Skip to main content

Privacy Policy

Last updated: July 3, 2026

1. Introduction

This Privacy Policy describes how Cipher ("we", "us") collects, uses, and protects information when you use our Discord bot and website. By using Cipher, you agree to the practices described in this policy.

2. Information We Collect

We collect the following types of information:

  • Discord user IDs, usernames, and avatars — for profiles, leaderboards, and dashboard authentication.
  • Server IDs, names, and member counts — for bot functionality and statistics.
  • OAuth access token — when you log into the dashboard, we store your Discord access token in a secure HTTP-only session cookie (1 hour TTL) to verify your server permissions.
  • Message content — when commands are invoked, content is processed and not stored long-term. Message content is NOT stored in event logs — only metadata (author ID, channel ID, message length).
  • Server configuration settings — settings you choose via the dashboard (stored on our servers, associated with your server ID).
  • Event logs — when event tracking is enabled by server admins, metadata about Discord events (message sent/deleted/edited, member join/leave/ban, voice activity, reactions, channel/role/emoji changes, presence updates) is logged. All event logs are automatically deleted after 90 days. No message content is stored — only event type, user ID, channel ID, and timestamps.
  • Error logs — anonymized error data for debugging and bot health monitoring.

3. How We Use Information

  • To provide and improve bot features.
  • To authenticate dashboard users and verify server admin permissions.
  • To display leaderboards, rank cards, and economy balances.
  • To monitor bot health and diagnose errors.
  • To display aggregate statistics on our website.

4. OAuth & Session Data

When you log into the dashboard via Discord OAuth, we request the identify and guilds scopes. This gives us access to your username, avatar, and the list of servers you are in. We use this solely to determine which servers you have permission to manage. Your access token is stored in an HTTP-only, secure, SameSite cookie that expires after 1 hour. We do not store your access token on our servers after the session expires.

5. AI Data Processing

AI commands (such as /ai, /aichat,/aigenerate) send your message content to third-party AI providers (Cerebras, OpenRouter, Google Gemini, Groq, and others). These providers process your input according to their own privacy policies. We do not permanently store AI conversation content. Conversation context is kept in memory for the duration of your session and is not persisted to disk.

6. Data Storage & Retention

Data is stored on secure servers. We do not sell or share your data with third parties beyond the AI providers needed to process your commands. Message content is not permanently stored; only command metadata and error logs may be retained for debugging.

Event logs (when enabled by server admins) are automatically deleted after 90 days. Server admins can also manually delete all event logs at any time via the dashboard. Event tracking is off by default and must be explicitly enabled per category (messages, members, voice, reactions, channels, roles, emojis, presence).

7. Your Rights

  • You may request deletion of your data at any time by contacting us.
  • Removing the bot from your server stops further data collection for that server.
  • You may log out of the dashboard at any time, which clears your session cookie.
  • You may revoke OAuth access at any time via Discord Settings → Authorized Applications.

8. Children's Privacy

Cipher is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us with data, please contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy at any time. Continued use after changes constitutes acceptance of the new policy.

10. Contact

For privacy questions or data deletion requests, email us at jlsfr@mailbox.org.