Skip to main content
Back to home

Legal

Privacy Policy

Last updated: July 15, 2026

This policy describes the Discrofy web application and related APIs in this repository. If you self-host or white-label, your organization is typically the data controller for end-customer data; adapt this page and your subprocessor list accordingly.

Account and authentication

We store account details you provide or that are required to operate the product: for example email, display name, and a password hash (not the plaintext password). Sign-in uses an HTTP-only session cookie scoped to the site.

A separate optional platform admin role uses its own cookie and database-backed sessions; it does not replace or read customer password material.

Discord linking

When you connect Discord, the service exchanges an OAuth authorization code with Discord and uses the resulting access token only long enough to list guilds you can manage. We store a short-lived pick session (guild ids and names you may link), not your long-lived Discord OAuth refresh token for that flow.

After you link a server, we persist the Discord guild id, guild display metadata we receive from Discord or the bot, and the mapping to your organization.

Bot and dashboard telemetry

When the Discrofy bot is installed on a linked server and configured to write to the same database the dashboard reads, we may store Discord identifiers and operational data such as member listings, join events, moderation actions (including optional reason text entered by moderators), aggregates (for example daily stats), and similar categories your deployment enables. Operators should maintain an internal inventory of enabled bot features and database tables against this policy.

Message-related tables in the schema are intended for metadata (for example channel or message ids and timestamps); confirm your deployment before claiming message content is never stored.

AI features

Features such as server blueprints, rules suggestions, and content generation send prompts and structured context (for example selected guild and channel identifiers) to an AI provider you configure (for example OpenAI). The service is designed to strip or minimize customer content before it reaches the model where the product implements those safeguards—review your AI deployment configuration for your environment.

AI job metadata (status, model identifiers, errors) may be stored for operations and support.

Billing (Stripe)

Paid plans are processed through Stripe. We store identifiers and subscription state needed to enforce entitlements (for example Stripe customer id, subscription id, plan name, trial end, and status on linked-guild billing rows). We do not store full payment card numbers on Discrofy servers; card collection happens on Stripe-hosted flows.

Email

Password reset, waitlist confirmations, and similar mail may be sent through Resend and/or ZeptoMail (depending on which provider the deployment configures). The vendor receives recipient address and message content required to deliver the email.

Waitlist

If you join the public waitlist (for example from the coming-soon page), we store your email address and an optional source label in waitlist_signups and may send a confirmation email. We use this data to notify you about launch timing and related product updates. You can request deletion via the contact address below.

Subprocessors and third parties

Depending on configuration, data may be processed by: Discord (platform APIs), Stripe (payments), Resend and/or ZeptoMail (transactional email), Zoho Desk (support ticketing), Sentry (error monitoring and optional Session Replay), your AI inference vendor, your cloud host and database provider, and — when enabled and accepted via the cookie banner — Google Analytics and Microsoft Clarity (site usage analytics). We do not sell personal data and we do not use it for third-party advertising in the default product build.

Customers who need a DPA or subprocessor list should contact the address below.

Marketing contact form

Messages sent through the public Contact page or Dashboard → Support create tickets in Zoho Desk (our support desk) and are also stored in the local support_tickets table (name, email, subject, message, workspace context, and source label) for audit and fallback. Submissions are rate-limited by IP or user account. Confirmation mail for those tickets may be sent via ZeptoMail.

Cookies

See the Cookie Policy for cookie categories. Optional Google Analytics and Microsoft Clarity scripts load only after you accept analytics cookies in the consent banner.

Your rights

You may request access, correction, export, or deletion of personal data by contacting [email protected]. Deletion timelines depend on backups, billing retention, and legal holds.

Contact

Privacy questions: [email protected].