This Privacy Policy explains how DiscPay Ltd collects, uses, stores, shares, and protects personal data when you access or use DiscPay.
DiscPay is operated by DiscPay Ltd, a company registered in England and Wales under company number 17224498, with its registered office at 167-169 Great Portland Street, 5th Floor, London, W1W 5PF, England, trading as DiscPay.
DiscPay does not sell personal data.
DiscPay can be contacted at:
1. INTRODUCTION
1.1 Purpose of this Privacy Policy
This Privacy Policy explains how DiscPay handles personal data in connection with the DiscPay website, Discord bot, generated store pages, owner onboarding, Discord OAuth login, token systems, payment-linked workflows, reward catalogue tools, support systems, operator and staff permissions, transaction records, logs, security systems, and related services.
DiscPay is designed to provide technical infrastructure for Discord server monetisation workflows. This means DiscPay may process personal data relating to Server Owners, Operators, Staff, Buyers, support users, website visitors, and other users who interact with DiscPay.
This Privacy Policy is intended to explain, in clear terms:
(a) what personal data DiscPay collects;
(b) why DiscPay collects it;
(c) how DiscPay uses it;
(d) who DiscPay may share it with;
(e) how long DiscPay may keep it;
(f) what rights users may have; and
(g) how users can contact DiscPay about privacy matters.
1.2 Relationship with the Terms of Service
This Privacy Policy should be read together with DiscPay’s Terms of Service and any applicable Data Collection Notice, Cookie Notice, Refund and Chargeback Policy, Prohibited Use Policy, onboarding notice, checkout notice, or other policy published by DiscPay.
The Terms of Service explain the rules that apply to use of DiscPay. This Privacy Policy explains how DiscPay handles personal data.
If a word is capitalised in this Privacy Policy and is not separately defined here, it may have the meaning given to it in the DiscPay Terms of Service.
1.3 DiscPay’s role
DiscPay provides technical infrastructure that allows Discord server owners to configure payment-linked token balances, generated store pages, reward catalogues, operator permissions, fulfilment workflows, transaction records, support tools, and related systems for use with Discord communities.
DiscPay is not Discord and is not Stripe.
Discord is a third-party platform. Stripe is a third-party payment processor. DiscPay may process data connected to Discord and Stripe workflows, but those third parties may also process personal data under their own privacy policies and terms.
1.4 Personal data
“Personal data” means information relating to an identified or identifiable person.
This may include direct identifiers, such as an email address or Discord user ID, and indirect identifiers, such as transaction records, security logs, OAuth/session data, support records, or technical records that can be linked to a person or account.
Some data processed by DiscPay may not identify a person by name, but may still be personal data where it can be linked to a Discord account, Server Owner, Buyer, Operator, Staff member, transaction, or other user.
2. WHO WE ARE
2.1 Controller
For the purposes of UK data protection law, DiscPay Ltd is the controller of personal data that DiscPay collects and determines how to use.
This means DiscPay is responsible for deciding why and how certain personal data is processed when operating the DiscPay service.
DiscPay Ltd is registered in England and Wales under company number 17224498, with its registered office at 167-169 Great Portland Street, 5th Floor, London, W1W 5PF, England.
2.2 Contact
If you have questions about this Privacy Policy, your personal data, or your privacy rights, you can contact DiscPay at:
Please include enough information to help DiscPay identify the relevant account, Discord Server, transaction, support request, or issue.
2.3 Data protection contact
DiscPay has not appointed a formal Data Protection Officer unless this Privacy Policy is later updated to state otherwise.
Privacy requests should be sent to:
2.4 Registered office
DiscPay’s registered office is:
167-169 Great Portland Street, 5th Floor, London, W1W 5PF, England
This address is used for company registration and legal correspondence. General privacy questions should be sent by email unless DiscPay provides another privacy contact method.
3. SCOPE OF THIS PRIVACY POLICY
3.1 Services covered
This Privacy Policy applies to personal data processed through or in connection with DiscPay, including:
(a) the DiscPay website;
(b) DiscPay-generated or DiscPay-supported store pages;
(c) the DiscPay Discord bot;
(d) owner onboarding;
(e) Discord OAuth login;
(f) admin or owner login;
(g) buyer login or account linking;
(h) token purchases;
(i) token balances;
(j) reward requests;
(k) reward catalogue tools;
(l) operator and staff permissions;
(m) transaction records;
(n) Stripe-related references received by DiscPay;
(o) support tickets and support communications;
(p) logs and audit records;
(q) security and fraud-prevention systems;
(r) error metadata; and
(s) related technical, operational, or support systems.
3.2 Third-party services
DiscPay relies on third-party services, including Discord, Stripe, Cloudflare, hosting providers, email providers, domain/DNS providers, and other technical services.
Those third parties may collect and process personal data under their own privacy policies and terms.
This Privacy Policy explains DiscPay’s processing of personal data. It does not replace the privacy policies of Discord, Stripe, Cloudflare, Microsoft, hosting providers, payment-method providers, banks, or other third parties.
Users should review the privacy policies of relevant third parties where appropriate.
3.3 Stripe and payment data
DiscPay uses Stripe to support payment processing.
DiscPay does not store full payment card details and does not directly process card payments.
Stripe may collect and process payment details, identity information, billing information, tax information, verification information, fraud-prevention signals, and other payment-related data under Stripe’s own terms and privacy policy.
DiscPay may receive and store limited Stripe-related references or transaction records, such as transaction IDs, checkout references, Stripe connected account references, payment status information, or other metadata required to operate DiscPay, credit Tokens, reconcile transactions, prevent duplicate credits, support refunds or disputes, and maintain records.
3.4 Discord data
DiscPay uses Discord-related data to provide the service.
This may include Discord user IDs, Discord usernames, Discord display names, avatar or icon references, Discord Server IDs, Discord OAuth authentication results, server names, server icons, server-related records, permission records, command logs, and other data needed to connect DiscPay workflows to Discord accounts and Discord Servers.
DiscPay does not control Discord’s own processing of personal data. Discord may process personal data under its own privacy policy and platform rules.
4. USERS COVERED BY THIS PRIVACY POLICY
4.1 Server Owners
This Privacy Policy applies to Server Owners who complete, attempt to complete, or manage DiscPay onboarding for a Discord Server.
DiscPay may process Server Owner data to verify onboarding, record acceptance of terms, connect payment workflows, maintain server configuration, support Stripe-related workflows, prevent abuse, maintain records, and enforce DiscPay’s Terms of Service.
4.2 Operators and Staff
This Privacy Policy applies to Operators, Staff, direct permission holders, moderators, administrators, fulfilment personnel, or other users who are granted permissions or perform actions through DiscPay.
DiscPay may process their data to manage permissions, record command usage, record balance adjustments, record fulfilment actions, investigate misuse, support server operations, and maintain audit records.
At present, permissions are granted by the Server Owner. DiscPay may later support additional roles, permission types, or permission workflows. If DiscPay expands permission functionality, DiscPay may process additional permission-related records where necessary to operate and secure those features.
4.3 Buyers
This Privacy Policy applies to Buyers who authenticate with Discord OAuth, access a Store, purchase Tokens, receive Tokens, hold a Token Balance, request Rewards, redeem Tokens, use support routes, or otherwise interact with DiscPay as a buyer or server member.
DiscPay may process Buyer data to authenticate the Buyer, link purchases to the correct Discord account, credit Tokens, maintain Token Balances, support Reward requests, provide invoice delivery where requested, prevent fraud, handle disputes, and maintain transaction records.
4.4 Ordinary server members
DiscPay does not intend to collect personal data about ordinary Discord server members merely because they are members of a Discord Server where DiscPay is installed.
However, a server member may become covered by this Privacy Policy if they interact with DiscPay, authenticate through Discord OAuth, purchase Tokens, receive Tokens, request Rewards, are granted permissions, appear in DiscPay logs, contact support, or otherwise become part of a DiscPay workflow.
4.5 Website visitors
This Privacy Policy applies to visitors to DiscPay websites, store pages, login pages, support pages, legal pages, or related web interfaces.
DiscPay and its service providers may process technical data about website visitors, such as request metadata, session information, cookies or local storage, security signals, device/browser information, and Cloudflare-related traffic/security data.
4.6 Support users
This Privacy Policy applies to anyone who contacts DiscPay for support, complaints, privacy requests, transaction issues, onboarding issues, payment-linked issues, technical failures, abuse reports, or other enquiries.
