Last updated: March 1, 2026

1. IntroductionThis Privacy Policy describes how Bartosz Salwiczek Software ("we," "us," or "our"), operating under the trade name Workflow Boost, collects, uses, discloses, and protects your personal information when you use our applications available through the monday.com marketplace. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR).

2. Data Controller The data controller responsible for your personal information is:

Bartosz Salwiczek Software (trading as Workflow Boost)
Poland
Email: contact@workflow-boost.com

3. Information We Collect When you use our applications, we may collect the following categories of personal information:

Account Information: Name, email address, and monday.com user ID, as provided through the monday.com platform.

Usage Data: Information about how you interact with our applications, including features used, actions taken, and timestamps.

Technical Data: IP address, browser type and version, device information, operating system, and other technical identifiers collected automatically when you access our services.

Communication Data: Information you provide when contacting us for support or inquiries.

4. Legal Basis for Processing (GDPR) Under the GDPR, we process your personal information based on the following legal grounds:

Contract Performance: Processing necessary to provide our applications and services to you (Article 6(1)(b) GDPR).

Legitimate Interests: Processing necessary for our legitimate interests, such as improving our services, ensuring security, and preventing fraud, provided these interests do not override your fundamental rights (Article 6(1)(f) GDPR).

Legal Obligation: Processing necessary to comply with legal requirements (Article 6(1)(c) GDPR).

Consent: Where required, we will obtain your consent before processing certain data, such as for marketing communications (Article 6(1)(a) GDPR).

5. How We Use Your Information We use the information we collect for the following purposes:

- Providing, operating, and maintaining our applications
- Improving and personalizing user experience
- Responding to your inquiries and providing customer support
- Sending service-related communications and updates
- Analyzing usage patterns to improve our services
- Detecting, preventing, and addressing technical issues and security threats
- Complying with legal obligations

6. Data Sharing and Disclosure We do not sell your personal information. We may share your information in the following circumstances:

Service Providers: The third-party services used vary by application:

Column to Column and Subitems Pro Automations: These applications run entirely on monday.com infrastructure and do not share data with external services. All data processing occurs within monday.com.

Advanced Time Triggers: Uses Cloudflare for hosting, content delivery, and security services, and Google Analytics for usage analytics.

QR Flow: Uses Cloudflare for hosting, content delivery, and security services.

Column Changes Guard: Runs on monday.com infrastructure and uses PostHog for product analytics to improve user experience.

Legal Requirements: We may disclose your information if required by law, legal process, or government request.

Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

7. International Data TransfersFor applications that use external services (Advanced Time Triggers, QR Flow, and Column Changes Guard), your personal information may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where some of our service providers are located. Column to Column and Subitems Pro Automations process data exclusively within monday.com's infrastructure. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions by the European Commission
- Other legally recognized transfer mechanisms

8. Cookies and Tracking Technologies The use of cookies and tracking technologies varies by application:

Column to Column and Subitems Pro Automations: These applications do not use cookies or external tracking technologies.

Advanced Time Triggers: Uses Google Analytics cookies to understand usage patterns and improve the service.

QR Flow: May use essential cookies through Cloudflare for security purposes.

Column Changes Guard: Uses PostHog for product analytics to understand feature usage and improve user experience.

You can control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our services.

9. Data Retention We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including:

- Account data: Retained while you have an active account and for up to 12 months after account deletion or inactivity
- Usage data: Retained for up to 24 months for analytics purposes
- Communication records: Retained for up to 36 months for customer support purposes

We may retain certain information longer if required by law or for legitimate business purposes.

10. Data Security We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security assessments. However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

11. Your Rights Under GDPR If you are located in the European Economic Area, you have the following rights regarding your personal information:

Right of Access: You can request a copy of the personal information we hold about you.

Right to Rectification: You can request correction of inaccurate or incomplete personal information.

Right to Erasure: You can request deletion of your personal information in certain circumstances.

Right to Restriction: You can request that we restrict processing of your personal information.

Right to Data Portability: You can request to receive your personal information in a structured, commonly used, machine-readable format.

Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent: Where processing is based on consent, you can withdraw consent at any time.

To exercise any of these rights, please contact us at contact@workflow-boost.com. We will respond to your request within 30 days.

12. Right to Lodge a Complaint If you believe that we have violated your data protection rights, you have the right to lodge a complaint with a supervisory authority. In Poland, the supervisory authority is the President of the Personal Data Protection Office (Prezes Urzedu Ochrony Danych Osobowych - UODO). You may also lodge a complaint with the supervisory authority in your country of residence or place of work.

13. Children's Privacy Our applications are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly. If you believe we have collected information from a child under 16, please contact us immediately.

14. Third-Party Services Our applications integrate with monday.com and may use third-party services as described in Section 6. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access.

For more information about our service providers' privacy practices:
- monday.com Privacy Policy (all applications)
- Cloudflare Privacy Policy (Advanced Time Triggers, QR Flow)
- Google Privacy Policy (Advanced Time Triggers)
- PostHog Privacy Policy (Column Changes Guard)

15. Data Breach Notification In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

16. Changes to This Privacy PolicyWe may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated Privacy Policy on this page with a revised "Last updated" date. For material changes, we will provide additional notice, such as through our applications or via email. Your continued use of our applications after any changes constitutes your acceptance of the updated Privacy Policy.

17. Contact Us If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Bartosz Salwiczek Software (trading as Workflow Boost)
Email: contact@workflow-boost.com

We will respond to your inquiry as soon as reasonably practicable.