Privacy Policy

Data we process

Discord OAuth provides your user ID, display name, avatar, and visible servers. Guild permissions are read so the dashboard only shows servers you can manage.

Storage

OAuth session payloads, including access and refresh tokens, are encrypted with AES-256-GCM before being stored in SQLite. The browser receives only an opaque HttpOnly session cookie. Sessions expire after seven days.

Per-server settings, playlists, queue state, blocklist terms, playback statistics, and an audit of dashboard changes are also stored in SQLite.

How data is used

Data is used only to operate the bot, authorize dashboard access, persist server settings, and display music statistics. This project does not sell personal data.

Deletion and contact

Server administrators can remove playlists and configuration through Discord or this dashboard. For complete deployment-level deletion, contact the operator. Email: randiprawira23@gmail.com.