PlugstashBack

Privacy Policy

Last updated: February 2026

1. Introduction

This Privacy Policy explains how Plugstash ("we", "us", "our") collects, uses, and protects your personal data when you use our platform. We are committed to protecting your privacy and handling your data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

2. Data We Collect

2.1 Account Information

When you sign in via GitHub OAuth, we collect:

  • Name
  • Email address
  • GitHub username
  • Profile picture URL
  • GitHub organization memberships (for access control)

2.2 Content You Create

We store content you submit to the platform, including:

  • Items (skills, agents, plugins) and their versions
  • Articles and knowledge base posts
  • Comments, ratings, reviews, and votes
  • Bookmarks

2.3 Usage Data

We collect limited usage data:

  • Article view counts (aggregated, not per-user)
  • Gamification statistics (XP, badges, engagement scores)
  • IP addresses for audit logging (security purposes)

3. Legal Basis for Processing

We process your data based on:

  • Contract performance: To provide the platform services you signed up for
  • Legitimate interest: For security, fraud prevention, and platform improvement
  • Consent: For optional cookies and data processing beyond core functionality

4. How We Use Your Data

  • Authenticate you and manage your account
  • Display your contributions (items, articles, comments) to other users
  • Provide gamification features (XP, badges, leaderboards)
  • Send in-app notifications about your content
  • Maintain platform security via audit logging

5. Third-Party Services

5.1 GitHub

We use GitHub OAuth for authentication. GitHub receives your authentication request and provides us with your profile information. We also check your GitHub organization memberships to manage platform access. See GitHub's Privacy Statement.

5.2 Slack (Optional)

Organizations may integrate Slack for item review notifications. When configured, item submission and approval/rejection events are posted to a designated Slack channel. Slack integration is configured per-organization by administrators.

6. Data Retention

  • Account data: Retained while your account is active
  • Notifications: Retained per organization retention settings (default: 90 days)
  • Sessions: Retained per organization settings (default: 30 days)
  • XP transaction history: Retained per organization settings (default: 365 days)
  • Audit logs: Retained for up to 2 years for security purposes
  • Data export requests: Retained for 7 days after completion

7. Your Rights

Under the GDPR, you have the right to:

  • Access: Request a copy of all your personal data
  • Portability: Export your data in a machine-readable format (JSON)
  • Rectification: Update your information (via GitHub profile)
  • Erasure: Delete or anonymize your account
  • Restriction: Limit how we process your data
  • Objection: Object to data processing based on legitimate interest

You can exercise your data export and account deletion rights from your Account Settings page.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including encrypted database connections, secure session management, and access controls based on organization membership and role-based permissions.

9. Cookies

We use essential cookies for authentication and platform functionality. See our Cookie Policy for details.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the platform.

11. Contact

For privacy-related inquiries or to exercise your data protection rights, please contact your organization administrator or the platform administrator.

Privacy Policy | Plugstash | Plugstash