Privacy Policy
Your trust matters to us. Discord Pro Integration (the "App") is a two-way integration between monday.com and Discord, provided by PluginPro ("we", "us", "our"). We have written this Privacy Policy to explain, in plain language, what personal data the App processes, why we process it, the legal bases we rely on, who we share it with, how long we keep it, how we protect it, and the rights and choices you have. We are committed to handling your data responsibly, collecting only what we genuinely need to run the service, and never selling it.
- Scope & who this applies to
- Our privacy commitment & principles
- Our role (controller & processor)
- Information we process
- Why we process it & legal bases
- How we share it & sub-processors
- International data transfers
- How long we keep it
- How we protect it
- Your rights & choices
- EEA & UK disclosures (GDPR)
- California disclosures (CCPA/CPRA)
- Automated decisions & "Do Not Track"
- Children
- Cookies & technical storage
- Changes to this policy
- How to contact us
1. Scope & who this applies to
The App is a business-to-business tool installed by an administrator of a monday.com account. It processes data belonging to that account and the Discord server it is connected to. This policy covers data processed by the App itself; it does not cover monday.com's or Discord's own processing of your data, which is governed by their respective privacy policies. We encourage you to review those policies as well.
2. Our privacy commitment & principles
We aim to earn and keep your confidence by following a few clear principles:
- Data minimisation — we process only the data needed to deliver the features you switch on.
- Purpose limitation — we use your data to run the App and support you, not for advertising, and we never sell it.
- Security by design — we encrypt credentials, isolate each installation's data, and follow least-privilege access.
- Transparency & control — you can see and change your configuration at any time, and remove your data by uninstalling.
3. Our role (controller & processor)
For most data flowing through the App — the content of your monday boards and items, and the Discord messages and identifiers connected to them — the monday.com account customer is the data controller and PluginPro acts as a data processor, processing that data on the customer's documented instructions (i.e. the configuration set in the App). For a limited set of data whose purposes we determine — such as the administrator contact details we use to provide support and operate billing-related communications — we act as a controller. Where we act as a processor, requests from individuals are generally directed to, and handled by, the controller (the customer), and we will reasonably assist.
4. Information we process
| Category | Examples | Source |
|---|---|---|
| monday.com account & identity | Account id, name and slug; monday user ids, names and email addresses used to attribute actions | monday.com API / OAuth |
| monday.com board content | Boards, groups and columns you connect; item names, statuses, assignees, dates, and updates/comments on those boards | monday.com API, on your instruction |
| Discord identifiers | Server (guild) id, channel ids, message and thread ids; the Discord user ids and usernames of members who use the App or run /connect | Discord API / interactions |
| Synced message content | The text of messages posted in threads you have enabled for two-way sync — used solely to mirror those replies to the linked monday item | Discord (connected threads only) |
| Authentication credentials | OAuth access tokens for monday.com (the installing administrator, and each member who runs /connect) | monday.com OAuth, encrypted at rest |
| Configuration & operational data | Your settings, notification rules, scheduled digests, deadline reminders, the mapping between monday items and the Discord messages/threads we post, and your current subscription plan | Created by you in the App / monday billing events |
| Technical logs | Diagnostic and error logs needed to operate and secure the service | Generated by the App |
We do not intentionally collect special categories of personal data (such as health, biometric or political data), and we ask that you do not use the App to transmit such data through it.
5. Why we process it & legal bases
- To provide the App's features you configure — intake, notifications, digests, deadline reminders, two-way sync and slash commands. Legal basis: performance of a contract; and, where we act as processor, the controller's instructions.
- To authenticate and attribute actions to the correct monday user. Legal basis: performance of a contract / legitimate interests.
- To operate, secure, troubleshoot and improve the service, including maintaining logs and preventing abuse. Legal basis: legitimate interests.
- To manage subscriptions and provide support, including responding to your requests. Legal basis: performance of a contract / legitimate interests.
- To comply with legal obligations where applicable. Legal basis: legal obligation.
Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms. We do not use your data for advertising, and we do not sell or "share" it for cross-context behavioural advertising as those terms are defined under applicable law.
6. How we share it & sub-processors
We share data only with the platforms and providers needed to run the App, each under contractual confidentiality and data-protection obligations:
| Recipient | Purpose |
|---|---|
| monday.com | The platform the App runs on and reads from / writes to on your instruction; our hosting (monday Code); and, for paid plans, our payment processor and merchant of record |
| Discord | The messaging platform the App posts to and reads connected threads from |
| Google Cloud Platform | Underlying cloud infrastructure for monday Code / Secure Storage |
We may also disclose data where reasonably necessary to comply with law or legal process, to enforce our terms, or to protect the rights, safety and security of our users, the public or the service. If we are ever involved in a merger, acquisition, financing or sale of assets, data may be transferred as part of that transaction, subject to this policy and applicable law.
