Privacy Policy

Effective 21 June 2026 · Last updated 21 June 2026

Your trust matters to us. Discord Pro Integration (the “App”) is a two-way integration between monday.com and Discord, provided by PluginPro (“PluginPro”, “we”, “us”, “our”). This Privacy Policy explains, in plain language, what data the App processes, why, the legal bases we rely on, who we share it with, where it is processed, how long we keep it, how we protect it, and the rights and choices you have. We collect only what we genuinely need to run the service, we host your data on monday.com's own infrastructure, we use just two the App integrates only monday.com and Discord, and we never sell your data or use it for advertising.

1. Scope & who this applies to

The App is a business-to-business tool installed by an administrator of a monday.com account and connected to a Discord server. This policy describes the data processed by the App itself in the course of providing its features. It does not cover monday.com's or Discord's own processing of your data, which is governed by their respective privacy policies and terms — we encourage you to review those as well, because your monday.com content and Discord messages also live on, and are processed by, those platforms.

This policy applies to everyone whose data the App may process: the installing administrator, members of the connected Discord server who use the App, and the monday.com users whose names appear on the boards you connect.

2. Our privacy commitment & principles

We aim to earn and keep your confidence by following a few clear principles:

  • Data minimisation — we process only the data needed to deliver the features you switch on, and we keep the rest out of our reach by reading most board and message content only in the moment we need it, without storing it.
  • Purpose limitation — we use data to run the App and support you, never for advertising, and we do not sell it.
  • Security by design — we encrypt credentials, host on monday.com's Secure Storage, isolate each installation's data, and request the least access we need.
  • Transparency & control — you can see and change your configuration at any time, disconnect members, and remove all of your data by uninstalling the App.
  • No surprise third parties — the App integrates only monday.com and Discord (monday.com also hosts the App, on monday Code, which runs on Google Cloud Platform). The settings interface and this website load web fonts from Google Fonts (fonts.googleapis.com / fonts.gstatic.com) for typography only — this sets no cookies and is not used to track you. There are no analytics, advertising, tracking, profiling, or AI/large-language-model services involved.

3. Definitions

  • “App” — Discord Pro Integration, including its settings interface, bot, slash commands, webhooks and related services.
  • “Customer” — the organisation whose monday.com account the App is installed on.
  • “Administrator” — a person authorised to install and configure the App for the Customer.
  • “Member” — a user of the connected Discord server who interacts with the App.
  • “Personal data” / “personal information” — information relating to an identified or identifiable individual, as defined by applicable law.
  • “Processing” — any operation performed on data, such as collection, use, storage, disclosure or deletion.
  • “Controller” and “Processor” — have the meanings given under the GDPR (broadly, the party that decides the purposes of processing, and the party that processes on the controller's behalf).
  • “Sub-processor” — a third party we rely on to help deliver the App that may process data on our behalf.

4. Our role (controller & processor)

For most data flowing through the App — the content of your monday boards and items, and the Discord messages and identifiers connected to them — the Customer is the data controller and PluginPro acts as a data processor, processing that data on the Customer's documented instructions (i.e. the configuration set by the Administrator in the App). For a limited set of data whose purposes we determine ourselves — such as the administrator contact details we use to provide support and operate the service — we act as a controller. Where we act as a processor, requests from individuals are generally directed to, and handled by, the Customer (the controller), and we will provide reasonable assistance.

5. Information we process

The table below lists the categories of data the App handles. Wherever possible we process board and message content transiently — reading it from monday.com or Discord at the moment we need it to build a notification, card or summary — and we do not retain it in our own storage. The items marked “stored” are the small amount of configuration and operational data the App must keep to function.

CategoryExamplesSourceStored by the App?
monday account & identityAccount id, name and slug; monday user ids and names used to attribute actionsmonday.com API / OAuthStored (account record)
monday board contentBoards, groups and columns you connect; item names, statuses, assignees, dates, and updates/commentsmonday.com API, on your instructionTransient (not stored)
Discord identifiersServer (guild) id, channel and role ids, message and thread ids; the Discord user ids and usernames of members who use the App or run /connectDiscord API / interactionsStored where part of your configuration (e.g. selected channels/roles); identifiers in transit otherwise
Message contentText of messages the bot reads to run its features — see Section 6Discord (channels the bot can access)Transient (not stored)
Authentication credentialsmonday.com OAuth access tokens — for the installing administrator and for each member who runs /connectmonday.com OAuthStored, encrypted at rest
Configuration & operational dataYour settings, notification rules, scheduled digests, deadline reminders, the mapping between monday items and the Discord messages/threads we post, vote tallies (the Discord ids of members who voted), and your current subscription planCreated by you in the App / monday billing eventsStored
Support communicationsThe contact details and contents of messages you send us for supportYouRetained only as long as needed to handle your request
Technical logsOperational and error logs needed to run and secure the service; these do not contain credentials or message contentGenerated by the AppStored briefly (typically up to 30 days)

We do not intentionally collect special categories of personal data (such as health, biometric, racial, political or similar data), and we ask that you do not use the App to transmit such data through it.

