Privacy Policy
Effective Date: October 25, 2025 • Version: 1.2 • Last Updated: October 28, 2025
🛡️ Our Privacy Commitment
We collect only the absolute minimum data necessary for verification and billing and automatically delete most data within 90 days to 1 year. We don't collect emails, we don't store your server lists, and we don't sell your data. Payment information is securely processed by Stripe - we never see or store your credit card details.
What Data We Collect
We practice strict data minimization - we only collect what's absolutely necessary for verification.
| Data |
Why We Collect It |
How Long We Keep It |
| Discord User ID |
To identify you for verification |
Until you request deletion |
| Discord Username |
To display your name in admin interfaces |
Until you request deletion |
| Discord Avatar URL |
To show your profile picture in admin interfaces |
Until you request deletion |
| Verification Status |
To grant or deny access to server channels |
Until you request deletion |
| Verification Date |
To track when verification expires (if enabled) |
Until you request deletion |
| Hashed IP Address |
To prevent abuse and rate limiting |
90 days (auto-deleted) |
| Verification Attempts |
Security and compliance audit trail |
1 year max (auto-deleted) |
| Subscription Information |
Track which pricing plan your server is on |
Until subscription ends + 7 years for tax compliance |
| Payment Records |
Billing history and invoices |
7 years (legal/tax requirement) |
🔒 Note on IP Addresses
We do NOT store your actual IP address. We use a one-way cryptographic hash with daily salt rotation, making it impossible to identify individuals from this data. It only helps us prevent abuse within the same day.
Payment & Billing Information
If you subscribe to a paid plan, we collect and process payment information through our payment processor, Stripe, Inc.
What Payment Data We Collect
| Data |
Collected By |
Why We Need It |
| Subscription Plan |
Us (our database) |
Track which tier your server is on (Free, Pro, Enterprise) |
| Billing Period |
Us (our database) |
Know when to charge for renewals |
| Payment Status |
Us (our database) |
Track successful/failed payments |
| Payment Amount |
Us (our database) |
Record transaction amounts for invoicing |
| Stripe Customer ID |
Us (our database) |
Link your server to your Stripe account |
| Credit Card Details |
Stripe ONLY |
Process payments (we never see your card number) |
| Billing Address |
Stripe ONLY |
Required by Stripe for payment processing |
💳 We NEVER See Your Credit Card
Your payment information is processed directly by Stripe, a PCI-DSS Level 1 certified payment processor. We never receive, store, or have access to your full credit card number, CVV, or billing address. Stripe handles all sensitive payment data in accordance with industry standards.
We only store a reference ID that links your server to your Stripe customer account, allowing us to manage your subscription and access billing history.
Stripe's Role & Privacy Policy
Stripe is our payment processor and handles all credit card transactions. When you subscribe to a paid plan:
- Stripe collects: Credit card details, billing address, payment method information
- Stripe processes: All payments, refunds, and subscription billing
- Stripe stores: Your payment methods securely in their PCI-compliant vault
- Stripe's privacy policy: stripe.com/privacy
Payment Data Retention
We retain payment records for 7 years after your subscription ends. This is required by tax laws in most jurisdictions (IRS, HMRC, etc.) to maintain financial records for auditing purposes.
- Subscription history: 7 years after cancellation
- Payment transaction records: 7 years after payment date
- Invoices: 7 years for tax compliance
Note: If you delete your user data, we'll anonymize your payment records by removing your Discord User ID, but we must retain the financial transaction data for legal compliance.
What We DON'T Collect
We explicitly do NOT collect:
- ❌ Email addresses (unless you contact support)
- ❌ Phone numbers
- ❌ Your full list of Discord servers
- ❌ Your messages or chat history
- ❌ Credit card details (handled by Stripe)
- ❌ Billing address (stored by Stripe only)
- ❌ Browsing history or tracking cookies
- ❌ Your real name (unless provided to Stripe)
- ❌ Any data beyond what's listed above
What About Server Membership Checks?
During verification, we temporarily check which Discord servers you're in to see if any are on a banned list. We do NOT store this information. It's checked in real-time and immediately discarded. We only store whether you passed or failed verification, not which servers caused a failure.