DiscPay may process support communications, identifiers, screenshots, transaction references, Discord IDs, server details, email addresses, notes, and related records in order to respond to support requests and protect the service.
5. RELATIONSHIP WITH DISCPAY’S TERMS AND DATA COLLECTION NOTICE
5.1 Terms of Service
DiscPay’s Terms of Service explain the rules that apply when using DiscPay, including rules for Server Owners, Operators, Staff, Buyers, Tokens, Rewards, payments, refunds, disputes, Prohibited Use, enforcement, and service availability.
This Privacy Policy does not replace those Terms. It explains how personal data is handled in connection with those rules and workflows.
5.2 Data Collection Notice
DiscPay may provide a Data Collection Notice or data collection summary during onboarding or other workflows.
A Data Collection Notice may summarise key data collection points for Server Owners or users before they proceed.
If there is a conflict between this Privacy Policy and a shorter Data Collection Notice, this Privacy Policy will apply unless the Data Collection Notice expressly states otherwise.
5.3 Checkout and OAuth notices
DiscPay may provide shorter notices during Checkout, Discord OAuth login, Store access, or account-linking flows.
Those notices may explain what data is needed for that specific action, such as linking a Discord user ID to a purchase, crediting Tokens, sending an invoice, maintaining a session, or preventing fraud.
Those notices should be read together with this Privacy Policy.
6. SPECIAL CATEGORY DATA AND DATA USERS SHOULD NOT PROVIDE
6.1 No intentional collection of special category data
DiscPay does not intentionally request or require special category data.
Special category data may include information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data used for identification, health data, sex life, or sexual orientation.
Users should not provide special category data to DiscPay unless DiscPay specifically requests it and explains why it is needed.
6.2 Criminal offence data
DiscPay does not intentionally request criminal offence data from users.
Users should not provide criminal offence data to DiscPay unless it is necessary for a specific support, legal, fraud, abuse, or safety report.
Where users submit information about fraud, abuse, illegal activity, chargebacks, scams, hacking, harassment, or other harmful conduct, DiscPay may process that information as necessary to investigate the report, enforce its Terms, protect users, prevent fraud, comply with law, or protect the service.
6.3 Sensitive information in support messages
Users should avoid sending unnecessary sensitive information through support tickets, emails, forms, Discord messages, or other communication channels.
Users should not send passwords, full payment card details, private keys, government identity documents, medical information, unnecessary personal documents, or other highly sensitive information unless DiscPay specifically requests it through an appropriate process.
If a user sends unnecessary sensitive information, DiscPay may delete, restrict, redact, or retain it only where necessary for security, legal, fraud-prevention, or support reasons.
6.4 Server content and user-submitted material
DiscPay may process information contained in support requests, Reward requests, reports, Store content, Server metadata, tickets, logs, or other user-submitted material.
Users are responsible for ensuring that they do not submit personal data about others unless they have a lawful and appropriate reason to do so.
Server Owners, Operators, and Staff must not use DiscPay to collect, expose, misuse, or share personal data about Buyers or server members in a way that violates the Terms of Service, this Privacy Policy, applicable law, Discord’s rules, or Stripe’s rules.
7. PERSONAL DATA WE COLLECT
7.1 Overview
DiscPay collects and processes only the personal data and technical data that is needed to operate, secure, support, monitor, improve, and enforce the DiscPay service.
The exact data collected depends on how a user interacts with DiscPay.
For example, a Server Owner completing onboarding will provide different data from a Buyer purchasing Tokens, and an Operator using permission-based tools will generate different records from a website visitor viewing a public legal page.
7.2 Categories of data
DiscPay may collect and process the following categories of data:
(a) account and identity data;
(b) Discord-related identifiers;
(c) Server-related data;
(d) onboarding data;
(e) Stripe-related references;
(f) transaction data;
(g) Token Balance data;
(h) Reward and fulfilment data;
(i) permission and operator data;
(j) support and complaint data;
(k) invoice delivery data;
(l) OAuth and session data;
(m) cookie and local storage data;
(n) security and fraud-prevention data;
(o) logs and audit records;
(p) error metadata; and
(q) technical usage data.
7.3 Data not normally collected by DiscPay
DiscPay does not normally collect or store:
DiscPay may collect or cache limited Discord profile metadata, such as usernames, display names, avatar references, and icon references, where those details are provided by Discord APIs or are needed for identification, dashboards, receipts, logs, support, ticket handling, fraud prevention, or user-facing clarity.
(a) full payment card numbers;
(b) card security codes;
(c) bank account details;
(d) Buyer billing addresses;
(e) Buyer payment card last-four digits, unless this is later introduced and disclosed;
(f) Buyer payment method type, unless this is later introduced and disclosed;
(g) Server Owner legal names, unless this is later introduced and disclosed;
(h) Server Owner dates of birth;
(i) Server Owner home addresses, except where provided as part of DiscPay Ltd’s own company registration or legal correspondence;
(j) Server Owner phone numbers;
(k) Server Owner bank details;
(l) Server Owner tax identification numbers;
(o) raw IP addresses for DiscPay’s own abuse-prevention hash records, subject to section 12.
Some of this information may be collected directly by Stripe, Discord, Cloudflare, Microsoft, hosting providers, payment providers, banks, or other third-party services under their own privacy policies.
7.4 Data from third parties
DiscPay may receive limited data or references from third parties where necessary to operate the service.
This may include data from:
(a) Discord, such as OAuth authentication results, Discord user IDs, Server IDs, Server icons, and technical information needed to operate the bot or OAuth workflows;
(b) Stripe, such as connected account references, transaction identifiers, checkout references, payment status information, refund or dispute-related references, and related metadata;
(c) Cloudflare, such as security, routing, traffic, request, or abuse-prevention data;
(d) hosting, email, domain, DNS, or infrastructure providers, such as technical delivery, server, request, or service-operation data; and
(e) users themselves, such as support messages, reports, complaints, screenshots, transaction references, or other information submitted to DiscPay.
8. SERVER OWNER DATA
8.1 Data collected from Server Owners
When a Server Owner completes or attempts onboarding, configures DiscPay, connects payment workflows, manages a Server, or contacts support, DiscPay may collect and process:
(a) Discord user ID;
(b) Discord Server ID;
(c) email address;
(d) country;
(e) Server icon;
(f) Stripe Connected Account reference;
(g) onboarding status;
(h) Terms of Service acceptance record;
(i) Privacy Policy acceptance record;
(j) Data Collection Notice acceptance record;
(k) legal capacity confirmation, including confirmation that the Server Owner is legally old enough and has legal capacity to sell products or services in their location;
(l) timestamps relating to onboarding or acceptance records;
(m) payment setup status;
(n) Store setup status;
(o) Server configuration records;
(p) support communications;
(q) security records;
(r) one-way hashed IP-derived security records;
(s) logs and audit records; and
(t) error metadata or internal technical references linked to generated internal IDs.
8.2 Data not collected from Server Owners by DiscPay
DiscPay does not currently store the Server Owner’s:
(a) Discord username;
(b) Discord display name;
(c) legal name;
(d) date of birth;
(e) residential address;
(f) phone number;
(g) bank details;
(h) tax identification number; or
(i) full identity verification documents.
Stripe may collect some of this information directly from the Server Owner as part of Stripe onboarding, verification, tax, payout, fraud-prevention, or compliance processes.
DiscPay may receive limited Stripe references or status information, but DiscPay does not intend to store full Stripe identity-verification information.
8.3 Why Server Owner data is collected
DiscPay processes Server Owner data to:
(a) confirm who is responsible for a Server’s use of DiscPay;
(b) complete owner-only onboarding;
(c) record acceptance of legal documents;
(d) verify contact details;
(e) connect payment-linked workflows;
(f) link a Stripe Connected Account to the relevant Server;
(g) generate or manage Store Pages;
(h) maintain Server configuration;
(i) prevent unauthorised monetisation;
(j) prevent fraud or abuse;
(k) enforce the Terms of Service;
(l) handle support requests;
(m) preserve transaction and Token integrity;
(n) manage suspension, ownership changes, or re-onboarding; and
(o) comply with legal, accounting, security, or operational requirements.
8.4 Owner email address
DiscPay uses the Server Owner’s email address for onboarding verification, legal notices, support, security alerts, payment-related notices, enforcement notices, and important service communications.