7. International data transfers
The App is hosted on monday Code, with infrastructure located in the United States. If you are located outside the United States, the configuration, identifiers and tokens described above are processed in the US. Where required for transfers of personal data out of the EEA, UK or Switzerland, we and our providers rely on appropriate safeguards — such as the European Commission's Standard Contractual Clauses and the UK Addendum — to protect your data to a standard consistent with your home jurisdiction.
8. How long we keep it
We keep data only for as long as we genuinely need it. Configuration, tokens and item/message mappings are retained while the App is installed and needed to provide the service. When the App is uninstalled from a monday account, its per-account data — settings, notification rules, digests, deadline reminders, item/message links, the subscription record and stored OAuth tokens — is deleted. Individual members can be disconnected at any time by revoking the App's access in their monday account. Technical logs are kept only as long as needed for operational and security purposes and are then deleted or aggregated. We may retain limited information for longer where required to comply with legal obligations or to resolve disputes.
9. How we protect it
We take the security of your data seriously and apply safeguards designed to protect it against unauthorised access, alteration, disclosure or loss:
- OAuth access tokens are encrypted at rest using AES-256-GCM before storage.
- Data is stored using monday.com's Secure Storage and is logically isolated per installation.
- Access is limited to the running application, and we follow the principle of least privilege for the OAuth scopes the App requests.
- Communication with monday.com and Discord uses encrypted (HTTPS/TLS) connections, and inbound webhooks are cryptographically verified.
If we ever become aware of a personal-data breach affecting your information, we will act promptly to investigate and address it, and will notify affected parties and authorities where and as required by applicable law. No method of transmission or storage is completely secure, so while we work hard to protect your data, we cannot guarantee absolute security.
10. Your rights & choices
Depending on where you live, you may have rights to access, correct, delete, or obtain a portable copy of your personal data, to restrict or object to certain processing, and to withdraw consent where processing is based on consent. Because we often act as a processor on behalf of the monday.com account customer, we will, where appropriate, refer your request to that customer (the controller) or assist them in responding. You can exercise applicable rights, or ask us to route a request, by contacting us (see below). We will not discriminate against you for exercising your rights.
11. EEA & UK disclosures (GDPR)
If you are in the European Economic Area, the United Kingdom or Switzerland, the legal bases on which we process your personal data are set out in Section 5, and our international-transfer safeguards in Section 7. You have the right to lodge a complaint with your local data-protection supervisory authority if you believe our processing infringes applicable law, although we would appreciate the chance to address your concerns first. If a data-protection representative or contact is required for your region, you may reach us using the contact details in Section 17.
12. California disclosures (CCPA/CPRA)
If you are a California resident, you have the right to know what personal information we collect and how we use and disclose it (the categories are described in Sections 4–6), to request access to or deletion of your personal information, to correct inaccurate information, and to not be discriminated against for exercising your rights. We do not sell your personal information and we do not "share" it for cross-context behavioural advertising as those terms are defined under the CCPA/CPRA. The personal information we process is used for the business purposes described in this policy. You may submit a request, including through an authorised agent, using the contact details below; we may need to verify your identity before responding.
13. Automated decisions & "Do Not Track"
The App does not make decisions producing legal or similarly significant effects about you based solely on automated processing, and it does not perform profiling for those purposes. Because there is no industry-standard response to browser "Do Not Track" signals, the App does not respond to them; it does not use advertising or cross-site tracking in any event.
14. Children
The App is a workplace tool and is not directed to children. It is not intended for use by anyone under the age of 16 (or the minimum age required in your jurisdiction), and we do not knowingly collect their personal data. If you believe a child has provided us data, please contact us and we will take appropriate steps to delete it.
15. Cookies & technical storage
The App's settings interface is loaded inside monday.com and uses only what is technically necessary to operate — for example, the session token monday provides to authenticate the embedded view. We do not use advertising cookies or cross-site tracking technologies.
16. Changes to this policy
We may update this policy from time to time to reflect changes to the App, our practices, or legal requirements. Material changes will be reflected by the "Last updated" date above and, where appropriate, communicated through the App or the marketplace listing. Your continued use of the App after an update takes effect constitutes acceptance of the revised policy.
17. How to contact us
We are here to help. For any question about this policy or your data, to exercise a right, or to raise a concern, you can contact PluginPro through our monday.com marketplace listing. We will do our best to respond promptly and, in any event, within the timeframes required by applicable law.