This Privacy Policy describes how IMIRT Delivery Intelligence ("the App"), developed by IMIRT ("we", "us", "our") and hosted on the WhatIfWe.ai platform, handles data when installed on your monday.com account. We are committed to protecting your privacy and being transparent about our data practices.
2. Data We Access
When you install and use the App, we access the following data from your monday.com account via the monday.com SDK and API:
Board items: Item names, group assignments, and column values on boards where the App is installed
Status columns: Current status values for workflow tracking and zone mapping
Activity logs: Status change history for throughput calculation and forecasting
Board structure: Groups, columns, and board metadata for configuration
We access only the boards where the App has been explicitly added as a board view. We do not access boards, workspaces, or data outside of the installed scope.
3. How We Use Your Data
Your data is used exclusively to provide the App's features:
Forecasting: Historical status changes are counted to calculate throughput rates. Monte Carlo simulation uses these aggregate counts to produce probabilistic forecasts.
Product Pitch: Item status values determine zone placement on the pitch visualisation.
Risk Buckets: Items are classified by delivery confidence based on time-in-state analysis.
Shot Clock: Current time in state is compared to historical averages.
Expected Delivery (xD): Actual throughput is compared to statistical expectations.
4. Data Storage
We do not store your data. The App operates on a stateless architecture:
All data processing occurs in-memory during your active session
No board items, item titles, user names, or personally identifiable information is written to any WhatIfWe.ai server or database
When you close or navigate away from the App, all session data is discarded
The forecasting API receives only aggregate throughput counts (e.g., "12 items completed in the last 30 days") — never individual item details
User preferences (theme selection, zone configuration) are stored locally in your monday.com account settings via the monday.com Storage API.
5. Data Sharing
We do not sell, rent, or share your data with any third parties for marketing or advertising purposes.
The following external services receive limited data from the App:
WhatIfWe.ai forecasting API — receives aggregate numerical counts only (e.g., "12 items completed in the last 30 days"). No item names, descriptions, user names, or other identifiable content is sent.
PostHog (analytics) — receives anonymised usage events (e.g., tab views, feature usage counts) with monday.com account and user IDs. No board item data or personally identifiable information beyond account/user IDs is sent. PostHog can be disabled via server environment variable.
Sentry (error monitoring) — receives error reports and stack traces when the App encounters unexpected failures. Authorization headers are stripped before transmission. Sentry can be disabled via server environment variable.
6. Data Security
All communication between the App and monday.com uses HTTPS/TLS encryption
All communication between the App frontend and our forecasting API uses HTTPS/TLS encryption
Authentication is handled entirely by monday.com's OAuth and session token system
We do not receive, store, or process monday.com user credentials
7. Your Rights (GDPR / CCPA)
Because we do not store personal data, most data subject rights are automatically satisfied:
Right to Access: No personal data is stored on our systems to access
Right to Deletion: No personal data is stored on our systems to delete. Uninstalling the App immediately removes all access
Right to Portability: The App reads from and writes to your monday.com board — your data remains in monday.com at all times
Right to Opt-Out of Sale: We do not sell personal data
Right to Rectification: All data lives in your monday.com account where you can modify it directly
If you are located in the European Economic Area (EEA), United Kingdom, or California, you may exercise these rights by contacting us at the address below.
8. Cookies and Tracking
Infrastructure Cookies
The App uses two cookies that are set automatically by Microsoft Azure's hosting infrastructure:
Cookie
Purpose
Set by
Contains user data?
ARRAffinity
Routes your session to the same server instance for reliability
Microsoft Azure
No — contains only a server instance identifier
ARRAffinitySameSite
Same purpose as ARRAffinity, with SameSite attribute for modern browsers
Microsoft Azure
No — contains only a server instance identifier
These cookies are strictly necessary for the App to function and are classified as exempt from consent requirements under ePrivacy Directive Article 5(3). They are managed entirely by Azure's infrastructure — the App does not create, read, or modify them, and they cannot be disabled without breaking the application.
The App does not use any tracking cookies, advertising cookies, or third-party cookies. No tracking pixels, fingerprinting, or browser-side analytics libraries are loaded.
Server-Side Analytics
The App uses server-side analytics (PostHog) and server-side error monitoring (Sentry) to improve reliability and understand feature usage. These services receive anonymised events from the backend only — they do not execute in the user's browser and do not set any cookies. Both can be disabled via server environment variables (`POSTHOG_API_KEY` and `SENTRY_DSN`).
9. Children's Privacy
The App is a business tool intended for professional use. We do not knowingly collect data from children under 16 years of age.
10. Data Retention
Since we do not store your data, there is no retention period. Session data exists only in memory during active use and is discarded when the session ends.
11. Uninstallation
When you uninstall the App from your monday.com account:
All App access to your boards is immediately revoked by monday.com
No residual data remains on our systems (stateless architecture)
Local settings stored via monday.com Storage API are removed by monday.com
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the monday.com marketplace listing. The "Last Updated" date at the top reflects the most recent revision.