The Server Owner is responsible for keeping their email address accurate and accessible.
If a Server Owner loses access to their email address or provides an incorrect email address, DiscPay may be unable to provide support, send notices, verify ownership, or restore access.
8.5 Server icon and Server metadata
DiscPay may process Server metadata, including the Server ID and Server icon, to identify the relevant Server, generate Store Pages, support Discord workflows, display Server-specific information, prevent mistaken purchases, maintain records, and support Server-specific Token systems.
DiscPay may process limited Discord profile metadata linked to Server Owners, Operators, Staff, or Buyers, including usernames, display names, avatar references, and icon references, where needed to identify the correct Discord account, show clear dashboard records, support tickets, maintain logs, investigate issues, prevent abuse, or operate Discord-integrated workflows.
If DiscPay later adds features that collect additional Server metadata, this Privacy Policy may be updated.
8.6 Legal capacity confirmation
During onboarding, DiscPay may record that a Server Owner confirmed they are legally old enough and have legal capacity to sell products or services in their location.
This record is used to support compliance, reduce unauthorised use, protect payment workflows, and evidence that the Server Owner accepted responsibility for commercial use of DiscPay.
DiscPay does not use this confirmation as a substitute for legal advice, tax advice, payment-processor verification, or Stripe’s own requirements.
9. BUYER DATA
9.1 Data collected from Buyers
When a Buyer authenticates with Discord OAuth, accesses a Store, purchases Tokens, receives Tokens, holds a Token Balance, requests a Reward, redeems Tokens, receives an invoice, contacts support, or otherwise interacts with DiscPay, DiscPay may collect and process:
(a) Discord user ID;
(a1) Discord username, display name, avatar reference, or icon reference where available from Discord and needed for identification, support, receipts, dashboards, tickets, logs, or fraud prevention;
(b) OAuth authentication result or account-linking record;
(c) Discord Server ID connected to the relevant Store or purchase;
(d) transaction ID;
(e) Stripe checkout or transaction reference;
(f) Token purchase records;
(g) Token Balance;
(h) Token adjustment records;
(i) Reward request records;
(j) fulfilment ticket records;
(k) support communications;
(l) invoice delivery email address, where supplied;
(m) logs and audit records;
(n) security records;
(o) error metadata; and
(p) technical session or cookie data.
9.2 Buyer Discord OAuth
Buyers may be required to authenticate using Discord OAuth before making purchases, viewing balances, accessing Store features, requesting Rewards, or using other DiscPay workflows.
DiscPay uses Discord OAuth to connect a Buyer’s activity to the correct Discord user ID and, where relevant, the correct Server.
OAuth helps DiscPay prevent mistaken purchases, reduce fraud, support Token Balance accuracy, support Reward fulfilment, and ensure that Tokens are credited to the correct Discord account.
DiscPay does not control Discord’s own OAuth systems or Discord’s own processing of personal data.
Depending on the OAuth scope, bot workflow, or Discord API response used by DiscPay, Discord may provide limited account metadata such as user ID, username, display name, avatar reference, and related account-identification data.
9.3 Buyer email for invoices
A Buyer may provide an email address for invoice delivery or transaction-related communications.
Where a Buyer provides an email address for invoice delivery, DiscPay uses that email address to send the invoice and may retain a limited record where necessary for transaction history, accounting, fraud prevention, support, dispute handling, chargeback handling, legal compliance, or service integrity.
DiscPay does not currently use Buyer invoice email addresses for marketing unless the Buyer separately consents or DiscPay later updates its practices and provides appropriate notice.
9.4 Buyer country and billing data
DiscPay does not currently intend to store Buyer country, Buyer billing address, full payment card details, partial card details, payment card last-four digits, payment method type, or Stripe Customer ID.
Stripe or other payment providers may collect and process such information directly where required for payment processing, fraud prevention, tax, compliance, or payment-method rules.
DiscPay may receive limited transaction references or payment status information from Stripe, but does not intend to store full payment details.
9.5 Token Balance and purchase history
DiscPay records Buyer Token Balances and purchase history so that Tokens can be credited, viewed, adjusted, redeemed, corrected, reviewed, or preserved for the relevant Server.
Token Balance records may be used to:
(a) show the Buyer their balance;
(b) allow the Buyer to request or redeem Rewards;
(c) help Server Owners and authorised Staff manage fulfilment;
(d) prevent duplicate credits;
(e) support refund or chargeback handling;
(f) correct errors;
(g) investigate fraud or abuse;
(h) preserve balance continuity if a Server reconnects; and
(i) enforce DiscPay’s Terms of Service.
9.6 Reward request and fulfilment data
If a Buyer requests or redeems a Reward, DiscPay may process information connected to that request.
This may include the Buyer’s Discord user ID, the relevant Server ID, Token amount, Reward selected, ticket records, Staff actions, fulfilment status, timestamps, notes, logs, and related metadata.
Reward request and fulfilment data may be visible to the relevant Server Owner, authorised Operators, authorised Staff, DiscPay Admins, or support personnel where necessary to operate the service.
9.7 Buyer support data
If a Buyer contacts DiscPay or uses a support route, DiscPay may process the information provided in that support request.
This may include email address, Discord user ID, Server details, transaction references, screenshots, messages, timestamps, issue descriptions, fulfilment information, Token Balance information, and other information needed to investigate or respond.
Buyers should not provide unnecessary sensitive information in support messages.
10. OPERATOR, STAFF, AND PERMISSION-HOLDER DATA
10.1 Data collected from Operators and Staff
When a user is granted Operator, Staff, or permission-holder access, or uses DiscPay operational features, DiscPay may collect and process:
(a) Discord user ID;
(a1) Discord username, display name, avatar reference, or icon reference where available from Discord and needed for identification, permission management, logs, support, ticket handling, or abuse prevention;
(b) Server ID;
(c) permission records;
(d) command usage records;
(e) Token Balance view or adjustment records;
(f) fulfilment action records;
(g) ticket action records;
(h) reward-management actions;
(i) Store or Server configuration actions;
(j) logs and audit records;
(k) support communications;
(l) security records; and
(m) error metadata.
10.2 Permission records
DiscPay may process permission records to determine what actions an Operator, Staff member, or permission holder may perform.
At present, permissions are granted by the Server Owner.
DiscPay does not currently store every possible permission-grant audit detail, such as who granted a permission or the exact permission-grant timestamp, unless such information is collected through existing logs or later features.
DiscPay may add more roles, permission types, permission timestamps, grant records, removal records, or audit features in the future. If this happens, DiscPay may process those records to operate and secure the permission system.
10.3 Operational logs
DiscPay may log actions taken by Operators, Staff, and permission holders.
This may include command usage, Token additions, Token removals, Token adjustments, Reward fulfilment actions, ticket actions, support actions, Store-related actions, and other operational activity.
These records are used to support accountability, investigate misuse, correct errors, enforce permissions, support Server Owners, handle disputes, prevent fraud, and protect Buyers and DiscPay.
10.4 Authorised users under the Server Owner
Operators, Staff, and permission holders are treated as authorised users acting under the Server Owner’s authority, unless DiscPay expressly states otherwise.
DiscPay processes their data to allow the Server Owner to operate DiscPay safely and to maintain appropriate records of actions taken in relation to the Server.
11. WEBSITE VISITOR, COOKIE, SESSION, AND OAUTH DATA
11.1 Website visitor data
When a user visits a DiscPay website, Store Page, legal page, login page, support page, or other web interface, DiscPay and its service providers may process technical data such as:
(a) request metadata;
(b) browser type;
(c) device type;
(d) approximate technical location information where made available by infrastructure providers;
(e) pages visited;
(f) timestamps;
(g) session identifiers;
(h) security signals;
(i) cookie or local storage data;
(j) Cloudflare traffic data; and
(k) error or performance metadata.
This data may be used to operate the website, maintain security, prevent abuse, support sessions, troubleshoot errors, and improve reliability.
11.2 Cookies and local storage
DiscPay may use cookies, local storage, session storage, or similar technologies for essential service purposes.
These may be used for:
(a) login sessions;
(b) Discord OAuth flows;
(c) admin console sessions;
(d) Store sessions;
(e) cart state;
(f) security controls;
(g) abuse prevention;
(h) remembering necessary service state;
(i) preventing duplicate actions;
(j) maintaining authentication; and
(k) operating the service.