6. Discord messages & the Message Content permission

To deliver its features, the App's bot uses Discord's Message Content permission (a “privileged intent” that you approve when adding the bot). This lets the bot read the text of messages in channels it can access. The App uses message content only for these functions, and processes it in the moment, without storing the raw text:

  • Auto-embed — detecting monday item links and item references (e.g. BPLU-001) so it can reply with a live card for that item.
  • Two-way comment sync — when you enable a discussion thread, mirroring replies in that thread to the linked monday item as updates.
  • “Create item from message” — when a member explicitly right-clicks a message and chooses this action, using that message's text as the new item's details.

The App does not retain message text after it has acted on it. Note one important asymmetry: when a thread reply is synced to monday.com as a comment, that comment then lives in monday.com and follows monday.com's retention — deleting the original Discord message does not delete the monday.com comment. You control which channels the bot can see (via Discord's channel permissions) and whether discussion threads and two-way sync are enabled (in the App's settings).

7. Why we process it & legal bases

  • To provide the features you configure — intake, notifications, auto-embed, digests, deadline reminders, two-way sync and slash commands. Legal basis: performance of a contract; and, where we act as processor, the controller's instructions.
  • To authenticate and attribute actions to the correct monday user. Legal basis: performance of a contract / legitimate interests.
  • To operate, secure, troubleshoot and improve the service, including keeping minimal logs and preventing abuse. Legal basis: legitimate interests.
  • To manage subscriptions and provide support, including responding to your requests. Legal basis: performance of a contract / legitimate interests.
  • To comply with legal obligations where applicable. Legal basis: legal obligation.

Where we rely on legitimate interests, we have weighed those interests against your rights and freedoms. We do not use your data for advertising, and we do not sell or “share” it for cross-context behavioural advertising as those terms are defined under applicable law.

8. How we share it & sub-processors

We share data only with the platforms strictly needed to run the App, each under their own data-protection obligations. The App does not integrate any analytics, advertising, error-tracking, email-marketing, or AI/large-language-model services.

RecipientRoleWhat it processes
monday.com (monday.com Ltd.)The platform the App runs on and reads from / writes to on your instruction; our host (the App runs on “monday Code”, which uses Google Cloud Platform infrastructure); and, for paid plans, the marketplace and merchant of record that handles billingAccount and user identifiers, board/item content (in transit), encrypted tokens and your configuration (at rest), and billing/subscription events
Discord (Discord Inc.)The messaging platform the App posts to and reads fromServer/channel/role/user identifiers and message content for the channels the bot can access

Because the App is hosted on monday Code, your stored configuration and encrypted tokens reside within monday.com's infrastructure (which runs on Google Cloud Platform); we do not operate separate servers or databases of our own for your data. We may also disclose data where reasonably necessary to comply with law or legal process, to enforce our terms, or to protect the rights, safety and security of our users, the public or the service. If we are ever involved in a merger, acquisition, financing or sale of assets, data may be transferred as part of that transaction, subject to this policy and applicable law.

9. International data transfers

The App is hosted on monday Code, with infrastructure located in the United States. If you are located elsewhere, the configuration, identifiers and encrypted tokens described above are processed in the US, and message and board content the App reads in the moment is processed there too. For residents of the EEA, UK or Switzerland, this is an international transfer of personal data. Where required, we and our providers rely on appropriate safeguards — such as the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum — to protect your data to a standard consistent with your home jurisdiction. You may contact us for more information about these safeguards.

10. How long we keep it

We keep stored data only for as long as we need it to provide the service. Your configuration, encrypted tokens, item/message mappings, vote tallies and subscription record are retained while the App is installed. When the App is uninstalled from a monday.com account, its per-account data — settings, notification rules, digests, deadline reminders, item/message links, vote tallies, the subscription record and the stored OAuth tokens — is deleted, and the App's webhooks on your monday boards are removed.

An individual member can be disconnected at any time by revoking the App's access from their monday.com account, which invalidates that member's stored token. Board content, item updates and Discord messages the App reads in the moment are not retained by the App. Technical logs are kept only as long as needed for operational and security purposes (typically up to 30 days) and are then deleted or aggregated. As noted in Section 6, content the App writes into monday.com (such as a synced comment) remains in monday.com under monday.com's retention. We may retain limited information for longer where required to comply with legal obligations or to resolve disputes.

