Discord identity. Your Discord user ID, username, global name, and avatar hash — received from Discord OAuth when you sign in. Required to identify you across server settings.Server membership. The list of Discord servers you can manage, including your role IDs for the server you are configuring. Used solely to determine whether you may edit a given server’s settings.Per-server configuration. Site enable / disable flags, blacklist entries, delivery preferences, locale, and the administrator role assignments your server owner sets. Tied to the Discord server ID, not to you personally.AI provider credentials (optional). If you choose to supply your own OpenAI / Anthropic / Gemini / OpenRouter API keys for translation features, we store them encrypted at rest (AES-GCM with a server-held master key) and never log raw key material. Removing a key from the dashboard deletes the encrypted row immediately — we have no way to recover it afterwards.Operational telemetry. Anonymous usage counts (e.g. preview deliveries per site per day), bot health metrics, and aggregate error rates. Used to keep the service running; not linked to your account.Billing data (only if you subscribe). When commerce launches, Stripe will handle payment processing. We will receive a customer ID, the plan you chose, and high-level subscription status — never your card number.
Signing in requests the following Discord OAuth scopes. We use each only for the purpose described and we do not request more than this list.
identify — read your basic Discord profile to display who is signed in.guilds — list the servers you belong to so the dashboard can show your manageable servers.guilds.members.read — for the specific server you are viewing, read your role IDs so we can check whether you hold an administrator role designated by the server owner. Not used for any other server.
3. Third-party data processors We rely on the following infrastructure providers to operate the service. They process data on our behalf under their own privacy commitments.
Discord Inc. — identity provider and the platform the bot runs on. Their privacy policy applies to anything you do on Discord itself.Neon (Neon Inc.) — managed PostgreSQL hosting in the United States. All configuration, blacklist, and credential data is stored here.Vercel Inc. — hosts the web dashboard and its serverless functions in the United States and other regions per their edge network.Nube.sh — runs the Discord bot process on a single virtual machine. Receives only what the bot itself processes (preview requests, configuration reads).Stripe Inc. — if and when paid plans launch, Stripe will process payments. We never receive your card number; Stripe gives us only a customer ID and subscription status.Optional AI providers (OpenAI / Anthropic / Google Gemini / OpenRouter). Used only if you configure translation features. Requests carry only the text being translated; the key used is the one you uploaded (or the server’s shared key). If you supply an OpenRouter key, OpenRouter in turn forwards the request to whichever upstream model your route resolves to.
4. Cookies and local storage The dashboard sets two strictly-necessary cookies:
__Host-authjs.session-token — HTTP-only, Secure, SameSite=Lax. Encrypted JWT identifying your authenticated session. Cleared on sign-out.pekoembed-locale — SameSite=Lax, 1-year max-age, not HTTP-only (the language switcher needs to read it for highlight state). Stores your chosen UI language (zh-TW / en / ja); no personal data, no tracking identifier.We do not use third-party analytics cookies, advertising cookies, or cross-site tracking. Local storage is used only for the dashboard’s UI preferences (e.g. theme).
Active configuration is kept for as long as the bot is in your server.After you remove the bot from a server we mark its configuration as removed; rows are purged within 30 days.Your personal account (Discord ID, your uploaded API keys, your preferences) is deleted within 30 days of an account-deletion request.Aggregate, anonymous telemetry may be kept indefinitely; it cannot be tied back to you.Billing records are retained as long as legally required for tax / accounting purposes.
Regardless of where you live, you may exercise the following rights over your personal data:
Access & portability. Request a copy of what we hold about you in a machine-readable format.Rectification. Ask us to correct anything that is wrong. Most fields you can edit yourself from the dashboard.Erasure. Ask us to delete your account and personal data. Server configuration owned by a server you do not control will only be deleted if the server owner also consents (or removes the bot).Withdraw consent. Sign out of the dashboard at any time. The bot continues to honour the server configuration the owner has set independently.Complaint. If you believe we have mishandled your data, you may contact your local data-protection authority.Send rights requests to privacy@pekoembed.dev . We aim to respond within 30 days.
Connections to the dashboard and to Discord are TLS-encrypted. AI provider API keys you upload are encrypted at rest using AES-GCM with a master key held server-side; raw key material never appears in logs and cannot be exported via the dashboard. Session tokens are stored in a host-only, HTTP-only, Secure cookie and are never accessible to client-side JavaScript. We follow least-privilege access for our infrastructure.
8. International data transfers Our database (Neon) and dashboard hosting (Vercel) operate primarily in the United States. By using the service you acknowledge that your data may be processed outside your home country, subject to the safeguards described above.
PekoEmbed follows Discord’s minimum-age requirement of 13 years (or the higher age required by your jurisdiction). We do not knowingly collect data from anyone below that age. If you believe a child has signed in, contact us and we will delete the account.
10. YouTube membership verification (verify.pekobot.is-a.dev) This domain also hosts a companion community service at verify.pekobot.is-a.dev: an optional YouTube channel-membership verification flow for our community Discord server. It lets a Discord member prove they hold a paid membership of a specific YouTube channel in order to receive a members-only Discord role. It is entirely separate from the URL-preview features described above and touches your Google account only if you explicitly start the flow.
What we request. The flow uses Google OAuth with the youtube.force-ssl scope. We use it solely to read your YouTube channel identity (channel ID, name, avatar) and to test whether your account can read comment threads of a members-only video — a yes/no membership check. We never post, comment, rate, or modify anything on your YouTube account.What we store. Your Discord user ID, your YouTube channel identity, the membership verification result, and the OAuth tokens needed for periodic automatic re-verification (roughly daily). Tokens are stored encrypted in the community bot’s own database and are never used for any other purpose, never shown to server staff, and never shared with third parties.Limited Use disclosure. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy , including the Limited Use requirements.YouTube API Services. The verification flow uses YouTube API Services. By using it you also agree to the YouTube Terms of Service ; the Google Privacy Policy applies to Google’s handling of your data.
11. Changes to this policy We may update this policy as the service evolves. Material changes will be announced on the dashboard at least 14 days before they take effect. The “Last updated” date below tells you the current version.