Privacy Policy

1. Information we collect

Depending on how you and your server use Shards, we may collect or store:

• Discord account data returned by OAuth, such as Discord user ID, username, global name, avatar hash, OAuth scopes, encrypted access and refresh tokens, token expiration time, and login timestamps.
• Discord guild and membership data, such as guild IDs, guild names, guild icons, owner flags, permission snapshots, bot installation state, role IDs, member IDs, usernames, display names, nicknames, avatars, join timestamps, and dashboard access roles.
• Dashboard configuration and access data, including guild settings, onboarding/setup state, tutorials, dashboard permissions, access policies, feature manifests, command catalogs, presets, backups, bot sync changes, pending and applied dashboard actions, and bot-reported guild state.
• Bot economy and game data, including Shards balances, seeds, reputation, transaction history, collection cooldowns, crate inventory, resources and combined resources, crafted items, cores, biochromes, arsenal weapons, blessings, weapon categories, equipped or default weapons, blessing compatibility and removal state, weapon, blessing, or biochrome listings and trades, drifting merchant catalogs and purchase counts, hired security contracts and stats, titles, banners, roles purchased through Shards, shop limits, active effects, cooldowns, loans, bounties, gambling stats, PvP/game stats, lottery tickets, giveaway entries, chat activity records, reward routing settings, voice reward records, zone data, zone challenge combat state, robbery combat state, skill-tree progress, virus simulator data, Cards Against Humanity stats, Impostor stats, and related timestamps.
• Activity and moderation support data, such as recent message activity timestamps, voice activity day summaries, inactive-member nickname state, auto-mod configuration, AI moderation decisions, warning points, moderation cases, appeal links or appeal metadata, restrictions, restriction history, command usage history, command restrictions, vote-kick settings, moderation/audit records, log-channel configuration, and bot log events.
• Message and interaction content that is necessary for specific features, such as commands, component/button clicks, dashboard messenger text, workflow panel requests, Impostor DM submissions, custom Cards Against Humanity cards, custom presets, custom item/title/core/resource/weapon/category/blessing/biochrome names and descriptions, weapon and blessing stat ranges, drifting merchant entries, auto-mod rule text, AI prompts, and sentience conversation context.
• Notification preferences, including admin DM alert subscription state and dashboard broadcast targeting or delivery metadata.
• Hosted custom bot data submitted by server administrators, including bot user ID, bot username, avatar hash, validation timestamps, updater ID, and encrypted bot token.
• Premium and entitlement metadata returned by Discord or configured by Shards administrators, such as SKU identifiers, entitlement IDs, guild IDs, entitled user IDs, purchase/subscription state, gift or promotional status, tier state, role-sync configuration, sync timestamps, and role-sync outcomes.
• Security, audit, diagnostics, and performance data, including actor IDs, action summaries, details JSON, IP addresses, user agents, rate-limit keys, downloadable dashboard lag logs, client performance logs, error logs, sync health records, and timestamps.

2. Discord messages and DMs

Shards uses Discord message content when needed to run configured features, such as passive economy rewards, resource drops, currency caches, core, weapon, blessing, or biochrome drops, chat activity games, virus simulator triggers, sentience triggers, auto-mod checks, moderation/admin commands, hidden owner maintenance commands, public claim messages, trade or listing flows, and game flows. In many cases the bot processes message content transiently and stores only derived values such as timestamps, counters, balances, cooldowns, stats, inventory changes, moderation points, combat state, or log summaries.

Some features intentionally use message content. For example, Impostor uses Direct Messages for sentence submissions and then reveals accepted submissions in the game channel. AI sentience and AI auto-mod may include recent visible message excerpts, attachment metadata, link context, speaker/channel context, configured moderation rules, and bot state in prompts or moderation requests. Dashboard messenger and workflow tools may send administrator-provided text into Discord channels.

3. How we use information

We use information to authenticate users, keep dashboard sessions working, display servers you can manage, enforce dashboard permissions, save and apply server settings, operate bot commands and games, calculate rewards and cooldowns, maintain inventories and progression, process moderation and reset actions, sync bot and dashboard state, provide premium access, host custom bots, send configured notifications, troubleshoot issues, prevent abuse, preserve audit history, improve reliability, and comply with platform or legal obligations.

