may process User IDs for audit logs or to identify who triggered an action. We do not store email addresses unless you provide them to us for support.

4. How we use the data

We use this data for the following purposes:

  • Functionality: To perform the core task of the app (e.g., calculating a sum of subitem values and writing it to a parent item).
  • Operations: To ensure the security and reliability of our service (e.g., error logging).
  • Support: To assist you if you contact us with a problem.

5. Legal bases (GDPR)

We process your data based on:

  • Performance of a Contract: To provide the app functionality you installed.
  • Legitimate Interests: To maintain the security and integrity of our services.

6. Data sharing

We do not sell your data. We do not share your data with third parties, except as necessary to provide the service (e.g., cloud hosting providers) or if required by law.

7. Data storage and retention

Our apps are designed to process data transiently. We do not store your board content permanently on our servers. We may retain technical logs (which do not contain your board content) for a limited period (e.g., 30 days) for troubleshooting.

8. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (HTTPS) and strict access controls to our infrastructure.

9. International transfers

If we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs).

10. Your rights

Under the GDPR, you have the right to access, rectify, erase, restrict processing, object to processing, and data portability. You also have the right to lodge a complaint with a supervisory authority.

11. Children

Our services are intended for business users and are not directed at children under the age of 16.

12. Changes to this Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page.

13. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at:
Email: support@tivioit.com
Address: Timi Vovk s.p., Slovenia