Privacy Policy

1. Overview

MiroSync for Monday for Monday ("we," "our," or "us") is committed to protecting your privacy and ensuring transparent data practices in our Monday.com and Miro integration service.

This Privacy Policy applies to:

Our website at mirosyncformonday.com
The MiroSync for Monday application available through Monday.com and Miro marketplaces
All related services, features, and functionality

By using MiroSync for Monday, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with these practices, please do not use our services.

2. Information We Collect

2.1 Authentication Information

To enable integration between Monday.com and Miro, we collect:

User Identifiers: Miro user IDs and Monday.com user IDs
Access Tokens: OAuth tokens from both platforms (encrypted and securely stored)
Authorization Data: Scope permissions and refresh tokens as needed

2.2 Integration Data

To synchronize content between platforms, we process:

Item References: Monday.com item IDs and Miro app card IDs
Board Information: Board IDs from both platforms for mapping purposes
Metadata: Field mappings and synchronization preferences
Webhook Data: Change notifications for real-time updates

2.3 Analytics Information (With Consent)

Only with your explicit consent, we collect usage analytics through PostHog:

Usage Patterns: Feature usage, session duration, and interaction flows
Performance Data: Load times, error rates, and system performance metrics
Technical Information: Browser type, device type, and general location (country-level)

2.4 Contact Information

When you contact us for support:

Email Address: For support communications and service notifications
Name and Company: For personalized support and issue resolution
Support Communications: Records of customer service interactions

Important: What We Don't Collect

Content of your Monday.com items or Miro boards
Personal files, documents, or attachments
Private communications or comments
Financial or payment information
Sensitive personal data (health, political views, etc.)

3. How We Use Information

🔗 Core Service Delivery

Authenticate users with Monday.com and Miro
Synchronize data between platforms
Process webhook notifications
Maintain integration mappings

🛠️ Service Improvement

Monitor service performance and reliability
Identify and fix technical issues
Develop new features based on usage patterns
Optimize user experience

📞 Customer Support

Respond to support requests and inquiries
Troubleshoot integration issues
Provide technical assistance
Send important service notifications

📊 Analytics (With Consent)

Understand feature adoption and usage
Measure service performance metrics
Identify areas for improvement
Generate anonymized usage statistics

3.1 Legal Basis for Processing

Under GDPR, we process personal data based on the following legal grounds:

Contract Performance: Processing necessary for service delivery
Legitimate Interest: Service improvement, security, and support
Consent: Analytics and optional communications
Legal Obligation: Compliance with applicable laws and regulations

4. Data Sharing & Disclosure

Our Commitment

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4.1 Limited Data Sharing

We may share information in the following limited circumstances:

Service Providers

Trusted third-party providers who assist in service delivery:

Supabase: Database hosting and management
PostHog: Analytics platform (only with consent)
Netlify: Application hosting and delivery

Platform Integration

Data necessary for platform functionality is shared with:

Monday.com: Via their official API for synchronization
Miro: Via their official SDK for app card creation and updates

Legal Requirements

When required by law, we may disclose information to:

Comply with legal process or government requests
Protect our rights, property, or safety
Prevent fraud or security breaches
Enforce our terms of service

4.2 Data Processing Agreements

All service providers are bound by data processing agreements that require them to:

Process data only for specified purposes
Implement appropriate security measures
Delete or return data when services end
Comply with applicable privacy regulations

5. Data Security

We implement industry-standard security measures to protect your information:

🔒 Encryption

TLS 1.3 for all data transmission
AES-256 encryption for data at rest
Encrypted OAuth token storage
End-to-end secure API communications

🛡️ Access Controls

Role-based access limitations
Regular access reviews and audits
Multi-factor authentication requirements
Principle of least privilege

🔍 Monitoring

Continuous security monitoring
Automated threat detection
Regular vulnerability assessments
Incident response procedures

🏢 Infrastructure

Enterprise-grade cloud hosting
Regular security updates and patches
Redundant backup systems
Physical data center security

Security Incident Response

In the event of a security incident affecting personal data, we will notify affected users and relevant authorities within 72 hours as required by GDPR.

6. International Data Transfers

MiroSync for Monday operates globally and may transfer personal data internationally. We ensure adequate protection through:

Standard Contractual Clauses (SCCs)

EU-approved contractual terms for secure international data transfers.

Adequacy Decisions

Transfers to countries recognized by the European Commission as providing adequate protection.

Additional Safeguards

Technical and organizational measures to ensure data protection standards are maintained.

Primary Data Locations: United States, European Union, and other locations with adequate data protection frameworks.

7. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

Retention Periods

Authentication Tokens Until service disconnection + 30 days
Integration Mappings Until service disconnection + 90 days
Analytics Data 26 months (PostHog retention)
Support Communications 3 years from last contact
Legal Retention As required by applicable law

Automated Deletion

Our systems automatically delete data when retention periods expire, unless legal obligations require longer retention.

8. Your Rights & Choices

You have important rights regarding your personal data. We respect these rights and provide easy ways to exercise them:

🔍 Access & Information

Request copies of your personal data
Learn how your data is processed
Understand data sharing practices
Review retention periods

✏️ Correction & Updates

Correct inaccurate information
Update outdated details
Complete incomplete data
Modify contact preferences

🗑️ Deletion & Erasure

Request deletion of personal data
Disconnect integrations completely
Remove analytics tracking
Opt out of communications

⚙️ Control & Portability

Export your data in standard formats
Restrict certain processing activities
Object to automated decision-making
Withdraw consent at any time

8.1 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: help@mirosyncformonday.com
Subject Line: "Privacy Rights Request"
Response Time: Within 30 days of verification

8.2 Analytics Opt-Out

You can control analytics tracking at any time:

Use the consent banner when first visiting our app
Contact us to withdraw consent for existing data
Data collection stops immediately upon opt-out
Previously collected data is anonymized or deleted

9. Cookies & Analytics

9.1 Essential Cookies

We use essential cookies to provide basic functionality:

Session Management: Maintain your login state and preferences
Security: Prevent cross-site request forgery and ensure secure connections
Functionality: Remember your integration settings and configurations

9.2 Analytics Cookies (Optional)

With your consent, we use PostHog for analytics:

Usage Analytics: Understand how features are used
Performance Monitoring: Identify and fix performance issues
Feature Development: Guide product improvements based on real usage

9.3 Third-Party Analytics

PostHog: Our analytics provider processes data according to their privacy policy and our data processing agreement:

Data is processed in compliance with GDPR
User data is never sold to third parties
You can opt out at any time
Data retention is limited to 26 months

10. Children's Privacy

Age Restrictions

MiroSync for Monday is not intended for use by individuals under 16 years of age. We do not knowingly collect personal information from children under 16.

If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly. If you believe we may have collected information from a child under 16, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect:

Changes in our services or business practices
Updates to legal requirements or regulations
Improvements in our privacy practices
User feedback and requests

11.1 Notification Process

When we make material changes to this policy, we will:

Update the "Last Updated" date at the top of this policy
Notify active users via email or in-app notification
For significant changes, provide 30 days advance notice
Highlight key changes in our communications

Your Options

If you disagree with changes to this policy, you may discontinue using our services. Continued use after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

We're committed to addressing your privacy concerns and questions. Contact us through any of these channels:

General Privacy Questions

help@mirosyncformonday.com
Response within 48 hours

Privacy Rights Requests

help@mirosyncformonday.com
Include "Privacy Rights Request" in subject

Data Controller: MiroSync for Monday for Monday
Service Location: Primarily US and EU
Legal Compliance: GDPR, CCPA, and applicable international privacy laws

Table of Contents