Privacy Policy

Last updated: April 29, 2026
Effective date: April 29, 2026

Contents

Who we are
What data we collect
Why we collect it
Who we share data with
How long we keep it
Your rights
Security
Children
Changes to this policy
Contact us

1. Who we are

DiscordGenius Live Chat (the "Service") is a website-to-Discord live chat relay operated by DiscordGenius ("we", "us", "our"). This policy explains how we handle personal data for two groups of people:

Customers — Discord server administrators who install our bot and embed our chat widget on their websites.
Visitors — end users who interact with the chat widget on a customer's website.

2. What data we collect

2.1 From Customers (dashboard users)

When you log in via Discord OAuth, we receive and store:

Your Discord user ID, username, display name, and avatar URL.
Your Discord email address (if you granted the email scope).
An identifier linking you to the Discord server (guild) you set up with our bot.

If you subscribe to a paid plan, Stripe (our payment processor) collects and stores your payment details. We only store a Stripe customer ID, subscription status, and billing period — we never see or store your card number.

2.2 From Visitors (people chatting via the widget)

When a visitor interacts with the chat widget on a customer's website, we collect:

The content of messages the visitor sends.
An email address, if the visitor voluntarily enters one to receive offline replies.
A short chat-session identifier (a 5-character code) stored in the visitor's browser localStorage so the chat can resume on page reload.
Technical connection metadata such as IP address, user agent, and the referring domain, which are handled by our hosting provider for security and abuse prevention.

We do not use cookies for tracking, analytics, or advertising on visitor websites. The widget uses localStorage only to preserve the chat session.

2.3 Data we do NOT collect

We do not run third-party advertising trackers.
We do not sell personal data to anyone, for any purpose.
We do not attempt to fingerprint visitors across websites.

3. Why we collect it

Data	Purpose	Legal basis (GDPR)
Discord profile data	Authenticate you into the dashboard and link you to your Discord server	Contract (Art. 6(1)(b))
Billing / Stripe data	Process subscription payments	Contract (Art. 6(1)(b))
Visitor chat messages	Relay the conversation to the operator's Discord server	Legitimate interest of our customer (Art. 6(1)(f))
Visitor email (optional)	Send an email notification when the operator replies after the visitor closes the page	Consent (Art. 6(1)(a))
IP / technical metadata	Rate limiting, abuse prevention, security logging	Legitimate interest (Art. 6(1)(f))

We use the following sub-processors to deliver the Service. Each has its own privacy policy.

Sub-processor	Purpose	Data shared
Discord Inc.	OAuth login, message relay via our bot	Discord profile data, chat messages
MongoDB Atlas	Database hosting	All stored data
Stripe, Inc.	Payment processing for paid subscriptions	Customer email, billing details
Resend	Sending offline reply notifications	Visitor email, message content

We do not share your data with any other third parties, except when required by law (e.g., a valid court order) or to protect the rights, property, or safety of users and the public.

5. How long we keep it

Customer account data — kept while your account is active. Deleted within 30 days of account closure.
Chat history (Premium plan) — kept while the associated tenant is active. Deleted when the chat session ends (free tier) or when the tenant is deleted (Premium tier).
Billing records — retained for up to 7 years as required by tax law, via Stripe.
Security logs (IP, user agent) — typically retained for 30 days.

6. Your rights

Depending on where you live, you may have the following rights:

Access — request a copy of the personal data we hold about you.
Rectification — ask us to correct inaccurate data.
Erasure ("right to be forgotten") — ask us to delete your data.
Portability — receive your data in a machine-readable format. Premium customers can export chat history directly from the dashboard.
Objection — object to processing based on legitimate interest.
Withdraw consent — for processing based on consent (e.g., visitor email notifications), you may withdraw consent at any time.
Lodge a complaint — with your local data protection authority. In the EU, find yours at edpb.europa.eu.

For California residents: under the CCPA/CPRA, you also have the right to know what personal information is collected and to opt out of its "sale" — we do not sell personal information.

To exercise any of these rights, email us at the address in section 10.

7. Security

We protect your data with industry-standard measures including:

TLS encryption for all data in transit.
Encryption at rest for our MongoDB Atlas database.
Signed webhook verification for payment events.
Rate limiting and abuse detection on all public endpoints.
Per-tenant API tokens and optional domain allow-listing to prevent unauthorized embedding of the widget.

No service is 100% secure. If you believe your account has been compromised, contact us immediately.

8. Children

The Service is not directed at children under 13 (or 16 in some EU jurisdictions). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

9. Changes to this policy

We may update this policy from time to time. Material changes will be announced on the dashboard or via email at least 14 days before they take effect. The "last updated" date at the top will always reflect the current version.

10. Contact us

Questions, data requests, or complaints:

Email: privacy@discordgenius.com
General support: support@discordgenius.com

We aim to respond to all privacy requests within 30 days.