DiscPay does not currently use advertising cookies, tracking pixels, Google Analytics, Meta Pixel, TikTok Pixel, or similar non-essential marketing or analytics tracking technologies.
If DiscPay later introduces non-essential analytics or advertising technologies, DiscPay will update its notices and obtain consent where required.
11.3 Store cookies and cart state
DiscPay Store Pages may use cookies, local storage, or session storage to maintain cart state, session state, checkout state, OAuth state, or other information necessary to provide the Store and Checkout experience.
Without these technologies, some Store or Checkout features may not work correctly.
11.4 Admin console sessions
DiscPay admin, owner, or operator interfaces may use session cookies or similar technologies to maintain secure login sessions.
Session data may be used to authenticate users, protect dashboards, prevent unauthorised access, apply permissions, maintain security, and detect suspicious activity.
11.5 Discord OAuth data
DiscPay may use Discord OAuth for Store login, Buyer account linking, admin login, owner login, or other supported workflows.
OAuth may allow DiscPay to confirm the relevant Discord user ID and connect that user to the correct DiscPay workflow.
DiscPay uses OAuth-related data to authenticate users, connect purchases to the correct Discord account, apply permissions, prevent fraud, support Store access, support admin access, and protect the service.
DiscPay does not control Discord’s OAuth service or Discord’s own privacy practices.
11.6 Cloudflare data
DiscPay may use Cloudflare for security, routing, performance, domain, DNS, proxy, or abuse-prevention purposes.
Cloudflare may process IP addresses, request metadata, browser/device information, security signals, traffic data, bot-detection data, firewall events, and other technical data in order to provide its services.
DiscPay uses Cloudflare-related processing to protect the service, route traffic, reduce abuse, improve reliability, and defend against malicious activity.
12. LOGS, ERROR METADATA, AND SECURITY RECORDS
12.1 Logs and audit records
DiscPay may create logs and audit records to operate and secure the service.
Logs may relate to:
(a) onboarding;
(b) email verification;
(c) OAuth login;
(d) Store access;
(e) Checkout activity;
(f) transaction processing;
(g) Token credits;
(h) Token adjustments;
(i) Reward requests;
(j) fulfilment actions;
(k) permission usage;
(l) support requests;
(m) imports and recovery tools;
(n) errors;
(o) security events;
(p) suspected fraud;
(q) enforcement actions; and
(r) technical system activity.
12.2 Error metadata
DiscPay may generate error metadata when something fails or behaves unexpectedly.
Error metadata may include generated event IDs, internal references, timestamps, service names, error types, error messages, stack traces, affected internal identifiers, technical context, and other information needed to diagnose and fix issues.
Where possible, DiscPay may use generated internal IDs or hashed/internal references rather than directly exposing raw Discord identifiers in error records.
However, some error records may still be linkable to a user, Server, transaction, or account where needed for debugging, support, security, or enforcement.
12.3 Internal monitoring and log streaming
DiscPay may stream or send operational logs, error metadata, or monitoring records to DiscPay-controlled infrastructure for review by DiscPay.
DiscPay does not currently use a third-party logging software-as-a-service provider for these logs.
Logs may be used to monitor system health, detect failures, investigate incidents, debug errors, support recovery, and protect the service.
12.4 One-way hashed IP-derived security records
DiscPay may process an IP address to create a one-way hash for abuse-prevention, fraud-prevention, security, enforcement, or fee-bypass-prevention purposes.
DiscPay does not store the raw IP address for this specific hash record.
However, the resulting hash may still be treated as personal data where it can be linked to a person, account, device, Server, transaction, or activity.
DiscPay may use hashed IP-derived records to detect abuse, repeat misuse, suspicious onboarding, fraud attempts, enforcement evasion, or attempts to bypass fees or restrictions.
12.5 Raw IP addresses handled by infrastructure providers
Although DiscPay does not store raw IP addresses for its own IP-hash abuse-prevention record, raw IP addresses may be processed by infrastructure providers such as Cloudflare, hosting providers, web servers, security systems, or email systems as part of normal technical operation.
These providers may process raw IP addresses for routing, security, abuse prevention, traffic delivery, logging, firewall rules, DDoS protection, debugging, or legal compliance.
12.6 Security records
DiscPay may process security records to detect, prevent, and investigate misuse.
Security records may include:
(a) hashed IP-derived records;
(b) session data;
(c) OAuth records;
(d) suspicious activity records;
(e) failed login or authentication records;
(f) payment-risk signals;
(g) duplicate transaction signals;
(h) Store access records;
(i) command misuse records;
(j) permission misuse records;
(k) enforcement records;
(l) fraud reports;
(m) account restriction records; and
(n) related technical metadata.
Security records may be used to protect Buyers, Server Owners, Operators, Staff, DiscPay, Stripe, Discord, and the integrity of the service.
12.7 Support and complaint records
DiscPay may keep records of support requests, complaints, privacy requests, abuse reports, refund-related reports, technical issue reports, and other communications.
These records may include the content of the message, email address, Discord user ID, Server ID, transaction references, screenshots, timestamps, support notes, investigation notes, and outcome records.
Support and complaint records are used to respond to users, investigate issues, enforce the Terms of Service, improve service reliability, prevent abuse, and maintain evidence where necessary.
13. WHY WE USE PERSONAL DATA
13.1 Overview
DiscPay uses personal data only where there is a reason connected to operating, securing, supporting, improving, or enforcing the DiscPay service.
DiscPay may use personal data to:
(a) provide the DiscPay service;
(b) complete Server Owner onboarding;
(c) verify contact details;
(d) record legal acceptance events;
(e) connect Discord accounts to DiscPay workflows;
(f) connect Stripe-related payment records to the correct Server;
(g) credit Tokens to the correct Buyer;
(h) maintain Token Balances;
(i) support Reward requests and fulfilment workflows;
(j) manage Operator, Staff, and permission-holder access;
(k) provide Store Pages and Checkout-related workflows;
(l) send invoice emails where requested;
(m) respond to support requests and complaints;
(n) investigate technical failures;
(o) prevent fraud, abuse, duplicate credits, unauthorised access, and fee bypass;
(p) enforce DiscPay’s Terms of Service;
(q) comply with legal, accounting, tax, payment, and regulatory obligations;
(r) preserve evidence where necessary; and
(s) protect DiscPay, Server Owners, Buyers, Operators, Staff, Discord, Stripe, and other third parties.
13.2 Providing the service
DiscPay uses personal data to provide the features users request or enable.
For example, DiscPay may need a Server Owner’s Discord user ID and Server ID to connect a Server to DiscPay. DiscPay may need a Buyer’s Discord user ID to credit Tokens to the correct account. DiscPay may need a Stripe transaction reference to reconcile a payment. DiscPay may need permission records to decide whether an Operator or Staff member can perform an action.
Without this data, DiscPay may be unable to provide the relevant feature.
13.3 Owner onboarding
DiscPay uses Server Owner data to complete owner-only onboarding.
This includes using data to:
(a) identify the relevant Discord Server;
(b) identify the Discord user completing onboarding;
(c) verify the Server Owner’s contact email;
(d) record acceptance of the Terms of Service, Privacy Policy, Data Collection Notice, and legal capacity confirmation;
(e) record the Server Owner’s country;
(f) connect the Server to a Stripe Connected Account reference;
(g) generate or enable Store and payment-linked workflows;
(h) prevent unauthorised monetisation of a Server;
(i) maintain an audit record of onboarding; and
(j) support re-onboarding, suspension, review, or ownership-change workflows.
13.4 Discord OAuth and account linking
DiscPay uses Discord OAuth and Discord-related identifiers to link users to the correct DiscPay workflows.
This may include using OAuth to:
(a) identify a Buyer before purchase;
(b) link a Token purchase to the correct Discord user ID;
(c) prevent Tokens being credited to the wrong account;
(d) check Store access or Server-related eligibility where supported;
(e) support admin, owner, operator, or staff login;
(f) apply permissions;
(g) prevent fraud or impersonation;
(h) support support requests; and
(i) maintain transaction and Token Balance integrity.
DiscPay does not use Discord OAuth to collect more information than is needed for the relevant workflow.
13.5 Payment-linked workflows
DiscPay uses limited payment-related data to operate payment-linked workflows.