4. AI and sentience processing

If a server enables AI sentience, genie, AI moderator chat, or AI-assisted moderation features, Shards may send relevant prompts, recent conversation context, Discord identifiers, display names, channel labels, message excerpts, links, attachment metadata, server configuration, moderation rules, command catalogs, user balances, cooldowns, zone state, inventories, titles, crafted items, cores, biochromes, arsenal weapons, blessings, and other bot facts to the configured AI provider, such as OpenAI or a configured self-hosted Ollama endpoint, so the bot can answer, classify content, or plan authorized actions.

For sentience moderator requests, Shards may include broader server configuration and user value snapshots so authorized moderators can ask for accurate answers or admin actions. Sentience moderator action results may be logged to configured server logs or bot logs.

Users can use the AI opt-out feature where available. AI opt-out causes Shards to omit or hide that member from AI prompt context where the bot supports it. AI opt-out does not erase existing non-AI records and does not disable ordinary server features such as economy, cooldowns, moderation, logs, or dashboard state.

5. Premium purchases and Discord billing

Luxury and Luxury+ purchases, recurring subscriptions, renewals, cancellations, refunds, payment disputes, and payment methods are handled through Discord and its payment providers. Shards may receive limited entitlement and monetization metadata from Discord so the service can determine premium access, restore or revoke access, enforce tier limits, sync premium-linked roles, investigate support issues, prevent abuse, and comply with Discord rules.

Shards does not directly collect or store full payment card numbers, bank account details, or equivalent full payment credentials for Discord-handled premium purchases.

6. When information is shared

We do not sell personal data. Information may be shared only as needed to operate, secure, or support the service, including with:

• Discord, because Shards operates inside Discord, uses Discord OAuth, Discord APIs, Discord guild/member data, Discord messages/interactions, Discord premium entitlements, and Discord billing surfaces.
• AI providers, such as OpenAI or configured self-hosted providers like Ollama, for enabled AI sentience, genie, and AI-assisted moderator features.
• Hosting, database, logging, security, and infrastructure providers that run or protect the bot, dashboard, and related services.
• Authorized server owners, dashboard admins, managers, moderators, or sentience moderators when they view or manage their server's Shards state through Discord, the dashboard, logs, or bot responses.
• Other users when a feature is designed to be public or shared, such as public presets, leaderboards, profile views, game submissions, giveaway results, public core/weapon/blessing/biochrome drops and claim messages, weapon, blessing, or biochrome trades and listings, drifting merchant shop messages, hired security summaries, zone ownership, combat results or spectator notifications, dashboard messages, role grants, titles, or channel logs.

7. Security and storage

The dashboard stores Discord OAuth tokens and hosted custom bot tokens encrypted at rest. The dashboard also uses session controls, CSRF protections, access checks, rate limits, and bot-dashboard shared-secret sync controls.

No online service can guarantee perfect security. Server administrators should assign dashboard permissions carefully, protect Discord accounts with appropriate security controls, avoid sharing bot tokens, and rotate custom bot tokens if they may have been exposed.

8. Retention

We retain information for as long as reasonably needed to operate, secure, audit, troubleshoot, and support the service. Retention varies by record type and feature. Some records are temporary or periodically cleaned, some game state is kept while a feature remains active, and some administrative, premium, audit, security, or support records may be kept longer.

Examples include recent transaction history used for account views, activity timestamps used for inactivity tools, in-memory game submissions that expire with a round, premium records kept for restoration and support, and audit/log records kept for accountability and abuse prevention.

Removing the bot, leaving a server, canceling premium, or deleting a custom bot configuration may stop future processing but may not immediately delete historical records, logs, backups, audit trails, entitlement records, or data needed for security, support, compliance, or dispute handling.

9. Your choices

• You can stop using Shards by leaving servers that use it, not interacting with the bot, or asking server administrators to disable relevant features.
• Server admins can remove the bot, disable modules, update dashboard settings, remove hosted custom bot configuration, change dashboard permissions, and manage server data they control.
• Users can use supported opt-out or opt-in commands for features such as AI context, daily bonus DMs, or achievement DMs where available.
• Discord-handled recurring premium subscriptions must be canceled through Discord's subscription management flow. Removing the bot, leaving a server, or disabling role sync does not by itself guarantee cancellation.
• Privacy or access questions can be sent through the support server listed below.

10. Children's privacy

Shards is not directed to children under the minimum age required to use Discord in their region. Do not use Shards if you are not permitted to use Discord.

11. Policy changes

We may update this Privacy Policy from time to time. When we do, we will update the effective date on this page. Continued use of Shards after an update means the updated policy applies.