Privacy Policy

Effective date: May 1, 2026

This policy describes how Puffly (“we”, “us”) handles information in connection with Mirror Copy Booster, a monday.com marketplace app. If anything here conflicts with your organisation’s rules, stricter rules win.

1. Who we are

Mirror Copy Booster is published by Puffly. Contact: pufflyapp@gmail.com.

2. What the app does

The app runs inside monday.com. It lets you copy values from one column into another on the same board, when you choose to run it. It uses monday’s APIs only with the OAuth permissions you (or your admin) approve.

3. Data we process (and do not host as a product database)

We do not operate a separate customer database that stores your monday boards, items, or column contents on our own servers for app functionality.

When you use the app, typical processing includes:

• Board context from monday — e.g. board, column, group, and item data needed to show the UI and perform a copy you trigger. This flows through monday’s platform and your browser session; it is used to provide the feature, not sold or used for advertising profiles.
• Local device storage (browser) — small amounts of data may be stored in your browser (for example saved copy rules, lightweight usage counters for free-tier limits, and UI or plan flags). This stays on your device unless you clear site data for the app. We do not use it for cross-site tracking.
• Support email — if you email us, we receive your address, message, and anything you attach. We use this only to respond and improve the product; we do not sell mailing lists.

4. End user data — stored data and usage

This section answers common marketplace / security questions about what we store and why.

• App database or webhook storage on Puffly: We do not store your monday workspace data, items, column values, or saved copy rules in an application database on Puffly-operated servers. We do not operate app webhooks that persist your board content on our systems for Mirror Copy Booster’s core functionality.
• Where saved copy rules are stored: Saved rules (for example which columns you chose as source and target) are kept only in your browser, typically using localStorage for the monday app origin. They are not uploaded to or synchronised with Puffly servers. Clearing site data / storage for the app in your browser removes them.
• User id / account id: Identifiers monday exposes in the app session (such as account or user id) may be read in the client so the app can run (for example UI and optional client-side checks). We do not use them to build advertising profiles. We do not write them to a Puffly database for core copy functionality.
• PII: We minimise personal data. We do not collect or store board-derived PII (names, emails, phones from columns, etc.) on Puffly servers for core app operation. If you contact support by email, we process the data you send there only to help you, as described in section 3.
• Encryption and evidence: Traffic between your browser, monday, and our public pages uses TLS (HTTPS). monday remains responsible for security of data held in your workspace on their platform. You can confirm that rules stay local by opening browser developer tools → Application (or Storage) → Local Storage for the monday frame after saving a rule in the app — keys are on-device only, not sent to us as a rules backup.

5. OAuth scopes

The app requests only what it needs. Currently:

• boards:read — to read columns, groups, and items so you can pick source/target and preview.
• boards:write — to write values when you explicitly run a copy, for items your monday permissions allow you to edit.

If monday shows additional scopes in the consent screen, they will match what is configured for the app version you install; we avoid requesting unrelated access.

6. Where data lives & security

• monday.com remains the system of record for your workspace data. Retention and compliance there follow monday and your account settings.
• This website (policies, contact) is served over HTTPS from static hosting. It does not collect a separate login or password for Puffly.
• We design the app to validate inputs and avoid unsafe rendering patterns; monday’s iframe environment also constrains how the app runs.

We do not ask you for your monday password. We do not store monday API tokens on Puffly-operated servers for this app’s core operation.

7. Third-party services

• monday.com — platform, OAuth, APIs, hosting of your workspace data.
• Static site host (Cloudflare Workers) — serves public pages such as this policy; no monday workspace content is uploaded there by the app.
• Fonts — this site may load fonts from Google Fonts; see Google’s privacy notice for how they process requests.

8. Retention & uninstall

Workspace content: we do not keep an ongoing copy on Puffly systems when you use the app as described above. When you remove or revoke the app in monday, monday stops granting it access according to monday’s processes.

Browser data: data stored locally in your browser remains until you clear site data or your browser removes it. You can delete it anytime via your browser or device settings.

Support mail: we keep messages only as long as needed to help you (typically up to 24 months unless you ask us to delete sooner, or law requires otherwise).

9. Your rights (EEA / UK and similar)

Depending on where you live, you may have rights to access, correct, delete, or restrict processing of personal data we hold (for example in support inboxes). Email pufflyapp@gmail.com. We will respond within a reasonable time.

10. Children

The app is meant for workplace use. It is not directed at children.

11. Changes

We may update this policy. The “Effective date” at the top will change when we do. For material changes, we will make reasonable efforts to point them out (for example via the marketplace listing or this site).

12. Contact

Questions about privacy: pufflyapp@gmail.com

Summary for reviewers: Mirror Copy Booster uses monday OAuth (boards:read, boards:write), processes board data in the client session to perform user-initiated copies, stores saved copy rules only in the browser (localStorage) — not on Puffly servers — and does not maintain a separate Puffly database of your monday workspace content or webhook payloads for core app functionality. See section 4 for detail.