How We Use Your Data
We use your data only for the following purposes:
- Verification: Check if you're in banned servers and assign appropriate roles
- Access Control: Grant or deny access to Discord server channels based on verification status
- Rate Limiting: Prevent abuse by limiting verification attempts (using hashed IPs)
- Audit & Compliance: Maintain logs for security and legal compliance (1 year maximum)
- Admin Dashboard: Display verification status to authorized server administrators
- Subscription Management: Track your pricing plan, enforce usage limits, and manage billing
- Payment Processing: Process subscription payments via Stripe (invoicing, renewals, refunds)
- Tax Compliance: Maintain financial records as required by law (7 years)
We do NOT:
- ❌ Sell your data to anyone
- ❌ Use your data for advertising or marketing
- ❌ Share your data with third parties (except Discord itself)
- ❌ Use your data for any purpose not listed above
Data Retention & Automatic Deletion
We automatically delete old data to protect your privacy:
| Data Type |
Retention Period |
Deletion Method |
| User profiles (User ID, username, avatar) |
Until you request deletion |
Manual or automatic |
| Verification status & date |
Until you request deletion |
Manual or automatic |
| Hashed IP addresses |
90 days |
Automatic daily purge |
| Verification attempt logs |
1 year maximum |
Automatic daily purge |
| Subscription data (plan, status) |
Until subscription ends + 7 years |
Manual (deleted after retention period) |
| Payment transaction records |
7 years (tax law requirement) |
Manual (anonymized if user deleted) |
⏰ Automatic Purge Process
Our system runs a daily automated purge that:
- Removes IP hashes from verification attempts older than 90 days
- Deletes entire verification attempt records older than 1 year
- Ensures no data is kept longer than necessary
Your Privacy Rights
Depending on your location, you have the following rights:
All Users
- Right to Access: Request a copy of your data (export as JSON via self-service tool)
- Right to Deletion: Request we delete your data (see deletion instructions below)
- Right to Correction: Request we fix incorrect data (contact us via email)
- Right to Object: Object to our processing of your data
EU/UK Users (GDPR)
- Right to Data Portability: Receive your data in machine-readable format (JSON)
- Right to Restrict Processing: Limit how we use your data
- Right to Withdraw Consent: Withdraw consent at any time (where applicable)
- Right to Lodge a Complaint: File a complaint with your local data protection authority
California Users (CCPA)
- Right to Know: What data we collect and how it's used
- Right to Delete: Request deletion of your data
- Right to Opt-Out: Opt out of data "sales" (we don't sell data)
- Right to Non-Discrimination: We won't discriminate for exercising your rights
Data Security
We implement the following security measures:
- ✅ HTTPS/TLS encryption for all web traffic
- ✅ Database access controls (credentials stored securely)
- ✅ IP address hashing (one-way cryptographic hash)
- ✅ Rate limiting to prevent abuse
- ✅ Automatic data purging (minimal data retention)
- ✅ OAuth state tokens with expiry (prevents CSRF attacks)
- ✅ Data minimization (we don't collect unnecessary data)
Third-Party Sharing
We share data only with:
- Discord, Inc. - We use Discord's API to verify your server memberships and assign roles. Discord's privacy policy applies: discord.com/privacy
- Stripe, Inc. - Our payment processor handles all credit card transactions and subscription billing. Stripe's privacy policy applies: stripe.com/privacy
- Hosting Provider - Our database is hosted on secure servers. They may have access to encrypted data but are contractually prohibited from using it.
We do NOT share data with advertisers, marketing companies, data brokers, or any other third parties.
Automated Decision Making
Yes, we use automated decision making for verification:
- What: Our Bot automatically checks your server memberships against a banned server list
- Impact: You may be denied access to certain channels if you're in a banned server
- Human Review: Server administrators can manually verify users who have legitimate reasons to be in banned servers
For privacy questions, concerns, or to exercise your rights:
Email: [email protected]
Response Time: Within 30-45 days
🗑️ How to Delete Your Data
We offer TWO ways to delete your data:
Option 1: Self-Service Deletion (Instant)
- Click the button below to start the deletion process
- Authenticate with Discord (to verify your identity)
- Review a summary of all your stored data
- Optionally export your data as JSON before deleting
- Click "Delete My Data" to permanently remove everything
Delete My Data Now →
Option 2: Email Request
If you prefer not to use the self-service tool, email us at [email protected] with:
- Subject: "Data Deletion Request"
- Your Discord User ID (found in Discord Settings → Advanced → Developer Mode → Right-click your profile)
- We'll process your request within 30 days
What Gets Deleted
When you delete your data, we permanently remove:
- ✓ Your Discord User ID, username, and avatar
- ✓ Your verification status and verification date
- ✓ All verification attempts associated with your account
- ✓ Your hashed IP addresses from our database
- ✓ Any administrator privileges you may have in the system
💰 Subscription & Payment Data
- Active subscriptions: Will be canceled immediately (no refund for partial month)
- Payment records: Anonymized (your Discord ID removed) but retained for 7 years for tax compliance
- Stripe customer: Your Stripe account is NOT deleted - manage this in Stripe's Customer Portal
- Invoices: Anonymized and retained for legal/tax requirements
⚠️ Important Notes
- Deletion is immediate and permanent - we cannot undo this action
- Discord roles are removed automatically - you'll lose verified status and be marked as unverified
- Administrator warning - if you're an admin for any servers, we'll warn you before deletion
- No impact on discovered servers - we do NOT delete the discovered servers list (it's anonymized data used for security)
- Re-verification required - if you want access again, you'll need to verify from scratch
Discord Developer Policy Compliance
This Bot complies with Discord's Developer Terms of Service and Developer Policy:
- We only use data for stated verification functionality
- We do not sell or monetize user data
- We store only necessary data and delete it promptly
- We respect Discord's API rate limits and guidelines
Discord's Developer Policy: View Policy
Summary (Plain Language)
What we collect: Only your Discord ID, username, avatar, verification status, a hashed version of your IP address, and subscription/payment data (if you're on a paid plan).
What we DON'T collect: Emails (except for support), your server list, messages, credit card details (handled by Stripe), or tracking cookies.
How long we keep it: User data until you ask us to delete it. IP hashes for 90 days. Audit logs for 1 year max. Payment records for 7 years (legal requirement). Everything else is automatically deleted.
Payment security: All credit card details are processed by Stripe. We never see or store your card number, CVV, or billing address.
Your rights: You can request your data, export it as JSON, ask us to delete it, or correct it anytime.
How to delete your data: Use our self-service deletion tool for instant removal, or email us your request. See detailed instructions above.
Our commitment: We collect the absolute minimum data necessary and delete it as soon as possible. Your privacy matters to us.