DISCPAY DATA COLLECTION NOTICE
This Data Collection Notice explains, in short form, what data DiscPay collects during Server Owner onboarding and during normal use of DiscPay.
This notice should be read together with the DiscPay Terms of Service and DiscPay Privacy Policy.
DiscPay is operated by DiscPay Ltd, a company registered in England and Wales under company number 17224498, with its registered office at 167-169 Great Portland Street, 5th Floor, London, W1W 5PF, England, trading as DiscPay.
DiscPay can be contacted at:
1. WHAT THIS NOTICE IS
1.1 Purpose of this notice
This notice explains the key data DiscPay collects when a Server Owner onboards a Discord Server and uses DiscPay.
It is intended to give Server Owners a clear summary before they accept DiscPay’s onboarding requirements.
The full details are set out in the DiscPay Privacy Policy.
1.2 Acceptance
During onboarding, the Server Owner may be asked to confirm:
“I have read and understand the DiscPay Data Collection Notice.”
By ticking that checkbox and continuing onboarding, the Server Owner confirms that they understand this notice and accept that DiscPay will collect and process data as described here and in the Privacy Policy.
1.3 Who this notice is for
This notice is mainly for the Server Owner completing DiscPay onboarding.
It also explains, in summary form, that DiscPay may process data relating to Buyers, Operators, Staff, permission holders, support users, and website visitors where they interact with DiscPay.
2. DATA COLLECTED DURING SERVER OWNER ONBOARDING
2.1 Owner onboarding data
When a Server Owner completes or attempts to complete onboarding, DiscPay may collect and process:
(a)Discord user ID;
(b)Discord Server ID;
(c)email address;
(d)country;
(e)Server icon;
(f)Stripe Connected Account reference;
(g)onboarding status;
(h)payment setup status;
(i)Store setup status;
(j)Terms of Service acceptance record;
(k)Privacy Policy acceptance record;
(l)Data Collection Notice acceptance record;
(m)legal capacity confirmation;
(n)timestamps relating to onboarding and acceptance records;
(o)support communications;
(p)security records;
(q)one-way hashed IP-derived security records;
(r)logs and audit records; and
(s)error metadata or internal technical references.
2.2 Legal capacity confirmation
During onboarding, DiscPay may record that the Server Owner confirmed they are legally old enough and have legal capacity to sell products or services in their location.
This is recorded because DiscPay is used for payment-linked Server monetisation workflows.
2.3 Data DiscPay does not collect from Server Owners
DiscPay does not currently store the Server Owner’s:
(a)Discord username;
(b)Discord display name;
(c)legal name;
(d)date of birth;
(e)residential address;
(f)phone number;
(g)bank details;
(h)tax identification number; or
(i)full identity verification documents.
Stripe may collect some of this information directly as part of Stripe onboarding, identity verification, payout setup, tax, fraud-prevention, and compliance checks.
3. DATA COLLECTED DURING SERVER OPERATION
3.1 Server operation data
After onboarding, DiscPay may collect and process data needed to operate the Server’s DiscPay setup.
This may include:
(a)Server ID;
(a1) Server name;
(b)Server icon;
(b1) Discord usernames, display names, avatar references, or icon references where needed for identification, dashboards, logs, tickets, support, or abuse prevention;
(c)Store setup records;
(d)Store status records;
(e)Stripe-related references;
(f)transaction records;
(g)Token Balance records;
(h)Token adjustment records;
(i)reward request records;
(j)fulfilment records;
(k)permission records;
(l)command logs;
(m)support records;
(n)technical logs;
(o)security records; and
(p)error metadata.
