Privacy Policy - GuildVault

GuildVault ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and Discord bot services.

1. Information We Collect

1.1 Information from Discord

When you authenticate with Discord, we receive and store:

Discord User ID - Your unique Discord identifier
Username and Display Name - Your Discord username and server nickname
Avatar - Your Discord profile picture URL
Server Membership - Which Discord servers you share with our bot
Roles - Your roles in connected Discord servers

1.2 Information You Provide

When using our services, you may provide:

Guild stockpile data (items, quantities, transactions)
Guild bank records (deposits, withdrawals, balances)
Roster and event information
Crafting requests and contributions
Profile information (character names, professions)

1.3 Automatically Collected Information

IP address (for security and rate limiting)
Browser type and version
Access times and pages viewed
Session cookies for authentication

What We Don't Collect

We do NOT collect or have access to:

Your Discord password
Your private messages
Messages in channels where our bot is not present
Your email address (unless you contact us directly)
Payment information (processed securely by Stripe)

2. How We Use Your Information

We use the collected information to:

Provide and maintain our services
Authenticate your identity via Discord
Display your guild membership and roles
Track guild activities and transactions
Enforce role-based access permissions
Improve our services and user experience
Communicate service updates (if you opt in)
Prevent fraud and abuse

3. Data Storage and Security

Your data is stored securely using industry-standard practices:

All data is encrypted in transit using HTTPS/TLS
Database hosted on Supabase with encryption at rest
Session tokens are cryptographically secure
Regular security audits and updates

We retain your data for as long as your guild uses our services. If you request deletion, we will remove your personal data within 30 days.

4. Data Sharing

We do NOT sell, trade, or rent your personal information to third parties.

We may share data only in these circumstances:

With your guild - Other members can see your contributions and activities based on permission settings
Service providers - Hosting (Vercel), database (Supabase), payments (Stripe) - under strict data processing agreements
Legal requirements - If required by law or to protect our rights

5. Your Rights

You have the right to:

Access - Request a copy of your data
Rectification - Correct inaccurate data
Deletion - Request deletion of your data
Portability - Export your data in a standard format
Withdraw consent - Disconnect your Discord account

To exercise these rights, contact us at privacy@guildvault.xyz or use the /delete-my-data command in Discord.

6. Cookies

We use only essential cookies required for the service to function:

Session cookie - Keeps you logged in (expires on browser close or after 7 days)
CSRF token - Security token during login (temporary)

We do NOT use tracking cookies, analytics cookies, or advertising cookies.

7. Discord Bot Permissions

Our Discord bot requests only the permissions it needs:

Read Messages - To respond to commands
Send Messages - To provide responses and notifications
Manage Roles - For auto-role features (optional)
Read Member List - To display guild members

The bot never reads private messages or messages in channels where it has not been explicitly granted access.

8. Children's Privacy

Our services are not intended for users under 13 years of age (or 16 in some jurisdictions). We do not knowingly collect data from children. If you believe we have collected data from a minor, please contact us immediately.

9. International Data Transfers

Your data may be processed in countries other than your own (including the United States and European Union). We ensure appropriate safeguards are in place for international transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@guildvault.xyz
Discord: Join our support server

GDPR Compliance

For users in the European Economic Area (EEA), we process your data under the following legal bases:

Contract - To provide the services you requested
Legitimate Interest - To improve our services and prevent abuse
Consent - For optional features (which you can withdraw at any time)