Privacy Policy

Last updated: April 16, 2026  ·  Effective date: April 16, 2026

---

This Privacy Policy describes how WildCord ("we", "us", "operator") collects, uses, stores, and protects the personal data of users of the WildCord Management Panel (the "Panel" or "Service"). Data processing is carried out in accordance with:

• Regulation (EU) 2016/679 (GDPR),
• Act of 10 May 2018 on the Protection of Personal Data,
• Discord's Developer Policy and Developer Terms of Service (including Section 5 - User Privacy and Security).

1. Data Controller

The controller of personal data processed in connection with the use of the Panel is the operator of the WildCord service. Privacy inquiries: [email protected].

2. Data We Collect

We collect only data necessary to provide the Service. We do not collect Discord message content or any sensitive data within the meaning of Article 9 GDPR.

2.1 Data obtained via Discord OAuth2

When logging in via Discord using the OAuth2 mechanism, we obtain the following data (scopes identify and guilds only):

• Discord User ID - unique account identifier,
• Username (username and globalname),
• Avatar URL - profile image address,
• Server (guild) list - Discord server IDs and names the user belongs to, including permission flags.

We do not request access to message content, friends, email, or any other data beyond the above scope.

2.2 Configuration data

When using the Panel, we store bot configuration changes made by the user: enabled/disabled modules and commands, parameter settings, and activity logs (user ID, username, server ID, type of change, timestamp).

2.3 Session data

We use HTTP sessions (session cookie) to maintain the logged-in state. The session is stored on the server and automatically expires after 7 days or upon logout.

2.4 Data fetched from external social media platforms

If a Discord server administrator enables the social notifications module, the WildCord bot fetches only public content from external platforms to send notifications to selected Discord channels. Only data necessary to display the notification (title, URL, thumbnail, account/channel name) is fetched. This data is processed temporarily and is not profiled or stored as personal data of Panel users.

The Service integrates with the following platforms:

• Discord - The Discord API is used to send messages and manage bots on servers. Discord server, channel, and user data is processed in accordance with the Discord Privacy Policy and Discord Developer Policy.
• Google / YouTube - The Service uses YouTube API Services to monitor public YouTube channels and videos. Use of YouTube API is subject to the YouTube API Services Terms of Service and the Google Privacy Policy. Users can manage or revoke Google access at Google Account security settings.
• Facebook / Instagram (Meta Platforms) - The Service may fetch public posts and content from Facebook Pages and Instagram accounts via the Meta Graph API solely for notification purposes. Data collection is carried out in accordance with the Meta for Developers Platform Terms and Meta Privacy Policy.
• TikTok - The Service may fetch public videos and posts from TikTok accounts via TikTok API solely for notification purposes. This data is subject to the TikTok API Terms and TikTok Privacy Policy.

We fetch only public content - available without authentication or via official API keys registered by the operator. We do not access private accounts, history, friends, or any other personal data of users of these platforms.

3. Purpose and Legal Basis for Processing

• Performance of a contract (Article 6(1)(b) GDPR) - user authentication, verification of server administrator permissions, display of bot configuration, saving changes.
• Legitimate interest (Article 6(1)(f) GDPR) - maintaining activity logs (audit log) for security purposes, abuse detection, and dispute resolution.
• Legal obligation (Article 6(1)(c) GDPR) - retention of data for the period required by law, where applicable.

Data obtained via the Discord, Google/YouTube, Meta, and TikTok APIs is used exclusively for the purposes specified above - that is, to provide and improve the Service's functionality. We do not use or transfer such data for profiling, targeted or personalized advertising, selling to data brokers, providing to information resellers, determining creditworthiness, lending purposes, building user databases, training AI or machine-learning models, or any other purpose not directly related to the operation of the Panel.

4. How Long We Retain Data

• Account data (User ID, username, avatar) - for the duration of active Panel use. Deleted promptly upon user request or when no longer needed to provide the Service.
• Server configuration data - for as long as the WildCord bot is active on the given Discord server. Deleted upon request or after the bot is removed from the server.
• Activity logs (audit log) - for a maximum of 90 days, unless applicable law requires longer retention.
• Session data - up to 7 days or until logout.
• YouTube API data (title, URL, thumbnail, channel name) - processed in real time for notification delivery only; not stored beyond the duration of the notification dispatch operation.

5. Sharing Data with Third Parties

We do not sell, license, or share personal data with data brokers, advertising networks, or any third parties for commercial purposes.

Data may be shared solely with:

• Discord Inc. - to the extent required by OAuth2 (Discord login) and the bot operating on servers, in accordance with the Discord Privacy Policy,
• Google LLC - to the extent of using YouTube API Services by the social notification module, in accordance with the Google Privacy Policy,
• Meta Platforms Inc. - to the extent of fetching public content from Facebook / Instagram via Meta Graph API by the notification module, in accordance with the Meta Privacy Policy,
• TikTok Inc. - to the extent of fetching public TikTok content via TikTok API by the notification module, in accordance with the TikTok Privacy Policy,
• Hosting infrastructure providers - as data processors acting on our instructions, solely to the extent necessary to provide the Service,
• Upon request of a competent authority - where required by applicable law.

In all of the above cases, the transfer of data is based on a legal basis and limited to the minimum scope necessary to achieve the purpose.

6. Data Security

We apply commercially reasonable technical and organizational data protection measures, including:

• encryption of data in transit (TLS/HTTPS),
• encryption of data at rest where possible,
• restricted data access - authorized personnel only,
• access monitoring and audit logs,
• regular application security reviews.

In the event of unauthorized access to data, we will promptly notify Discord and affected users to the extent required by applicable law.

7. Your Rights (GDPR)

As a data subject, you have the following rights:

• Right of access (Article 15 GDPR) - you may request information about what data we process,
• Right to rectification (Article 16 GDPR) - you may request correction of inaccurate data,
• Right to erasure (Article 17 GDPR) - "right to be forgotten" - you may request deletion of your data,
• Right to restriction of processing (Article 18 GDPR),
• Right to data portability (Article 20 GDPR),
• Right to object (Article 21 GDPR) - to processing based on legitimate interest,
• s7_complaint

To exercise any of the above rights, contact us at: [email protected]. We will respond within 30 days of receiving the request.

8. Data Deletion Procedure

You may request deletion of all your personal data at any time by sending an email to [email protected] with the subject "Data Deletion Request" and your associated Discord User ID. We will delete your data promptly, no later than within 30 days, subject to data whose retention is required by applicable law.

You may also revoke OAuth2 access for the WildCord application directly in your Discord account settings (Settings → Authorized Apps → WildCord → Deauthorize).

9. Children's Data

The Service is not directed to persons under the age of 13 (or the minimum age required by the law of the relevant country, if higher). We do not knowingly collect data from such persons. If you believe we have inadvertently collected data from a child below the required age, contact us immediately at [email protected] - we will delete such data without undue delay.

10. Cookies and Sessions

We use only necessary session cookies (PHPSESSID or equivalent) to maintain the logged-in state. We do not use tracking, advertising, or third-party analytics cookies. The session cookie is deleted after the session expires or upon logout.

11. International Data Transfers

Data may be processed outside the European Economic Area (EEA) solely by Discord Inc. (USA) under appropriate GDPR-compliant data transfer mechanisms (Standard Contractual Clauses - SCC). Details can be found in the Discord Privacy Policy.

12. Changes to This Privacy Policy

We may update this Policy when our practices or legal requirements change. We will notify you of material changes by updating the "Last updated" date at the top of this page. We recommend reviewing this document regularly.

13. Contact

All inquiries, data requests, and privacy violation reports should be directed to: [email protected].
We will respond within a maximum of 30 days of receiving the message.