3.2 Why this data is collected
DiscPay collects this data to:
(a)operate the Discord bot;
(b)connect the Server to DiscPay;
(c)generate or support Store Pages;
(d)connect payments to the correct Server;
(e)credit Tokens to the correct Buyer;
(f)maintain Token Balances;
(g)support reward requests;
(h)support fulfilment workflows;
(i)apply permissions;
(j)record staff actions;
(k)prevent duplicate credits;
(l)support refunds, disputes, and chargebacks;
(m)detect fraud or abuse;
(n)investigate technical failures;
(o)enforce the Terms of Service; and
(p)protect DiscPay, Buyers, Server Owners, Operators, Staff, Stripe, and Discord.
4. BUYER DATA
4.1 Buyer data DiscPay may collect
When a Buyer authenticates with Discord OAuth, accesses a Store, purchases Tokens, receives Tokens, holds a Token Balance, requests a Reward, receives an invoice, contacts support, or otherwise interacts with DiscPay, DiscPay may collect and process:
(a)Discord user ID;
(a1) Discord username, display name, avatar reference, or icon reference where available and needed for identification, support, receipts, tickets, logs, dashboards, or abuse prevention;
(b)Discord OAuth authentication result or account-linking record;
(c)Discord Server ID connected to the Store or purchase;
(d)transaction ID;
(e)Stripe checkout or transaction reference;
(f)Token purchase records;
(g)Token Balance;
(h)Token adjustment records;
(i)reward request records;
(j)fulfilment ticket records;
(k)support communications;
(l)invoice delivery email address, where supplied;
(m)logs and audit records;
(n)security records;
(o)error metadata; and
(p)technical session or cookie data.
4.2 Buyer invoice emails
Where a Buyer provides an email address for invoice delivery, DiscPay uses that email address to send the invoice or transaction-related communication.
DiscPay may retain a limited record of invoice delivery where needed for transaction history, accounting, support, fraud prevention, dispute handling, chargeback handling, legal compliance, or service integrity.
DiscPay does not currently use Buyer invoice emails for marketing.
4.3 Payment card data
DiscPay does not store full payment card details.
Payments are processed by Stripe or another supported payment processor. Stripe may collect payment, billing, identity, fraud-prevention, and transaction data under its own privacy policy and terms.
5. OPERATOR, STAFF, AND PERMISSION-HOLDER DATA
5.1 Staff and permission data
If the Server Owner grants a user Operator, Staff, or permission-holder access, DiscPay may collect and process data relating to that user.
This may include:
(a)Discord user ID;
(a1) Discord username, display name, avatar reference, or icon reference where available and needed for permissions, logs, support, ticket handling, or security;
(b)Server ID;
(c)permission records;
(d)command usage records;
(e)Token Balance view or adjustment records;
(f)fulfilment action records;
(g)ticket action records;
(h)reward-management actions;
(i)Store or Server configuration actions;
(j)logs and audit records;
(k)support communications;
(l)security records; and
(m)error metadata.
5.2 Owner responsibility for staff
The Server Owner is responsible for deciding who receives DiscPay permissions.
By granting permissions, the Server Owner understands that DiscPay may process records relating to that user’s permissions and actions.
Operators, Staff, and permission holders act under the Server Owner’s authority unless DiscPay expressly states otherwise.
6. LOGS, ERROR METADATA, AND SECURITY RECORDS
6.1 Logs and audit records
DiscPay may create logs and audit records relating to:
(a)onboarding;
(b)email verification;
(c)Discord OAuth login;
(d)Store access;
(e)Checkout activity;
(f)transaction processing;
(g)Token credits;
(h)Token adjustments;
(i)reward requests;
(j)fulfilment actions;
(k)permission usage;
(l)support requests;
(m)imports and recovery tools;
(n)errors;
(o)security events;
(p)suspected fraud;
(q)enforcement actions; and
(r)technical system activity.
6.2 Error metadata
DiscPay may generate error metadata when something fails or behaves unexpectedly.
Error metadata may include generated event IDs, internal references, timestamps, service names, error types, error messages, stack traces, affected internal identifiers, technical context, and other information needed to diagnose and fix issues.
Where possible, DiscPay may use generated internal IDs or hashed/internal references instead of directly exposing raw Discord identifiers in error records.
6.3 Hashed IP-derived security records
DiscPay may process an IP address to create a one-way hash for security, fraud-prevention, abuse-prevention, enforcement, and fee-bypass-prevention purposes.
DiscPay does not store the raw IP address for this specific hash record.
However, the resulting hash may still be treated as personal data where it can be linked to a person, account, device, Server, transaction, or activity.
6.4 Infrastructure IP processing
Although DiscPay does not store raw IP addresses for its own IP-hash abuse-prevention record, raw IP addresses may be processed by infrastructure providers such as Cloudflare, hosting providers, web servers, email providers, or security systems as part of normal technical operation.
7. COOKIES, LOCAL STORAGE, AND OAUTH
7.1 Cookies and local storage
DiscPay may use cookies, local storage, session storage, or similar technologies for essential service purposes.
These may be used for:
(a)login sessions;
(b)Discord OAuth flows;
(c)admin console sessions;
(d)Store sessions;
(e)cart state;
(f)checkout state;
(g)security;
(h)abuse prevention;
(i)maintaining authentication;
(j)preventing duplicate actions; and
(k)operating the service.
7.2 No advertising or tracking cookies at launch
DiscPay does not currently use advertising cookies, tracking pixels, Google Analytics, Meta Pixel, TikTok Pixel, or similar non-essential marketing or analytics tracking technologies.
If DiscPay later introduces non-essential analytics, advertising, marketing, tracking, or similar technologies, DiscPay will update its notices and obtain consent where required.
7.3 Discord OAuth
DiscPay may use Discord OAuth for Store login, Buyer account linking, admin login, owner login, or other supported workflows.
OAuth is used to connect the correct Discord account to the correct DiscPay workflow.
Discord OAuth or Discord API workflows may provide limited account metadata, including Discord user ID, username, display name, avatar reference, and related account-identification data. DiscPay uses this only where required for account linking, checkout, Token crediting, support, tickets, audit logs, or security.
8. WHY DISCPAY COLLECTS DATA
8.1 Main purposes
DiscPay collects and processes data to:
(a)provide the DiscPay service;
(b)complete owner onboarding;
(c)verify contact details;
(d)record legal acceptance events;
(e)connect Discord accounts to DiscPay workflows;
(f)connect Stripe-related payment records to the correct Server;
(g)credit Tokens to the correct Buyer;
(h)maintain Token Balances;
(i)support reward requests and fulfilment workflows;
(j)manage Operator, Staff, and permission-holder access;
(k)provide Store and Checkout workflows;
(l)send invoice emails where requested;
(m)respond to support requests and complaints;
(n)investigate technical failures;
(o)prevent fraud, abuse, duplicate credits, unauthorised access, and fee bypass;
(p)enforce DiscPay’s Terms of Service;
(q)comply with legal, accounting, tax, payment, and regulatory obligations;
(r)preserve evidence where necessary; and
(s)protect DiscPay, Server Owners, Buyers, Operators, Staff, Discord, Stripe, and other third parties.
9. WHO DATA MAY BE SHARED WITH
9.1 Third parties
DiscPay may share personal data where necessary with:
(a)Stripe and payment-related service providers;
(b)Discord;
(c)Cloudflare;
(d)hosting, VPS, infrastructure, domain, DNS, and security providers;
(e)email and SMTP providers, including Microsoft SMTP or another email provider;
(f)backup providers;
(g)Server Owners, Operators, or Staff where necessary for Server-specific workflows;
(h)legal, accounting, tax, or professional advisers;
(i)courts, regulators, law enforcement, public authorities, or other parties where required or permitted by law; and
(j)successor entities, purchasers, acquirers, or reorganised businesses if DiscPay is transferred or restructured.
9.2 No sale of personal data
DiscPay does not sell personal data.
10. HOW LONG DATA MAY BE KEPT
10.1 Retention summary
DiscPay keeps data only for as long as reasonably necessary for the purposes described in the Privacy Policy.
