Tivio IT
Home

Privacy Policy

Last updated: March 2026

1. Who we are

Tivio IT ("we", "us") is operated by Timi Vovk s.p., located in Slovenia. When processing data from your monday.com account through our apps, your organization is the data controller and we act as a data processor on your behalf.

2. Scope

This Privacy Policy applies to your use of our software, including our monday.com marketplace apps such as "Subitem Rollup Pro".

3. Data we access via monday.com

To provide our services, we access certain data from your monday.com account via the monday.com API:

  • Board Data: Item and subitem values for the columns you configure for rollups. This data is processed transiently during rollup computation — it is fetched, aggregated, and discarded. We do not store your board content.
  • Identifiers: Account IDs, Board IDs, Item IDs, and Column IDs to locate and update data.
  • User Information: We store monday.com user IDs and account IDs to manage authentication and route webhook events. We do not store email addresses unless you provide them to us for support.
  • OAuth Tokens: We store OAuth access tokens in monday.com's encrypted SecureStorage to authenticate API calls on your behalf.

4. How we use the data

We use this data for the following purposes:

  • Functionality: To perform the core task of the app (e.g., calculating a sum of subitem values and writing it to a parent item).
  • Operations: To ensure the security and reliability of our service (e.g., error logging).
  • Support: To assist you if you contact us with a problem.

5. Legal bases (GDPR)

We process your data based on:

  • Performance of a Contract: To provide the app functionality you installed.
  • Legitimate Interests: To maintain the security and integrity of our services.

6. Data sharing and third-party services

We do not sell your data. Our monday.com apps run entirely on monday.com's infrastructure (monday code) and use only monday.com's built-in storage (monday Storage). The app does not send any data outside of monday.com and does not use any external third-party services, domains, or APIs.

The following third-party services are used on our website (tivioit.com) only — not within the monday.com app itself:

  • Cloudflare: CDN and security (may process IP addresses and request metadata).
  • Google Analytics (GA4): Website usage analytics (uses cookies; data is sent to Google). This does not apply to the monday.com app.

We may share data if required by law.

7. Data storage and retention

Our apps are designed to process board data transiently. We use monday.com's built-in app storage (BaseStorage and SecureStorage) for operational configuration — we do not maintain a separate external database.

Rollup configurations and subscription records persist in monday.com's app storage until the corresponding automation is deleted or the app is uninstalled.

Data deletion on uninstall: When the app is de-authorized, deactivated, uninstalled, or otherwise terminated, we permanently delete all end-user data and metadata stored in monday.com's app storage within 10 days. This includes OAuth tokens, rollup configurations, subscription records, and any account-level identifiers.

We may retain technical logs (which do not contain your board content or personally identifiable information) for a limited period (e.g., 30 days) for troubleshooting purposes.

8. Cookies

Our monday.com apps do not use cookies. Our marketing website (tivioit.com) uses cookies for analytics purposes (Google Analytics). You can manage cookie preferences through your browser settings.

9. Communication

We do not use your data to contact you for marketing or promotional purposes. We will only contact you if you reach out to us for support, or if we need to notify you of critical service-related changes (e.g., security incidents, breaking changes to app functionality, or updates to these policies).

10. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (HTTPS), encryption at rest for OAuth tokens (via monday.com's SecureStorage), and strict access controls to our infrastructure. In the event of a data breach affecting your data, we will notify affected users and monday.com without undue delay.

11. International transfers

Our app runs on monday.com's infrastructure (monday code). Data location and any international transfers are governed by monday.com's own data processing practices. We do not independently transfer your data outside the European Economic Area (EEA).

12. Your rights

Under the GDPR, you have the right to access, rectify, erase, restrict processing, object to processing, and data portability. You also have the right to lodge a complaint with a supervisory authority.

To exercise any of these rights, contact us at support@tivioit.com. You can also delete all app-related data by uninstalling the app from your monday.com account.

13. Children

Our services are intended for business users and are not directed at children under the age of 16.

14. Changes to this Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page.

15. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at:
Email: support@tivioit.com
Address: Timi Vovk s.p., Slovenia