This may include using Stripe references, transaction IDs, checkout references, payment status information, Store records, Buyer Discord IDs, Server IDs, and Token records to:
(a) confirm that a payment has occurred;
(b) credit Tokens;
(c) prevent duplicate Token credits;
(d) reconcile payment records;
(e) support manual imports and recovery;
(f) handle delayed payment events;
(g) support refund or chargeback handling;
(h) investigate fraud;
(i) support Server Owner records; and
(j) enforce DiscPay’s Terms of Service.
DiscPay does not store full payment card details.
13.6 Token Balances
DiscPay uses Token Balance data to maintain server-specific Token records.
This includes using data to:
(a) show Buyers their Token Balances;
(b) allow Buyers to request or redeem Rewards;
(c) allow Server Owners and authorised users to review relevant balances;
(d) support fulfilment workflows;
(e) support Token adjustments;
(f) detect duplicate credits;
(g) reverse or correct Tokens where necessary;
(h) support refunds, disputes, and chargebacks;
(i) preserve balance continuity if a Server reconnects; and
(j) prevent abuse or unauthorised manipulation of Token records.
13.7 Reward requests and fulfilment
DiscPay uses Reward request and fulfilment data to support Server Owner fulfilment workflows.
This may include using Buyer IDs, Server IDs, Token amounts, Reward selections, tickets, fulfilment records, Staff actions, timestamps, and notes to:
(a) create Reward requests;
(b) notify authorised Staff;
(c) record fulfilment status;
(d) support manual fulfilment;
(e) support automated or semi-automated fulfilment where available;
(f) allow Server Owners to review fulfilment;
(g) investigate disputes;
(h) support refund or chargeback handling;
(i) detect misuse by Staff or Buyers; and
(j) maintain audit records.
13.8 Permissions and staff actions
DiscPay uses Operator, Staff, and permission-holder data to control access to sensitive features.
This may include using Discord user IDs, Server IDs, permission records, command logs, Token adjustment records, ticket actions, fulfilment actions, Store actions, and support records to:
(a) determine whether a user is authorised to perform an action;
(b) apply permissions granted by the Server Owner;
(c) maintain audit records;
(d) detect misuse of permissions;
(e) investigate incorrect Token adjustments;
(f) investigate false fulfilment records;
(g) support Server Owner review;
(h) restrict compromised or abusive users; and
(i) protect Buyers and platform integrity.
13.9 Invoice delivery
Where a Buyer provides an email address for invoice delivery, DiscPay uses that email address to send the invoice or transaction-related communication.
DiscPay may also retain a limited record of invoice delivery where reasonably necessary for transaction history, accounting, support, fraud prevention, dispute handling, chargeback handling, legal compliance, or service integrity.
DiscPay does not currently use Buyer invoice email addresses for marketing unless the Buyer separately consents or DiscPay later updates its practices and gives appropriate notice.
13.10 Support and complaints
DiscPay uses support and complaint data to respond to users and investigate issues.
This may include using emails, Discord user IDs, Server IDs, transaction references, screenshots, logs, support messages, ticket records, fulfilment records, and technical metadata to:
(a) respond to support requests;
(b) investigate missing Tokens;
(c) investigate incorrect balances;
(d) investigate failed fulfilment;
(e) investigate technical failures;
(f) investigate fraud, abuse, or Prohibited Use;
(g) handle complaints;
(h) respond to privacy requests;
(i) preserve evidence where necessary; and
(j) improve service reliability.
13.11 Security, fraud prevention, and abuse prevention
DiscPay uses personal data and technical data to protect the service.
This may include using hashed IP-derived records, session data, OAuth records, logs, transaction patterns, command activity, Store access records, permission activity, error metadata, support reports, and other security records to:
(a) detect fraud;
(b) detect suspicious onboarding;
(c) detect duplicate or abusive transactions;
(d) prevent unauthorised access;
(e) prevent fee bypass;
(f) prevent enforcement evasion;
(g) detect compromised accounts;
(h) detect misuse of permissions;
(i) detect Token manipulation;
(j) protect payment-linked workflows;
(k) restrict abusive users or Servers;
(l) investigate Prohibited Use;
(m) maintain platform security; and
(n) protect DiscPay’s rights and users.
13.12 Legal, accounting, tax, and compliance purposes
DiscPay may use and retain personal data where necessary for legal, accounting, tax, payment, audit, regulatory, dispute, chargeback, or compliance purposes.
This may include using onboarding records, acceptance records, transaction records, Token records, invoice records, support records, security records, enforcement records, and logs to:
(a) evidence legal acceptance;
(b) maintain transaction records;
(c) support accounting records;
(d) support tax-related records;
(e) respond to lawful requests;
(f) cooperate with payment processors;
(g) respond to disputes or legal claims;
(h) preserve evidence;
(i) comply with legal obligations; and
(j) protect DiscPay’s legal position.
13.13 Improving and maintaining the service
DiscPay may use technical data, error metadata, logs, support records, and usage records to maintain and improve the service.
This may include using data to:
(a) identify bugs;
(b) diagnose failed workflows;
(c) improve onboarding;
(d) improve Store reliability;
(e) improve Token crediting;
(f) improve recovery tools;
(g) improve fraud prevention;
(h) improve permission systems;
(i) improve support processes; and
(j) improve service stability.
Where reasonably possible, DiscPay may use aggregated, anonymised, minimised, or internal reference data for improvement purposes.
14. LAWFUL BASES FOR PROCESSING
14.1 Overview
DiscPay processes personal data only where it has a lawful basis under applicable data protection law.
Depending on the context, DiscPay may rely on one or more of the following lawful bases:
(a) performance of a contract;
(b) legitimate interests;
(c) legal obligation;
(d) consent; and
(e) where necessary, establishment, exercise, or defence of legal claims.
The lawful basis may differ depending on the type of user, the type of data, and the reason the data is processed.
14.2 Performance of a contract
DiscPay may process personal data where it is necessary to provide the service under DiscPay’s Terms of Service or to take steps requested by a user before entering into that relationship.
This may apply where DiscPay processes data to:
(a) create or manage a Server Owner onboarding flow;
(b) authenticate a user through Discord OAuth;
(c) connect a Server to DiscPay;
(d) connect payment-linked records to a Server;
(e) provide Store Pages;
(f) process Token purchases;
(g) credit Tokens;
(h) maintain Token Balances;
(i) support Reward requests;
(j) apply permissions;
(k) provide user-requested support; and
(l) operate account or session features.
14.3 Legitimate interests
DiscPay may process personal data where it is necessary for DiscPay’s legitimate interests or the legitimate interests of others, provided those interests are not overridden by the rights and freedoms of the relevant person.
DiscPay’s legitimate interests may include:
(a) operating a secure and reliable service;
(b) preventing fraud;
(c) preventing abuse;
(d) preventing fee bypass;
(e) preventing unauthorised monetisation;
(f) maintaining accurate Token and transaction records;
(g) protecting Buyers and Server Owners;
(h) enforcing the Terms of Service;
(i) investigating Prohibited Use;
(j) preserving evidence;
(k) detecting and correcting technical failures;
(l) maintaining logs and audit records;
(m) supporting dispute and chargeback handling;
(n) protecting DiscPay’s legal and commercial interests; and
(o) improving the service.
14.4 Legal obligation
DiscPay may process personal data where necessary to comply with a legal obligation.
This may include obligations relating to:
(a) company records;
(b) accounting records;
(c) tax-related records;
(d) legal notices;
(e) fraud prevention;
(f) lawful requests from courts, regulators, law enforcement, or public authorities;
(g) consumer protection requirements;
(h) data protection rights; and
(i) other legal or regulatory requirements.
14.5 Consent
DiscPay may rely on consent where consent is required or appropriate.
This may include:
(a) certain cookies or similar technologies, if non-essential cookies are introduced;
(b) optional marketing communications, if introduced;
(c) optional features where data processing is not necessary to provide the core service;
(d) specific user permissions or choices presented in an interface; or
(e) other processing where DiscPay expressly asks for consent.
Where DiscPay relies on consent, the user may withdraw that consent where applicable. Withdrawal of consent does not affect processing that occurred before consent was withdrawn.
If consent is withdrawn, some features may no longer be available.
14.6 Legal claims
DiscPay may process personal data where necessary to establish, exercise, or defend legal claims.
This may include processing relating to disputes, chargebacks, fraud, abuse, Prohibited Use, unpaid fees, ownership disputes, enforcement action, complaints, legal correspondence, or other situations where evidence may be needed.
