This Privacy Policy describes how Spogty ("we," "us," or "our") collects, uses, and protects information when you use our Discord bot and web dashboard. We are committed to protecting your privacy and being transparent about our data practices.
1. Information We Collect
From Discord (via Bot)
When Spogty is added to a Discord server or when you interact with it, we may collect and store:
- Guild (Server) Data: Server ID, server name, server icon URL
- Channel Data: Channel IDs referenced in settings (log channels, ticket channels)
- Role Data: Role IDs used for permission checks and ticket access
- User Data: User IDs (not names) associated with warnings, tickets, and moderation actions
- Message Metadata: Message counts for analytics (we do NOT store message content)
From Discord (via OAuth2 Dashboard Login)
When you log in to the Spogty dashboard using Discord OAuth2, we receive:
- Your Discord User ID, username, and discriminator
- Your Discord avatar hash
- A list of Discord servers you are a member of (to show manageable servers)
- OAuth2 access token and refresh token (stored encrypted in our database)
Automatically Collected Data
- Analytics: Aggregate counts of messages, commands used, members joined/left, tickets created, bans, and warnings per server. This data is stored per-guild and is never personally identifiable.
- Session Data: We use encrypted server-side sessions stored in MongoDB. Session cookies are used solely to maintain your login state.
2. How We Use Your Data
| Data | Purpose | Retention |
|---|
| Guild settings | Configure bot behavior per server | Until bot is removed |
| Warnings | Track moderation history | Until manually cleared |
| Tickets | Track support ticket history | 60 days after closure |
| Analytics | Dashboard charts and statistics | Rolling 90 days |
| Discord OAuth profile | Dashboard authentication | Until you log out or revoke |
| Session data | Maintain login state | 7 days or until logout |
3. Data We Do NOT Collect
We explicitly do NOT collect or store:
- The content of any Discord messages
- Voice channel audio or video
- Direct messages sent to other users
- Email addresses
- Payment information of any kind
- Real names or personal information beyond what Discord provides
- IP addresses (beyond what is logged by standard web server access logs, which are rotated regularly)
4. Data Sharing and Third Parties
We do not sell, trade, or rent your information to third parties. We may share data only in the following circumstances:
- Service Providers: We use MongoDB Atlas (database hosting) as a data processor. Data stored with them is governed by their privacy policy.
- Discord: All bot interactions are processed through Discord's API. Discord's own privacy policy governs data on their platform.
- Legal Requirements: We may disclose information if required by law, court order, or to protect the rights, property, or safety of Spogty, our users, or others.
5. Data Security
We implement reasonable security measures to protect your data:
- Sessions are encrypted using a secret key and stored server-side
- OAuth2 tokens are stored in a secured MongoDB collection
- Dashboard access is rate-limited to prevent brute-force attacks
- HTTPS is enforced in production environments
- Server admins can only access data for servers where they have Manage Server permission
No method of data transmission or storage is 100% secure. We cannot guarantee absolute security but commit to promptly addressing any discovered vulnerabilities.
6. Your Rights and Choices
Data Deletion
You can request deletion of your data at any time by:
- Removing Spogty from your server (all guild data is deleted within 30 days)
- Revoking Spogty's OAuth2 access via your Discord Authorized Apps settings
- Contacting us directly through our support server
Data Access
Server administrators can view all data stored for their server through the Spogty dashboard.
Opt Out
You may opt out of analytics collection by removing the bot from your server. There is currently no per-user opt-out mechanism as most data is aggregate and non-identifiable.
7. Children's Privacy
Spogty is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete such information.
8. Data Retention
We retain data for as long as necessary to provide the Service or as described in Section 2. When you remove Spogty from a server, we will delete all associated guild data within 30 days. OAuth2 login data is retained until you revoke access or log out and request deletion.
9. Changes to This Policy
We may update this Privacy Policy periodically. We will notify users of significant changes by posting a notice in our support server. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes are posted constitutes your acceptance of the revised policy.
10. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us: