plonkboard

privacy policy

last updated: March 19, 2026

what we collect

When you sign in with Google, we receive your email address, name, and profile picture. We use this solely to identify you within Plonkboard. We also store API keys you create for authenticating API requests.

what we store

We store the boards, columns, cards, and tags you create via the API. All card and board content (titles, descriptions, assignees) is encrypted at rest using ActiveRecord encryption. Data is encrypted in transit using TLS.

what we don't do

  • We do not sell your data to third parties
  • We do not share your data with advertisers or data brokers
  • We do not use your data for marketing, training, or analytics beyond operating the service
  • We do not track you across other websites
  • We do not use cookies for advertising or tracking (only session authentication)

data security

Board names, descriptions, card titles, descriptions, and assignee fields are encrypted at rest using Rails ActiveRecord encryption. API key tokens are stored as cryptographic hashes. All connections to Plonkboard are encrypted in transit via TLS.

data retention and deletion

You can delete boards and cards at any time via the API. Deleting a board removes all associated columns, cards, and tags. If you wish to delete your account and all associated data entirely, contact us and we will remove everything from our systems.

third-party services

We use Google OAuth for authentication. Google receives standard OAuth data during sign-in. We do not share any of your Plonkboard data with Google or any other third party.

changes

We may update this policy from time to time. Changes will be reflected on this page with an updated date. Continued use of Plonkboard after changes constitutes acceptance.

contact

Questions about privacy? Reach out at privacy@plonkboard.com.