14.7 Multiple lawful bases
Some processing may rely on more than one lawful basis.
For example, transaction records may be processed to perform the service, to support legitimate interests in payment integrity and fraud prevention, and to comply with accounting or legal obligations.
DiscPay may apply the lawful basis that is most appropriate for the specific context.
15. PAYMENTS, TRANSACTIONS, AND INVOICES
15.1 Stripe processing
Payments made through DiscPay-supported workflows are processed by Stripe or another supported payment processor.
Stripe may collect and process payment data, identity data, billing data, tax data, verification data, fraud-prevention data, and other payment-related information under Stripe’s own privacy policy and terms.
DiscPay does not store full payment card details.
15.2 DiscPay transaction records
DiscPay may process transaction-related records such as transaction IDs, Stripe references, checkout references, payment status information, Server IDs, Buyer Discord IDs, Token credit records, refund references, dispute references, chargeback references, import records, and related logs.
DiscPay uses these records to:
(a) confirm payment status;
(b) credit Tokens;
(c) prevent duplicate credits;
(d) reconcile transactions;
(e) support manual imports;
(f) investigate failed payments;
(g) support refunds and disputes;
(h) investigate chargebacks;
(i) maintain Token Balance integrity;
(j) support Server Owner records; and
(k) enforce the Terms of Service.
15.3 Invoice emails
Where a Buyer provides an email address for invoice delivery, DiscPay uses the email address to send the invoice or transaction-related communication.
DiscPay may use an email service provider, such as Microsoft SMTP or another email provider, to deliver invoices or transaction communications.
DiscPay may retain a limited record of invoice delivery where reasonably necessary for transaction history, accounting, support, fraud prevention, dispute handling, chargeback handling, legal compliance, or service integrity.
15.4 No marketing use of invoice emails by default
DiscPay does not currently use Buyer invoice email addresses for marketing.
If DiscPay later introduces marketing communications, DiscPay will provide appropriate notice and obtain consent where required.
15.5 Refunds, disputes, and chargebacks
DiscPay may process payment, transaction, Token, support, fulfilment, and log data in connection with refunds, disputes, chargebacks, reversals, failed payments, duplicate payments, fraud reports, or related issues.
This processing may be necessary to:
(a) determine whether Tokens were credited;
(b) determine whether Tokens were used;
(c) determine whether a Reward was requested;
(d) determine whether fulfilment occurred;
(e) support Server Owner review;
(f) support Stripe dispute processes;
(g) prevent double recovery;
(h) correct Token Balances;
(i) restrict abusive activity; and
(j) preserve evidence.
16. SECURITY, FRAUD PREVENTION, AND PLATFORM PROTECTION
16.1 Security purpose
DiscPay processes security-related data to protect the service, users, payment-linked workflows, Token systems, Stores, permissions, and records.
Security processing may include monitoring, logging, reviewing, restricting, or investigating suspicious activity.
16.2 Abuse and fraud prevention
DiscPay may use personal data and technical data to detect, prevent, and investigate:
(a) fraudulent onboarding;
(b) unauthorised Stripe account use;
(c) unauthorised Server monetisation;
(d) unauthorised payments;
(e) stolen payment methods;
(f) duplicate payment abuse;
(g) duplicate Token crediting;
(h) Token manipulation;
(i) refund or chargeback abuse;
(j) permission misuse;
(k) compromised accounts;
(l) Store abuse;
(m) Prohibited Use;
(n) fee bypass;
(o) enforcement evasion; and
(p) other misuse of DiscPay.
16.3 Hashed IP-derived records
DiscPay may process an IP address to create a one-way hash used for security, abuse-prevention, fraud-prevention, enforcement, and fee-bypass-prevention purposes.
DiscPay does not store the raw IP address for this specific hash record.
However, the hash may still be treated as personal data where it can be linked to a person, account, Server, transaction, device, or activity.
16.4 Security restrictions
DiscPay may use security records to restrict, suspend, review, or block access to certain features.
This may affect onboarding, Store access, Checkout, Token crediting, Token redemption, Operator or Staff permissions, support access, OAuth sessions, or other service features.
DiscPay may not disclose detailed security logic where doing so would weaken the security of the service.
16.5 Cloudflare and infrastructure security
DiscPay may use Cloudflare and other infrastructure providers for security, routing, DDoS protection, firewall rules, bot detection, traffic management, and abuse prevention.
These providers may process IP addresses, request metadata, browser/device information, security signals, traffic logs, and related technical data.
DiscPay uses these services to protect the platform and keep the service available and secure.
17. SUPPORT, ENFORCEMENT, AND LEGAL COMPLIANCE
17.1 Support requests
DiscPay uses support data to respond to support requests, complaints, privacy requests, technical issues, payment-linked issues, onboarding issues, Token issues, fulfilment issues, and abuse reports.
Support data may include messages, emails, screenshots, Discord IDs, Server IDs, transaction references, Store details, logs, internal notes, and outcome records.
17.2 Enforcement
DiscPay may use personal data and technical data to enforce its Terms of Service and other policies.
This may include processing data to:
(a) investigate Prohibited Use;
(b) suspend Servers;
(c) restrict Buyers;
(d) restrict Operators or Staff;
(e) disable Store Pages;
(f) freeze Token redemption;
(g) reverse Token credits;
(h) investigate chargebacks;
(i) preserve evidence;
(j) remove prohibited Rewards;
(k) prevent enforcement evasion; and
(l) protect platform integrity.
17.3 Legal compliance
DiscPay may process and retain data where necessary to comply with law or respond to lawful requests.
This may include requests or requirements from courts, regulators, law enforcement, tax authorities, payment processors, legal advisers, or other relevant parties.
DiscPay may also process data to comply with accounting, tax, company, consumer, payment, fraud-prevention, or data protection obligations.
17.4 Protection of rights
DiscPay may process data where necessary to protect its rights, property, service, users, payment workflows, records, reputation, or legal position.
This may include processing data in connection with unpaid fees, contractual disputes, ownership disputes, fraud, abuse, security incidents, chargebacks, complaints, or legal claims.
17.5 Minimisation where possible
Where reasonably possible, DiscPay may use internal references, generated IDs, hashed values, aggregated data, anonymised data, or minimised records instead of directly identifiable data.
However, identifiable data may still be necessary where DiscPay needs to operate the service, link records correctly, investigate specific issues, comply with law, handle disputes, or enforce its Terms.
18. WHO WE SHARE PERSONAL DATA WITH
18.1 Overview
DiscPay may share personal data with third parties where necessary to operate, secure, support, maintain, improve, or enforce the DiscPay service.
DiscPay does not sell personal data.
DiscPay may share personal data with:
(a) Stripe and payment-related service providers;
(b) Discord;
(c) Cloudflare;
(d) hosting, VPS, infrastructure, domain, DNS, and security providers;
(e) email and SMTP providers;
(f) backup providers;
(g) Server Owners, Operators, or Staff where necessary for Server-specific workflows;
(h) legal, accounting, tax, or professional advisers;
(i) courts, regulators, law enforcement, public authorities, or other parties where required or permitted by law; and
(j) successor entities, purchasers, acquirers, or reorganised businesses where DiscPay is transferred or restructured.
18.2 Sharing only where needed
DiscPay shares personal data only where DiscPay believes the sharing is necessary, appropriate, lawful, or permitted for the relevant purpose.
The amount of data shared may depend on the user’s role, the relevant Server, the feature used, the payment workflow, the support issue, the security issue, the legal requirement, or the operational context.
DiscPay may also share anonymised, aggregated, or de-identified information where it does not identify a user.
18.3 Service providers and processors
DiscPay may use service providers who process personal data on DiscPay’s behalf.
These providers may help DiscPay with hosting, security, traffic routing, email delivery, payment workflows, domain management, backups, technical monitoring, support, accounting, legal compliance, or other business operations.
Where required, DiscPay will use appropriate contractual or operational measures with service providers to protect personal data.
18.4 Server Owners, Operators, and Staff
DiscPay may share or make available certain personal data with the relevant Server Owner, Operators, or Staff where necessary for that Server’s use of DiscPay.
