Privacy Policy

Last updated: 2026-05-22

Changebell (“we”) provides a changelog publishing service for monday.com customers. This page describes what we collect, why, how we store it, and how to ask us to delete it.

What we store

• Account metadata: the monday.com account id, name, and slug — the minimum needed to scope your data and route webhook events.
• OAuth access tokens: stored encrypted at rest using AES-256-GCM. Tokens are only decrypted in-process when calling the monday.com API on your behalf.
• Changelog content: titles, descriptions, categories, and release metadata your team enters or approves.
• Subscriber emails: only if a customer signs up for digests on your public page. We honor one-click unsubscribe.
• Anonymized analytics: aggregate view and reaction counts. We do not place tracking cookies and never sell data.

What we don’t do

• We never sell, rent, or share your data with advertisers.
• We never train external models on your private monday data.
• We don’t store passwords — authentication is delegated to monday.com.

Third-party processors

• Supabase — managed Postgres database (data at rest is encrypted).
• Vercel — application hosting & TLS termination.
• OpenAI — optional, used only when AI rewriting is enabled. Item names and descriptions are sent for transformation only. OpenAI does not train on API content.
• Resend — email delivery for digests and transactional messages.

Security

All traffic is served over HTTPS with HSTS and TLS 1.2+. Tokens are encrypted with AES-256-GCM at rest. Logs are retained for 30 days and never contain access tokens or end-user PII.

Data deletion

When you uninstall Changebell from monday.com, we mark your account as deleted and hard-delete all related data within 10 days (in practice, within 7 days). You can also email support@devloggic.com to request immediate deletion.

Contact

Questions? support@devloggic.com