OpenLM SAM – Privacy Policy

Introduction

OpenLM is committed to protecting the privacy and security of its users. This Privacy Policy explains how personal data is collected, used, stored, and protected when using the OpenLM SAM integration app available on the monday.com Marketplace.

Definitions

  • OpenLM
    Refers to OpenLM Software License Management platform, including its subsidiaries, products, and services.
  • Personal Data
    Any information that can identify an individual directly or indirectly, including (but not limited to) name, customer ID, company name, email address, and address.
  • You / User
    Refers to individuals using the OpenLM SAM integration or entities on whose behalf the integration is used.

Personal Data We Collect

OpenLM may collect the following categories of data:

1. OpenLM SAM Data

2. monday.com User Data

  • Basic user profile information provided by monday.com during authentication, such as:
    • user-id
    • email-address
    • account-id

How Personal Data Is Collected

Personal data is collected through the OpenLM SAM integration via:

  • Information provided during Authorization and configuration of the app.
  • Automated data collection during interaction with the integration to support functionality and improve service delivery
  • Secure communication with monday.com services and OpenLM’s internal processing infrastructure

How We Use Personal Data

Collected personal data is used strictly for the operation of the OpenLM SAM integration, including:

  • Creating and managing software asset management data within monday.com boards
  • Authenticating users and securing connection credentials
  • Maintaining, improving, and optimizing service performance and user experience

OpenLM does not use personal data for purposes beyond operating, maintaining, or improving the integration.

How Personal Data Is Stored

OpenLM applies industry-standard security practices for data storage:

  • AWS Secrets Manager
    Used to securely store sensitive credentials such as access tokens and secrets.
  • MongoDB
    Used to store configuration settings and non-sensitive operational data in a secured environment.

Use of Infrastructure Services

The OpenLM SAM integration uses the following infrastructure components:

  • OpenLM SAM Internal Services
    Retrieve catalog and inventory data via secure API calls.
  • MongoDB
    Stores configuration and operational data.
  • AWS Secrets Manager
    Protects and manages sensitive customer credentials, preventing unauthorized access.

Note: All personal data processed through these services adheres to strict security, confidentiality, and compliance standards.

Disclosure of Personal Data

OpenLM limits data disclosure to the following cases:

Service Improvement

  • Aggregated or anonymized data may be analyzed to improve functionality and develop new features.

Third-Party Disclosure

Personal data is not shared with third parties, except when:

  • Required by law or valid public authority requests
  • Explicit user consent is provided

Marketing

  • Personal data is never used for marketing purposes.

Note: OpenLM is not responsible for data disclosure resulting from user actions or third-party services interacting with monday.com.

Your Choices Regarding Data Collection

Use of the OpenLM SAM integration requires certain data processing to function correctly.
If you choose not to allow data processing, some features—or the entire integration—may be unavailable.

Changes to This Privacy Policy

This Privacy Policy is reviewed periodically. Updates will be published promptly.
If significant changes introduce new data processing practices, users will be notified and additional consent may be requested.

Your Data Protection Rights

You have the following rights regarding your personal data:

  • Right to Access – Request a copy of your personal data
  • Right to Rectification – Request correction of inaccurate or incomplete data
  • Right to Erasure – Request deletion of your personal data, subject to legal or operational requirements
  • Right to Object – Object to certain types of data processing
  • Right to Data Portability – Request transfer of your data to another organization
  • Right to Withdraw Consent – Withdraw consent at any time (may limit access to the integration)

Data Retention

To ensure platform stability, security auditing, and troubleshooting, technical logs are retained as follows:

  • Active Analysis: Logs are stored in Datadog for 15 days for real-time monitoring and bug diagnostics.
  • Archival: After 15 days, logs are moved to a secure AWS S3 bucket for long-term storage.

Final Deletion: All archived logs are automatically and permanently deleted after 365 days from AWS S3 bucket.

Contact Us

To ask questions or exercise your data protection rights, contact OpenLM through one of the following channels:

Response Time

OpenLM aims to respond to all privacy-related requests within 2 working days.