This may include, depending on permissions and features:
(a) Buyer Discord user IDs;
(b) Token Balances;
(c) transaction references;
(d) purchase records;
(e) Reward request records;
(f) fulfilment ticket records;
(g) Token adjustment records;
(h) support-related records;
(i) command logs;
(j) permission records;
(k) fulfilment records; and
(l) other Server-specific operational records.
Server Owners, Operators, and Staff must use this information only for legitimate DiscPay-related purposes and must not misuse, disclose, sell, publish, or exploit it.
18.5 Buyer visibility and Server-visible records
Certain DiscPay features may make information visible to Buyers or Server users, depending on the feature and Server configuration.
For example, DiscPay may support purchase notices, reward request tickets, fulfilment tickets, Token-related displays, acknowledgement messages, or other Server-visible workflows.
Where Server Owners enable or use features that expose Token-related or fulfilment-related information, Server Owners are responsible for ensuring that the use of those features is appropriate, fair, and consistent with the Terms of Service and this Privacy Policy.
19. STRIPE
19.1 Stripe as payment processor and third-party provider
DiscPay uses Stripe, including Stripe Connect, to support payment processing and payment-linked workflows.
Stripe may process personal data independently under its own privacy policy and terms. This may include payment details, identity information, business information, billing information, verification information, tax information, payment-method information, fraud-prevention signals, and other payment-related information.
DiscPay does not control Stripe’s own processing of personal data.
19.2 Data shared with Stripe
DiscPay may send or receive limited data to or from Stripe where necessary to support payment workflows.
This may include:
(a) Stripe Connected Account references;
(b) checkout references;
(c) transaction IDs;
(d) payment status information;
(e) refund references;
(f) dispute references;
(g) chargeback references;
(h) payment event metadata;
(i) Server-related references;
(j) Buyer-related references where needed to connect a payment to a Discord account or Transaction; and
(k) other payment-linked metadata needed to operate DiscPay.
19.3 Why Stripe-related data is used
DiscPay uses Stripe-related data to:
(a) create or support Checkout sessions;
(b) connect payments to the relevant Server;
(c) connect payments to the relevant Buyer;
(d) credit Tokens;
(e) prevent duplicate credits;
(f) reconcile transaction records;
(g) support manual imports and recovery;
(h) support refund or chargeback handling;
(i) support Server Owner payment records;
(j) investigate payment issues;
(k) prevent fraud or abuse; and
(l) comply with payment-related requirements.
19.4 Data Stripe collects directly
Stripe may collect personal data directly from Server Owners and Buyers.
For Server Owners, Stripe may collect identity, business, tax, payout, verification, bank, and compliance information.
For Buyers, Stripe may collect payment method, billing, fraud-prevention, device, transaction, or payment authentication information.
DiscPay does not store full payment card details and does not directly process card payments.
20. DISCORD
20.1 Discord as third-party platform
DiscPay uses Discord to provide bot, OAuth, Server, permission, identity-linking, and Server-related workflows.
Discord may process personal data independently under its own privacy policy and terms.
DiscPay does not control Discord’s own processing of personal data.
20.2 Data received from or connected to Discord
DiscPay may receive, store, or process Discord-related data where necessary to operate the service.
This may include:
(a) Discord user IDs;
(b) Discord Server IDs;
(c) Discord OAuth authentication results;
(d) Server icons;
(e) Server-related configuration records;
(f) permission-related records;
(g) command-related records;
(h) bot interaction records;
(i) role or Server-related workflow information where supported; and
(j) other Discord-related technical information needed for DiscPay features.
20.3 Why Discord data is used
DiscPay uses Discord-related data to:
(a) identify Server Owners;
(b) identify Buyers;
(c) link Tokens to the correct Discord user ID;
(d) link Stores to the correct Server;
(e) operate the Discord bot;
(f) apply permissions;
(g) support Server Owner onboarding;
(h) support OAuth login;
(i) support admin, owner, operator, or Buyer access;
(j) support Reward requests and fulfilment;
(k) prevent mistaken Token crediting;
(l) prevent unauthorised Server monetisation;
(m) investigate abuse or fraud; and
(n) enforce the Terms of Service.
20.4 Discord OAuth
Where DiscPay uses Discord OAuth, Discord may ask the user to authorise access to certain Discord account information.
DiscPay uses OAuth data only for supported DiscPay workflows, such as login, account linking, Store access, admin access, purchase linking, or permission checks.
DiscPay does not control the Discord OAuth interface or Discord’s own handling of OAuth-related data.
21. CLOUDFLARE
21.1 Cloudflare services
DiscPay may use Cloudflare for security, traffic routing, proxying, DNS, performance, firewall rules, bot detection, DDoS protection, abuse prevention, and reliability.
Cloudflare may process personal data and technical data as part of providing those services.
21.2 Cloudflare data
Cloudflare may process:
(a) IP addresses;
(b) request metadata;
(c) browser and device information;
(d) traffic logs;
(e) security signals;
(f) firewall events;
(g) bot-detection signals;
(h) country or approximate location information derived from technical data;
(i) user-agent data;
(j) timestamps;
(k) routing data; and
(l) other technical information needed to provide Cloudflare services.
21.3 Why Cloudflare data is used
DiscPay uses Cloudflare-related processing to:
(a) route traffic;
(b) improve reliability;
(c) protect against malicious activity;
(d) reduce spam and abuse;
(e) detect bots;
(f) protect login and Store pages;
(g) protect APIs and endpoints;
(h) defend against denial-of-service attacks;
(i) support security monitoring; and
(j) keep the service available.
21.4 Cloudflare as independent provider
Cloudflare may process data under its own privacy policy and terms.
DiscPay does not control Cloudflare’s independent processing.
22. HOSTING, EMAIL, BACKUPS, AND OTHER SERVICE PROVIDERS
22.1 Hosting and VPS providers
DiscPay may use hosting providers, VPS providers, server providers, cloud providers, infrastructure providers, or related technical services to host the DiscPay website, bot services, databases, queues, Store Pages, APIs, logs, support systems, and related infrastructure.
These providers may process technical data, server data, traffic data, logs, IP addresses, metadata, stored records, or other data necessary to provide hosting and infrastructure services.
22.2 Current and future backup infrastructure
DiscPay may store backups on the same VPS or infrastructure environment and may later use a second VPS, backup server, cloud storage provider, or other backup infrastructure.
Backups may include databases, configuration records, transaction records, Token records, Server records, logs, support records, or other data needed for service continuity, recovery, security, or legal compliance.
Backup data may be retained for limited periods and may not be immediately deleted from all backup systems when a deletion request is processed, where delayed deletion is technically necessary or lawful.
22.3 Email and SMTP providers
DiscPay may use Microsoft SMTP or another email provider to send emails.
Emails may include owner verification emails, onboarding emails, invoice emails, support messages, security notices, legal notices, payment-related notices, enforcement notices, or other service communications.
Email providers may process email addresses, message content, delivery metadata, timestamps, sender and recipient information, technical delivery logs, and related records.
22.4 Domain, DNS, and certificate providers
DiscPay may use domain registrars, DNS providers, certificate providers, and related services to operate DiscPay domains, subdomains, Store Pages, authentication endpoints, security certificates, and routing.
These providers may process technical data, domain records, request metadata, IP addresses, routing information, or other data necessary to provide their services.
22.5 Internal monitoring and logging infrastructure
DiscPay may send logs, error metadata, health records, or monitoring records to DiscPay-controlled infrastructure.
DiscPay does not currently use a third-party logging software-as-a-service provider for these logs.
If DiscPay later uses an external logging, analytics, monitoring, or observability provider, this Privacy Policy may be updated to describe that provider and the relevant processing.
22.6 Professional advisers
DiscPay may share personal data with legal advisers, accountants, tax advisers, auditors, compliance advisers, insurance providers, or other professional advisers where necessary.
This may occur for legal advice, tax compliance, accounting, dispute handling, company administration, regulatory compliance, fraud investigation, business protection, or defence of legal claims.
22.7 Authorities and legal requests
DiscPay may share personal data with courts, regulators, law enforcement, tax authorities, payment processors, public authorities, or other relevant parties where required or permitted by law.
DiscPay may also share data where necessary to:
(a) comply with legal obligations;
(b) respond to lawful requests;
(c) report suspected illegal activity;
(d) protect users;
(e) prevent fraud;
(f) protect payment integrity;
(g) enforce the Terms of Service;
(h) defend legal claims; or
(i) protect DiscPay’s rights, property, or safety.