11. How we protect it

We apply safeguards designed to protect your data against unauthorised access, alteration, disclosure or loss:

  • monday.com OAuth access tokens are encrypted by the App using AES-256-GCM before they are written to storage, so credentials are never held in plain text.
  • All App data is held in monday.com's Secure Storage, which is access-controlled and logically isolated per installation; we do not keep your data on separate servers or databases of our own.
  • Access is limited to the running application, and we request the least-privilege set of OAuth scopes the App needs.
  • Communication with monday.com and Discord uses encrypted (HTTPS/TLS) connections, and inbound webhooks are cryptographically verified so the App acts only on authentic events.
  • Our diagnostic logs are written without credentials or message content.

If we ever become aware of a personal-data breach affecting your information, we will act promptly to investigate and address it, and will notify affected parties and authorities where and as required by applicable law. No method of transmission or storage is completely secure, so while we work hard to protect your data, we cannot guarantee absolute security.

12. Your rights & choices

Depending on where you live, you may have rights to access, correct, delete, or obtain a portable copy of your personal data, to restrict or object to certain processing, to withdraw consent where processing is based on consent, and not to be subject to decisions based solely on automated processing. Because we often act as a processor on behalf of the Customer, we will, where appropriate, refer your request to that Customer (the controller) or assist them in responding. You can exercise applicable rights, or ask us to route a request, using the contact details in Section 20. We will not discriminate against you for exercising your rights, and we may need to verify your identity before responding. Note that, because much of the App's data is keyed to an installation, the most complete way to erase a Customer's data is to uninstall the App, and the most direct way for a member to remove their stored token is to revoke the App's access in their monday.com account.

13. EEA & UK disclosures (GDPR)

If you are in the European Economic Area, the United Kingdom or Switzerland, the legal bases on which we process your personal data are set out in Section 7, and our international-transfer safeguards in Section 9. You have the right to lodge a complaint with your local data-protection supervisory authority if you believe our processing infringes applicable law, although we would appreciate the chance to address your concerns first. You can reach us using the contact details in Section 20.

14. California disclosures (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect and how we use and disclose it (the categories are described in Sections 5–8), to request access to or deletion of your personal information, to correct inaccurate information, and to not be discriminated against for exercising your rights. We do not sell your personal information and we do not “share” it for cross-context behavioural advertising as those terms are defined under the CCPA/CPRA. The personal information we process is used for the business purposes described in this policy; we retain it as described in Section 10, and the only categories of third parties to whom we disclose it are our service providers, monday.com and Discord. You may submit a request, including through an authorised agent, using the contact details below; we may need to verify your identity before responding.

15. Your responsibilities as the customer

When you act as the controller of your workspace and Discord content, you are responsible for having a lawful basis to process the data you connect through the App, for configuring the App appropriately (including which channels the bot can access and whether two-way sync is enabled), and for informing your members about how the App is used in your organisation as required by applicable law. You should not connect data you are not permitted to process, and you should ensure your use of monday.com and Discord complies with their terms.

16. Automated decisions & “Do Not Track”

The App does not make decisions producing legal or similarly significant effects about you based solely on automated processing, and it does not perform profiling for those purposes. Because there is no industry-standard response to browser “Do Not Track” signals, the App does not respond to them; it does not use advertising or cross-site tracking in any event.

17. Children

The App is a workplace tool and is not directed to children. It is not intended for use by anyone under the age of 16 (or the minimum age required in your jurisdiction), and we do not knowingly collect their personal data. If you believe a child has provided us data, please contact us and we will take appropriate steps to delete it.

18. Cookies & technical storage

The App's settings interface is loaded inside monday.com and uses only what is technically necessary to operate — for example, the session token monday.com provides to authenticate the embedded view. We do not use advertising cookies or cross-site tracking technologies. This website (pluginpro.io) similarly serves static pages without advertising trackers.

19. Changes to this policy

We may update this policy from time to time to reflect changes to the App, our practices, or legal requirements. Material changes will be reflected by the “Last updated” date above and, where appropriate, communicated through the App or the marketplace listing. Your continued use of the App after an update takes effect constitutes acceptance of the revised policy.

20. How to contact us

We are here to help. For any question about this policy or your data, to exercise a right, or to raise a concern, you can contact PluginPro by email at support@pluginpro.io. We will do our best to respond promptly and, in any event, within the timeframes required by applicable law. If you require PluginPro's full legal-entity details, or information about a representative for the EEA or UK, please contact us and we will provide them. See also our Support page and our Terms of Service.