As a summary:
(a)onboarding records may be kept for the life of the account or Server relationship and up to 6 years after;
(b)transaction records may be kept for the life of the account or Server relationship and up to 6 years after;
(c)Token Balance records may be kept as long as needed for balance continuity, payment integrity, dispute handling, fraud prevention, Server reconnection, and enforcement;
(d)hashed IP-derived security records may be kept for up to 24 months, unless longer retention is necessary;
(e)error logs may be kept for up to 12 months, unless longer retention is necessary;
(f)support tickets and complaint records may be kept for up to 24 months, unless longer retention is necessary; and
(g)OAuth, session, cookie, and local storage records may be kept until expiry, logout, deletion, replacement, or the end of the relevant session or service need.
10.2 Earlier deletion
DiscPay may delete, anonymise, minimise, restrict, archive, or aggregate data earlier where it is no longer needed.
10.3 Deletion is not always absolute
DiscPay may not be able to delete all data immediately or completely where retention is necessary for transaction history, accounting, tax, Stripe records, refunds, disputes, chargebacks, fraud prevention, fee-bypass prevention, enforcement evasion prevention, Token Balance integrity, Server reconnection, legal claims, security investigations, compliance with law, or protection of DiscPay’s rights.
11. SERVER OWNER RESPONSIBILITY
11.1 Responsibility for Server use
The Server Owner is responsible for the Server’s use of DiscPay.
This includes responsibility for:
(a)completing onboarding accurately;
(b)keeping contact information up to date;
(c)granting permissions carefully;
(d)supervising Operators and Staff;
(e)understanding that staff actions may be logged;
(f)ensuring Rewards and fulfilment workflows are lawful and appropriate;
(g)ensuring Buyers are not misled;
(h)using DiscPay data only for legitimate Server-related purposes; and
(i)complying with the Terms of Service and Privacy Policy.
11.2 Responsibility for informing authorised users
The Server Owner should ensure that Operators, Staff, and permission holders understand that their Discord user IDs, permissions, command usage, Token adjustments, fulfilment actions, ticket actions, and related logs may be processed by DiscPay.
11.3 No misuse of data
Server Owners, Operators, and Staff must not misuse, disclose, sell, publish, exploit, or access Buyer or user data for unauthorised purposes.
Data made available through DiscPay must be used only for legitimate DiscPay-related and Server-related purposes.
12. WHERE TO FIND FULL DETAILS
12.1 Privacy Policy
This notice is a short summary.
The full details of DiscPay’s personal data processing are set out in the DiscPay Privacy Policy.
12.2 Terms of Service
DiscPay’s Terms of Service explain the rules that apply to use of DiscPay, including rules for Server Owners, Operators, Staff, Buyers, Tokens, Rewards, payments, refunds, disputes, Prohibited Use, enforcement, and service availability.
12.3 Contact
Questions about this notice or DiscPay’s data processing can be sent to:
13. ACCEPTANCE STATEMENT
By ticking the Data Collection Notice checkbox during onboarding, the Server Owner confirms that:
(a)they have read and understand this Data Collection Notice;
(b)they understand that DiscPay will collect and process data as described in this notice and in the Privacy Policy;
(c)they understand that DiscPay may process data relating to the Server Owner, Buyers, Operators, Staff, permission holders, support users, and website visitors where they interact with DiscPay;
(d)they understand that DiscPay may create logs, audit records, security records, error metadata, and hashed IP-derived security records;
(e)they understand that DiscPay may retain certain records where necessary for payment integrity, Token Balance integrity, fraud prevention, legal compliance, dispute handling, chargeback handling, Server reconnection, enforcement, or protection of DiscPay’s rights;
(f)they understand that DiscPay may share data with Stripe, Discord, Cloudflare, hosting providers, email providers, backup providers, advisers, authorities, and authorised Server users where necessary; and
(g)they accept responsibility for granting permissions carefully and ensuring authorised users do not misuse DiscPay data.