Skip to content

Privacy Policy

monday.com | Translate Document

Effective Date: 04 Oct 2025
Last Updated: 24 Oct 2025

1. Introduction

This Privacy Policy explains how our monday.com integration (“App”) handles information when translating documents via the DeepL API and interacting with monday.com boards. We are committed to privacy, security, and transparency.

2. Data We Collect

  • Account identifiers
  • userId and accountId: stored only to associate OAuth tokens with the correct monday.com user/account.
  • Authentication tokens
  • Monday OAuth access tokens: securely stored using monday.com’s SecureStorage.
  • Short‑lived tokens: held only in memory during a request.
  • monday.com metadata (operational)
  • Board, item, and column identifiers; file metadata (id, name, url, file_size, created_at).
  • Document contents (transient)
  • Files are downloaded from monday.com, sent to DeepL for translation, and uploaded back to monday.com. We do not persist document contents on our servers.
  • Usage and billing counters (non‑content)
    • Per‑account plan info (planId, monthly character limit, billing anchor).
    • Per‑period usage totals (characters used) for enforcement/notifications.
  • Logs (operational)
  • Non-sensitive operational metadata for troubleshooting and performance. Secrets and document contents are not logged.

We do not intentionally collect special categories of data. If documents contain personal data, it is processed solely to perform the requested translation.

3. How We Use Data

  • Authenticate with monday.com and perform API operations.
  • Locate, translate, and return files to the designated monday.com item/column.
  • Prevent duplicate translations briefly via a short in-memory cache.
  • Operate, monitor, secure, and improve the App.

4. Legal Bases (if applicable)

  • Performance of a contract (providing the App’s features).
  • Legitimate interests (security, reliability, rate limiting).
  • Consent where required by law (e.g., app authorization in monday.com).

5. Data Sharing and Subprocessors

  • monday.com: We access your board data strictly to perform the actions you configure.
  • DeepL: We send document contents to DeepL solely for translation and receive the translated output.
  • We do not sell or rent personal data. Sharing is limited to the subprocessors above for the stated purpose.

6. Security

  • Secure token storage: OAuth tokens are stored via monday.com’s SecureStorage (encrypted at rest).
  • Secrets management: App signing secret and DeepL API key are stored in monday.com’s Secrets Manager.
  • Transport security: All communications with monday.com and DeepL occur over HTTPS with Authorization headers.
  • Request authentication: Incoming requests are verified using a JWT signed with our monday.com signing secret; queue webhooks are validated with a secret.
  • Input sanitization: IDs, filenames, URLs, and language codes are sanitized to reduce injection risks.
  • Least privilege and rate limiting: We use only the scopes required and apply rate limiting/queuing to protect stability.

7. Data Retention

  • OAuth tokens (and associated userId/accountId): retained only to support the integration; removed upon user revocation/uninstall or on request.
  • Document contents: never stored; processed in memory and discarded after translation/upload.
  • Operational logs: retained for a limited time for diagnostics, without document content or secrets.

8. Your Rights

Subject to applicable law, you may have rights to access, correct, delete, or restrict processing of your personal data. You can:

  • Revoke the App in monday.com to stop access and invalidate tokens.
  • Request token deletion and log deletion (where applicable) using the contact information below.

9. International Transfers

Data may be processed by monday.com and DeepL in jurisdictions outside your country. We rely on their published safeguards and transfer mechanisms.

10. Children’s Privacy

The App is not directed to children. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this policy to reflect operational or legal changes. The “Last Updated” date will be revised accordingly.

12. Contact

If you have questions or requests about this policy or our data handling practices, contact us at:
Email: support@otomosolutions.com

13. Data Deletion and Uninstall

  • Revoking or uninstalling the App in monday.com will disable access and invalidate short‑lived tokens.
  • You can request deletion of stored OAuth tokens (and associated userId/accountId mapping) at any time using the contact above.

14. Scopes and Permissions

We request only the scopes needed to read files, translate them, notify the initiator of outcomes, and write results back:

me:read — Used to validate the user’s access token and ensure the integration is authorized before performing any actions.

assets:read — List/download file assets linked to file columns.

notifications:write — Send notifications to the initiating user (unsupported files, errors, usage limits, completion).

boards:read — Read boards/items/columns and file column metadata.

boards:write — Attach translated files to target file columns (mutations).

## References (Third‑Party Policies)
– DeepL Privacy Policy: https://www.deepl.com/privacy
– DeepL Data Security: https://www.deepl.com/pro-data-security