Trust Centre
David Simpson Apps is a software company based in Nottingham, England.
As a monday.com silver marketplace partner, we develop monday.com applications that are trusted by 1000s of organisations worldwide.
Overview
We're David Simpson Apps, a monday.com Silver Marketplace Partner from Nottingham, England.
Since 2022, we've developed monday.com apps trusted by 1,000s of organisations worldwide. With more than 40,000 active installs on the monday.com marketplace, we build solutions that enable teams to take their knowledge in monday.com and share it with the world.
We know that sharing knowledge starts with trust. That's why your data's security and privacy are a top priority for us. In this Trust Centre, you'll find a transparent overview of the practices and processes we follow to keep your information secure.
To learn more about who we are and what we do, browse dsapps.dev. If you're missing information or have further questions, please feel free to reach out to us – we're happy to help.
Security practices
We follow industry best practices to keep your data secure across every layer of our applications.
Data encryption
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256. We never store sensitive credentials in plain text.
Secure development
Our development process follows OWASP guidelines. We conduct regular code reviews and use automated security scanning on all pull requests.
Access control
Access to production systems is restricted to authorised personnel using the principle of least privilege. All access is logged and reviewed.
Monitoring & alerting
We monitor application performance and security events 24/7. Anomalies trigger automated alerts for immediate investigation.
Responsible disclosure
We welcome security researchers. If you find a vulnerability, please report it to security@dsapps.dev and we'll respond within 48 hours.
Dependency management
We keep third-party dependencies up to date and use automated tooling to flag known vulnerabilities in our software supply chain.
Hosted on monday.com infrastructure
Our monday.com apps are built and hosted on the monday apps framework – the same enterprise-grade infrastructure that powers monday.com itself, trusted by over 245,000 customers worldwide.
This means your data benefits from monday.com's industry-leading security posture, including SOC 2 Type II certification, ISO 27001 accreditation, GDPR & HIPAA compliance.
Google Cloud backed infrastructure
monday.com apps run on Google Cloud, providing enterprise-grade availability and redundancy across multiple regions.
SOC 2 & ISO 27001 platform
The underlying monday apps platform is SOC 2 Type II certified and ISO 27001 accredited – you benefit from that posture automatically.
GDPR, HIPAA & global compliance
monday.com's platform is GDPR & HIPAA compliant and supports data residency requirements for EU customers.
Compliance status
We believe in being transparent about where we are on our compliance journey.
Honest transparency: David Simpson Apps does not currently hold standalone security certifications such as SOC 2, ISO 27001, or similar accreditations. However, because our apps run entirely within the monday apps framework, they inherit the security controls and compliance posture of monday.com's certified infrastructure. We are evaluating formal certifications as our business grows.
SOC 2 Type II
Under evaluation
ISO 27001
Under evaluation
GDPR
Compliant (via monday.com platform)
monday.com Marketplace
Listed & reviewed partner
Privacy & data handling
We collect only what we need to provide our services. We do not sell your data or use it for advertising purposes.
Our apps operate within monday.com's permission model – your data stays within your monday.com account and is only accessed with the OAuth scopes you explicitly grant.
For full details on how we handle personal data, please read our Privacy Policy.
Data minimisation
We only request the monday.com OAuth scopes required for each app to function. We do not request broad access.
No data selling
We never sell, rent, or share your personal data with third parties for their marketing purposes.
Right to erasure
You can request deletion of any data we hold about you by contacting privacy@dsapps.dev.
Subprocessors
Our primary subprocessors is monday.com (hosting & data storage). A full list is available on the Subprocessors page.
Get in touch
Have a security concern, a question about our practices, or a vendor security questionnaire to complete? We're here to help.