Creativas is SOC 2 Type II compliant since December 2024. For more information, please visit our Trust Center

Overview

Secure development

We follow the best practices and frameworks to ensure the highest level of security in our software:

  • Regular security training for developers to learn about common vulnerabilities and threats
  • Code review for security vulnerabilities
  • Regular updates of the dependencies
  • Software Composition Analysis (SCA) to detect vulnerabilities in our codebase

Employee Access to Customer Data

The App’s team does not have access to user data. In cases where they have to access the user data in order to perform support services or respond to an incident, we will ask for your consent. Our employees connect to the infrastructure via secure communication channels with several levels of protection.

Working on a support issue, we only access the minimum data needed to resolve the issue.

Product Security

The App uses OAuth2, which relies on HTTPS to secure communication between the App, the monday.com product, and the user. Smart Courses doesn't work with or store any passwords or credentials, as users use the App only in conjunction with monday.com.

Please learn more about monday.com OAuth and Permissions.

Permissions

The maximum set of actions Smart Courses may perform is expressed in the scopes in the App OAuth2 configuration and is presented to the administrator during installation. This security level is enforced by monday.com and cannot be bypassed by app implementations.

Here is the list of all used scopes:

  • me:read - Read a user's profile information
  • boards:read - Read a user's board data
  • boards:write - Modify a user's board data
  • users:read - Read profile information of the account's users
  • account:read - Read general information about the account
  • notifications:write - Send notifications on behalf of the user
  • assets:read - Read data from assets the user has access to
  • tags:read - Read the account's tags
  • teams:read - Read information about the account's teams
  • webhooks:read - Read existing webhooks configuration

Learn more in the scopes documentation.

Network and Application Security

The App hosts its infrastructure and data in Heroku in Ireland.

Backups and Monitoring

Smart Courses uses automation to backup all data stores that contain customer data. All our backups are encrypted.

Encryption

All data sent to or from Smart Courses systems is encrypted in transit over public networks using TLS 1.2+ to protect it from unauthorized disclosure or modification. We use only AWS-managed network components and policies enforcing TLS with strong ciphers and key lengths where supported by the browser.

Incident Response

Smart Courses implements an Incident Response Policy for handling security events which includes escalation procedures, rapid mitigation, and post-mortem. All employees are informed of our policies.

Reporting An Issue

We appreciate your input and feedback on our security, as well as responsible disclosure.

In case you've identified a security concern, please create a request in our support system. We'll work with you to ensure we understand and address the issue promptly.