just another power-upPrivacy Policy
This privacy policy outlines how Just Another Power-Up, owned and operated by Rokas Ulickas through MB “Kodas nuo nulio”, registered in Lithuania with company code 305146439 (“we”, “us”, or “our”), collects and uses your personal data when you use our Trello power-ups, including Just Another Label Sync.
1. Our commitment to your privacy
Our core philosophy is built on the GDPR principles of data minimization and purpose limitation. We are committed to collecting only the essential information required for specific, stated purposes to provide you with a functional and reliable service. We believe that a clear understanding of what information we collect, why we collect it, and how it is used is fundamental to building trust. This approach is consistent with regulatory requirements, such as the EU's General Data Protection Regulation (GDPR), which mandate that information related to data processing be provided in a concise, transparent, and easily accessible format, using clear and plain language.
2. Data we collect and how we use it
We never store the contents of your Trello cards — including titles, descriptions, comments, or attachments — on our servers. The information we do collect is strictly limited to the following categories:
| Data type | Purpose of collection |
|---|---|
| Trello member IDs, workspace IDs, board IDs, and board names | To associate your Trello account with our power-ups, enable core service functionality (such as syncing labels between boards), manage your subscription, and facilitate customer support. |
| Trello API token | Granted by you via Trello's OAuth flow and used only to perform actions you authorize (read boards, sync labels, etc.). The token is stored in our database so that automatic, webhook-triggered label sync can run when a label changes even while you are not actively using the power-up. Using Disconnect Account revokes the token with Trello so it can no longer be used; you may also request erasure of the stored record by contacting us. |
| Email address, Stripe customer ID, and subscription ID | To process subscription payments, manage your account, send billing-related emails (trial reminders, payment confirmations, failed payment notices), and prevent fraudulent transactions. We use a third-party payment processor and do not store credit card numbers on our servers. |
| Webhook IDs and sync configuration | Trello webhook identifiers created on your behalf, along with your configured source and target board IDs and sync preferences (such as whether deletions are allowed), to enable automatic label sync. This configuration is stored in our database; some client-side display preferences are kept in Trello's private member storage. |
When you add one of our power-ups to your Trello board, we receive a unique, alphanumeric Trello member ID along with board and workspace identifiers. This data is essential for the power-up to function as intended, allowing it to apply its features and associate them with your specific account.
For subscription payments, we use the third-party payment processor Stripe. When you provide your payment details, that information is sent directly to Stripe for processing. Stripe securely stores and manages your full payment information; it is never stored on our servers.
We do not use website analytics, advertising trackers, or cookies for tracking, and we do not collect your name, avatar, username, or any Trello content beyond what is strictly needed to perform the power-up's operations.
3. Our legal basis for processing your data
Under the GDPR, every instance of processing personal data must have a clear and established legal justification. We rely on the following lawful bases for our data processing activities:
Our primary legal basis for processing your Trello member ID and payment information is contractual necessity. Processing this information is essential to deliver the subscription service you purchase from us. For example, without your Trello ID, we cannot link the power-ups to your account, and without processing your payment information, we cannot deliver the paid subscription service.
We may also process limited operational data — such as webhook delivery records and error logs — for our legitimate interests in keeping the service reliable and secure, detecting abuse, and diagnosing issues, in a form that does not build profiles of individual users.
4. Data sharing and disclosure
A core aspect of our privacy commitment is that we do not sell or share your personal information with third parties for their marketing or advertising purposes. Your data is not a product; it is a tool used solely to provide our service to you.
We only share your information with trusted third-party service providers when it is necessary for the operation of our business. These service providers act as data processors on our behalf and are bound by their own data privacy obligations:
- Trello / Atlassian — hosts the power-up and provides the Trello API. See Atlassian's privacy policy.
- Stripe — processes subscription payments. We never see your payment card details. See Stripe's privacy policy.
- Amazon Web Services (AWS SES) — delivers transactional email. See AWS privacy notice.
In addition, we may be required to disclose your personal information in limited, legally mandated circumstances. This includes responding to valid court orders, subpoenas, or other lawful government requests. We may also disclose information to protect our rights, property, or safety, or those of our users, as permitted by law.
5. Your privacy rights (GDPR & CCPA)
Both the GDPR and CCPA provide you with significant rights regarding your personal information. To exercise any of the rights detailed below, please contact us at the email address provided in the “Contact us” section.
- Right to Know / Access: You have the right to request information about the personal data we have collected about you.
- Right to Deletion: You have the right to request the deletion of your personal data from our systems.
- Right to Correction: You have the right to request the correction of any inaccurate personal information we hold about you.
- Right to Data Portability (GDPR): You have the right to request a copy of your personal data in a machine-readable format.
- Right to Object & Restriction of Processing (GDPR): You have the right to object to our processing of your personal data under certain conditions.
- Right to Withdraw Consent and to lodge a complaint with a supervisory authority (in Lithuania, the State Data Protection Inspectorate).
Clicking Disconnect Account in the power-up's settings revokes your Trello token and clears your saved settings; to have your stored records fully erased, email us and we will delete them. As we do not sell your personal information or collect sensitive personal data, certain rights under the CCPA (such as the Right to Opt-Out of Sale) are not applicable to our services. We will not discriminate against you for exercising any of your privacy rights.
6. Data storage and security
Data, including your Trello API token and sync configuration, is stored in a PostgreSQL database hosted on infrastructure we operate in the European Union. We use industry-standard encryption (TLS 1.2+) for data in transit and standard database access controls. Access to production data is restricted to the operator of the Services. Using Disconnect Account revokes your token with Trello so it can no longer be used; you may request deletion of your stored data at any time (see Your privacy rights).
7. Data retention
We retain your personal data only for as long as is necessary to provide our services and for a reasonable period thereafter to comply with our legal and financial obligations.
- Subscription records are retained for the duration of your active subscription, and for up to 7 years afterwards to comply with applicable tax and accounting laws.
- Your Trello token, webhook IDs, and sync configuration are retained for as long as you use the power-up, and are deleted on request.
Once the applicable retention period has passed, the data will be deleted.
8. International transfers
Our primary infrastructure is located in the European Union. Some third-party providers (Stripe, AWS) may process data in other regions, including the United States, under standard contractual clauses or equivalent safeguards.
9. Children
The Services are not intended for anyone under 16. We do not knowingly collect information from children.
10. Contact us
For any questions about this privacy policy or to exercise your privacy rights, please contact our support at support@justanotherpowerup.com. When submitting a request, please provide sufficient information to allow us to verify your identity and understand the nature of your request.
11. Changes to this policy
We may update this privacy policy from time to time to reflect changes in our practices or to comply with new legal requirements. When we make changes, we will post the updated policy on this page with a revised effective date. Material changes will be communicated via email to subscribed users where applicable.