Privacy Policy

Last updated: April 21, 2026

Short version: we store only what's needed to make the bot work, we don't sell your data, we don't use tracking ads, and you can ask us to delete your account.

1. Scope

This Privacy Policy covers the LedgerBot Discord bot and its companion web application ("the Service"). It describes what information is collected, how it's used, and how you can control it.

2. What we collect

2.1 From Discord OAuth (when you log in to the web app)

  • Your Discord user ID (a numeric identifier)
  • Your Discord username and discriminator (if present)
  • Your Discord avatar URL
  • Your Discord email address (as provided by Discord's OAuth profile)
  • OAuth access + refresh tokens for your session, used to list the Discord servers you belong to
  • A list of Discord servers ("guilds") you are a member of, plus whether you own or administer each one

2.2 From Discord guilds the bot is installed in

  • Guild (server) ID, name, and icon URL
  • IDs of Discord roles assigned to users who interact with the bot (used for permission checks)
  • Discord user IDs of anyone who invokes a slash command (used to record "who changed what")

2.3 Content you create in LedgerBot

  • Resource definitions, categories, scales, values, and descriptions
  • Problem pool entries
  • Prompt templates and their conditional logic
  • Role permission mappings
  • Personal ("inventory") resources attached to a guild membership
  • An audit trail of changes to the above (what changed, when, and by whom)

2.4 Operational data

  • Server-side logs (IP address, request path, status code, timing, user agent) retained for troubleshooting and abuse investigation
  • Session cookies required to keep you logged in
  • CSRF tokens and similar security metadata

We do not collect Discord message content, because the bot does not request the Message Content Intent. The bot also does not read, store, or analyze DMs.

3. How we use it

  • To authenticate you via Discord OAuth and keep you logged in.
  • To show you the list of Discord servers you can configure and to tell whether LedgerBot is installed in each one.
  • To check, at command time, which Discord roles you have so we can decide whether you're allowed to run a given slash command.
  • To store the bot's per-guild configuration and personal inventories so they're available next time.
  • To keep an audit trail of resource changes (who adjusted what, when, and why) visible to guild admins.
  • To investigate bugs, abuse, and operational issues using logs.

We do not sell your data. We do not use it for advertising. We do not share it with third parties except the sub-processors listed below (§7).

4. Legal basis (GDPR / UK GDPR)

Where applicable law requires a legal basis for processing:

  • Performance of a contract / request: we need the data listed in §2.1-2.3 to actually provide the Service you're asking for.
  • Legitimate interests: operational logs (§2.4) are processed to keep the Service secure and functional.
  • Consent: you consent to Discord sharing your profile with us when you click "Authorize" during OAuth login.

5. Retention

  • Account data is retained while your account exists. If you ask us to delete your account, we remove your user record and anonymize or delete personal audit entries you authored (see §8).
  • Guild configuration (resources, problems, templates) is retained while the guild exists on the platform. If a server admin removes the bot from the guild, we keep configuration for 30 days in case the bot is re-added, then it may be purged.
  • Server logs are retained for up to 30 days and are then rotated out.
  • Daily database backups are retained for up to 14 days (§12 of the deployment runbook) and may transiently contain data already deleted from the live database. Deleted data is fully purged once all backups containing it have rolled off.

6. Security

The Service runs on a single Linux VPS with the database bound to localhost, TLS terminated by nginx + Let's Encrypt, SSH hardened to key-only auth, and a firewall restricting inbound traffic to HTTP(S) and SSH. Passwords are never stored because we rely on Discord for authentication. We take reasonable steps to protect your data but no internet service can guarantee absolute security.

7. Sub-processors

We use the following third parties to operate the Service:

  • Discord, Inc. - identity provider and message transport; your interactions with the bot necessarily go through Discord. See Discord's Privacy Policy.
  • VPS hosting provider - hosts the server running the web app, bot, and database.
  • Let's Encrypt - issues the TLS certificate.

We do not use analytics, tracking pixels, advertising networks, or social media embed SDKs.

8. Your rights

Depending on your jurisdiction you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data (most fields are refreshed automatically from Discord on your next login).
  • Delete your account and associated personal data.
  • Export your data in a portable format.
  • Object to or restrict certain kinds of processing.

To exercise any of these rights, contact us (see §11). We will respond within a reasonable timeframe. Note that removing the bot from a guild you administer does not delete your own account; that's a separate request.

9. Children

LedgerBot requires a Discord account. Discord's own minimum age applies (typically 13, higher in some regions). We do not knowingly collect data from children below the Discord-applicable minimum age. If you believe a child's data has been shared with us, contact us and we will delete it.

10. Changes to this policy

We may update this policy as the Service evolves. Material changes will be announced via the web app or the project repository. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact

Privacy questions or deletion requests: reach out via the project's

See also: Terms of Service