Monday.com

Monday.com

Monday.com is a work OS and project management platform. Websites embed Monday forms and widgets for task intake and project creation. Scripts handle form submissions and route data to Monday.com workspaces. Sets minimal cookies for embedded widget session state.

Back to Vendor Library

Overview

Monday.com is a cloud-based work operating system used by over 225,000 organizations for project management, team collaboration, and workflow automation. On third-party websites, Monday.com's presence is limited to embedded intake forms and widgets — functional tools that route structured submissions into Monday.com boards and workspaces, not advertising or tracking infrastructure.

What This Script Does

Monday.com widgets embed on host websites as iframes or via a JavaScript embed snippet, loading a form interface from Monday.com's servers.

Script Files and Domains

  • Monday.com form embeds load from forms.monday.com as iframes, or via a JavaScript snippet from dapulse.com (Monday.com's legacy domain retained for compatibility).
  • The embed JavaScript initializes the iframe with form configuration parameters and handles cross-frame communication for dynamic height adjustment.
  • Form submission API: api.monday.com/v2 — GraphQL API receiving form submissions.
  • Widget assets (CSS, images): assets.monday.com

Cookies Set

  • Within the monday.com iframe context:
    • monday_session_id — Session-scoped cookie identifying the current form session. Expires on browser close.
    • csrf_token — CSRF protection token for form submission validation. Session-scoped.
    • _ss_pp_id — Session replay / page performance cookie used by Monday.com's own analytics. Set within the iframe context and scoped to monday.com, not the host domain.
  • On the host website domain: No persistent tracking cookies are set by Monday.com's embed scripts.

Data Collected Per Form Submission

  • All user-entered form field values (these are the fields defined by the site operator — may include name, email, phone, project description, budget range, etc.)
  • File attachments (if file upload columns are configured in the board)
  • IP address (captured server-side on submission)
  • Submission timestamp
  • Referrer URL (captured client-side and passed as metadata)

Workflow Automations On submission, Monday.com can trigger automations: sending email notifications to board owners, creating sub-items, assigning owners, setting due dates, and triggering integrations with Slack, Jira, Salesforce, or Zapier. Each downstream integration is an additional data processor.

Monday.com CRM (if enabled) If the host organization uses Monday CRM, embedded lead forms may create contact records and trigger sales workflow automations. In this context, the functional intake form also feeds a CRM system with marketing implications.

Consent & Compliance

Consent category: Functional

  • GDPR/ePrivacy: Monday.com embedded forms serve a functional purpose — they collect structured user input at the user's explicit initiative (clicking a form and filling it out). Session cookies for CSRF protection and form state management are strictly necessary for the form to function correctly. Under ePrivacy, strictly necessary cookies serving a user-requested function are exempt from consent requirements. However, loading a third-party iframe from monday.com domain technically sets cookies on that domain, which some DPAs (particularly strict interpretations in Germany and France) may require disclosure for.
  • GDPR as data controller/processor: Monday.com acts as a data processor, processing form submission data on behalf of the site operator (the data controller). A Data Processing Agreement is provided by Monday.com and required under GDPR Article 28.
  • CCPA/CPRA: Form submission data is personal information provided directly by the user. It does not constitute a sale. Downstream integrations (Salesforce, Marketo) should be disclosed in the privacy policy.
  • EU-US Data Privacy Framework: Monday.com is an Israeli company with US operations. Its US entity participates in the DPF. EU data is primarily processed in the EU (Monday.com operates EU data centers). SCCs are available.

Should You Block This Without Consent?

No. Monday.com's embedded intake forms are functional tools that process user-initiated form submissions. They do not perform behavioral profiling, cross-site tracking, or advertising attribution. The session cookies serve CSRF protection and form continuity — purposes that are strictly necessary for the form to function. Disclosure in the site's cookie policy and privacy policy is recommended, but prior consent for loading is not required.

Visit website

Consent Categories

Functional

Also Known As

monday.commondaymonday formswork OSproject management widget

Industries

Computers Electronics and TechnologyProgramming and Developer Software

Tracked Domains (1)

assets.monday.comFunctional

Frequently Asked Questions

Is consent required for Monday.com on my website?

No. Monday.com embedded intake forms serve a functional purpose. Session cookies for CSRF protection and form state are set within the monday.com iframe context and are strictly necessary for the form to function correctly.

What cookies does Monday.com set?

Within its iframe, Monday.com sets monday_session_id (session-scoped), a csrf_token for submission security, and _ss_pp_id for its own internal analytics — all scoped to the monday.com domain, not the host website.

How does ConsentStack handle Monday.com?

ConsentStack classifies Monday.com forms as functional and allows them to load without prior visitor consent. The iframe-based embed has no host-domain tracking footprint, so ConsentStack does not block Monday.com intake forms.

Related Vendors

Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Maps
Google Maps
Google Maps is the dominant web mapping service used for embedded maps and location features on websites. Scripts load interactive map tiles, geocoding, and Places API functionality through the Maps JavaScript API. May set cookies to remember map preferences and manage API quota.
Google Search
Google Search
Google Search appears on websites through the Programmable Search Engine, enabling custom site-specific search functionality. Scripts load the search widget from Google's servers to render search bars and display results within the host website. Sends search queries to Google's index and may set cookies for search personalization and query history.
Microsoft Teams
Microsoft Teams
Microsoft Teams is a workplace communication and collaboration platform that can be embedded on websites for chat, meetings, and document sharing. Embedded widgets load from Microsoft's servers to enable real-time messaging, video calls, and file collaboration. Sets authentication and session cookies to verify participant identity and maintain connection state.
Apple Business Chat
Apple Business Chat
Apple Business Chat enables direct customer messaging between websites and Apple's Messages app. Scripts load chat buttons and conversation interfaces that connect visitors to business support agents through iMessage. Sets minimal session cookies to maintain conversation context but does not track browsing behavior or collect analytics data.
Apple Maps JS
Apple Maps JS
Apple Maps JS is Apple's JavaScript mapping framework for embedding interactive maps on websites. Scripts load map tiles, location pins, and routing data from Apple's MapKit servers to render navigable maps within web pages. Requires a MapKit JS token for authentication but does not set tracking cookies or collect behavioral analytics data.

Manage consent for Monday.com

ConsentStack automatically detects and manages Monday.com trackers so your site stays compliant with global privacy regulations.

Get started