Privacy Policy

What OrbitKit collects, how it's used, and how it's protected — explained clearly, not in legalese.

Short version: We never store your monday.com board data. We only store your connection config and AES-256 encrypted OAuth token so we can fetch data on your behalf when your BI tool requests it. Your data is yours. We don't sell it, share it, or analyze it.

Overview

OrbitKit is built and operated by The Ideal Monday Development (the-ideal-monday-development), an independent monday.com app developer. This policy covers data practices for all OrbitKit apps and the orbitkit.dev website.

Data we collect

We collect only what is necessary to provide the service:

  • monday.com Account ID: Associates your connections with your account.
  • OAuth Access Token: Your monday.com OAuth token, AES-256-CBC encrypted before storage, used only to make API requests on your behalf.
  • Connection Configuration: Which workspace, boards, columns you configured, plus any filters. Stored so connections persist.
  • BI Access Tokens: SHA-256 hashed — the raw token is shown once and never stored.

What we deliberately never store

Never stored: Your monday.com board items · Column values · Any board data · User profiles · Files or attachments · Browser analytics or tracking data of any kind

Every BI data request passes through our server but is never written to a database. Live proxy — fetch, stream, done.

How we use data

  • Service delivery: Your connection config lets OrbitKit serve live data feeds when Power BI or Tableau requests them.
  • Authentication: Your encrypted token is decrypted only at the moment of making an API request to monday.com.
  • Support: Your email and message are used only to respond to your query.

Storage and security

Backend hosted on Railway.app. Database on MongoDB Atlas. Both SOC 2 compliant.

  • OAuth tokens: AES-256-CBC encrypted at rest
  • BI access tokens: SHA-256 hashed, raw token never stored
  • All API communications over HTTPS/TLS
  • No board data persisted at any point

monday.com data handling

OrbitKit uses monday.com's official OAuth 2.0 API. We request only: boards:read, workspaces:read, users:read, account:read, me:read. We never request write access.

Note: If you revoke OrbitKit's monday.com authorization, all connections stop immediately. We don't retain data after revocation. Revoke anytime from monday.com Settings → Apps → Manage Apps.

Third-party services

  • Railway.app — Backend hosting
  • MongoDB Atlas — Database hosting
  • monday.com API — Source of board data

We do not use advertising networks, analytics platforms, or marketing tools of any kind.

Your rights

Access, delete, correct, or export all data we hold: email support@orbitkit.dev. Response within 5 business days.

Cookies

OrbitKit (inside monday.com) uses no cookies. orbitkit.dev uses only essential technical cookies. No third-party tracking or advertising cookies anywhere.

Contact

support@orbitkit.dev
The Ideal Monday Development

Last updated: April 9, 2026. Significant changes will be communicated via the OrbitKit app.