23. INTERNATIONAL TRANSFERS
23.1 International nature of online services
DiscPay may use service providers, infrastructure, payment processors, or third-party platforms that operate internationally.
This means personal data may be processed outside the United Kingdom.
Examples may include processing by Stripe, Discord, Cloudflare, Microsoft, hosting providers, domain providers, email providers, or other service providers.
23.2 Safeguards for international transfers
Where DiscPay transfers personal data outside the United Kingdom, DiscPay will take steps intended to ensure that the transfer is lawful and appropriately protected.
Depending on the context, this may include relying on:
(a) adequacy regulations;
(b) standard contractual clauses;
(c) UK international data transfer agreements or addenda;
(d) contractual protections;
(e) provider transfer safeguards;
(f) technical and organisational security measures; or
(g) another lawful transfer mechanism.
23.3 Third-party international processing
Third-party services such as Discord, Stripe, Cloudflare, Microsoft, and hosting providers may process data internationally under their own privacy policies, terms, and transfer mechanisms.
Users should review those third-party privacy policies where relevant.
24. SECURITY
24.1 Security measures
DiscPay uses technical and organisational measures intended to protect personal data and service records.
These measures may include, depending on the system and data involved:
(a) access controls;
(b) permission controls;
(c) authentication;
(d) Discord OAuth;
(e) session controls;
(f) encryption where appropriate;
(g) database security measures;
(h) secure infrastructure configuration;
(i) Cloudflare security features;
(j) logging and monitoring;
(k) backup and recovery systems;
(l) abuse-prevention systems;
(m) fraud-prevention controls;
(n) internal access restrictions; and
(o) administrative controls.
24.2 No perfect security
No online service, database, server, network, payment workflow, authentication system, or storage system is completely secure.
DiscPay cannot guarantee absolute security.
Users are responsible for protecting their own Discord accounts, email accounts, Stripe accounts, devices, passwords, sessions, access tokens, and other credentials.
24.3 User security responsibilities
Users should:
(a) keep Discord accounts secure;
(b) keep email accounts secure;
(c) use strong passwords where applicable;
(d) avoid sharing access;
(e) protect devices;
(f) avoid exposing sessions or tokens;
(g) remove permissions from users who no longer need them;
(h) report suspected compromise promptly; and
(i) avoid sending unnecessary sensitive data to DiscPay.
24.4 Compromised accounts
If a user believes that their Discord account, email account, Stripe account, device, session, token, password, or other access method has been compromised, they should take immediate steps to secure the account and notify DiscPay where the compromise may affect DiscPay.
DiscPay may restrict, suspend, revoke, or review affected sessions, permissions, Store access, Token workflows, checkout flows, or other features while investigating.
24.5 Access to personal data within DiscPay
DiscPay may restrict access to personal data internally based on operational need, security, support requirements, investigation requirements, or legal requirements.
DiscPay may also limit Server Owner, Operator, Staff, Buyer, or support access to data based on permissions, role, Server, context, and need.
24.6 Security incidents
If DiscPay becomes aware of a personal data breach or security incident that requires notification under applicable law, DiscPay will take steps required by law.
This may include investigating the incident, taking containment steps, notifying affected users where required, notifying regulators where required, preserving evidence, and improving security controls.
25. DATA SHARING DURING BUSINESS TRANSFERS
25.1 Business transfer
If DiscPay is involved in a merger, acquisition, restructuring, sale of assets, investment transaction, company reorganisation, insolvency process, or transfer of the service to another entity, personal data may be transferred or disclosed as part of that process.
This may include transfer to a purchaser, acquirer, successor entity, group company, investor, adviser, or other relevant party.
25.2 Continuity of privacy protections
Where personal data is transferred as part of a business transfer, DiscPay will take reasonable steps to ensure that the data continues to be handled in accordance with applicable law.
If the transfer materially changes how personal data is processed, DiscPay or the successor entity may provide updated privacy information where required.
26. DATA RETENTION
26.1 Overview
DiscPay keeps personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy.
Retention periods may depend on the type of data, the user’s relationship with DiscPay, the relevant Server, payment history, Token Balance records, dispute risk, fraud-prevention needs, legal obligations, accounting requirements, technical requirements, and operational needs.
DiscPay may delete, anonymise, minimise, restrict, or archive data earlier where it is no longer needed.
26.2 Retention principles
DiscPay may retain data where necessary for:
(a) operating the service;
(b) maintaining Server Owner records;
(c) maintaining Token Balance integrity;
(d) preserving transaction history;
(e) preventing fraud or abuse;
(f) preventing fee bypass;
(g) preventing enforcement evasion;
(h) supporting refunds, disputes, and chargebacks;
(i) supporting accounting and tax records;
(j) handling support requests and complaints;
(k) investigating Prohibited Use;
(l) maintaining security records;
(m) preserving evidence;
(n) complying with legal obligations;
(o) supporting Server reconnection; and
(p) enforcing DiscPay’s Terms of Service.
26.3 Onboarding records
DiscPay may retain Server Owner onboarding records for the life of the relevant account, Server relationship, or service relationship, and for up to 6 years after that relationship ends where necessary for legal, accounting, dispute, chargeback, fraud-prevention, enforcement, or audit purposes.
Onboarding records may include Discord user IDs, Server IDs, email addresses, country information, acceptance records, legal capacity confirmations, Stripe Connected Account references, onboarding timestamps, and related logs.
26.4 Transaction records
DiscPay may retain transaction records for the life of the relevant account, Server relationship, or service relationship, and for up to 6 years after that relationship ends where necessary for accounting, tax, payment integrity, dispute handling, chargeback handling, fraud prevention, legal compliance, or enforcement.
Transaction records may include transaction IDs, Stripe references, checkout references, payment status information, Token credit records, refund references, dispute references, chargeback references, import records, Store records, and related logs.
26.5 Token Balance records
DiscPay may retain Token Balance records for as long as reasonably necessary to maintain Token Balance integrity, support Server-specific Token systems, preserve Buyer balances, support Server reconnection, investigate disputes, prevent fraud, handle chargebacks, enforce the Terms of Service, or maintain accurate internal records.
DiscPay may retain Token Balance records even if:
(a) a Buyer leaves a Server;
(b) a Buyer is banned from a Server;
(c) a Server disconnects DiscPay;
(d) a Store is suspended;
(e) a Server is suspended;
(f) a Server later reconnects;
(g) Server ownership changes; or
(h) a user requests deletion,
where retention remains necessary for balance integrity, payment integrity, legal compliance, dispute handling, fraud prevention, or enforcement.
26.6 Security and IP-hash records
DiscPay may retain hashed IP-derived security records for up to 24 months, unless a longer period is necessary for fraud prevention, abuse prevention, enforcement, fee-bypass prevention, legal compliance, security investigation, or protection of DiscPay’s rights.
DiscPay does not store the raw IP address for its own IP-hash abuse-prevention record, but raw IP addresses may be processed by infrastructure providers such as Cloudflare, hosting providers, web servers, email providers, or security systems according to their own retention practices.
26.7 Error logs and error metadata
DiscPay may retain error logs and error metadata for up to 12 months, unless a longer period is necessary for security, fraud prevention, legal compliance, unresolved technical issues, dispute handling, payment integrity, or enforcement.
Error metadata may be deleted, restricted, anonymised, or minimised earlier where it is no longer needed.
26.8 Support tickets and complaint records
DiscPay may retain internal support tickets, complaint records, abuse reports, technical issue reports, refund-related reports, privacy request records, and related communications for up to 24 months, unless a longer period is necessary for legal claims, unresolved disputes, fraud prevention, payment integrity, chargeback handling, enforcement, accounting, or legal compliance.
Support records may be deleted earlier where they are no longer needed.
26.9 OAuth, session, and cookie data
OAuth records, session cookies, login cookies, Store session data, cart data, local storage records, and similar technical records may be retained until expiry, logout, deletion, replacement, or the end of the relevant session or service need.
Some OAuth, login, or session-related records may be retained longer where necessary for security, fraud prevention, account protection, audit records, support, enforcement, or legal compliance.
26.10 Permission and operational records
DiscPay may retain permission records, command logs, Token adjustment records, fulfilment records, ticket action records, Operator records, Staff records, and related operational logs for as long as reasonably necessary to support Server operations, auditability, dispute handling, fraud prevention, security, enforcement, and platform integrity.
Where such records relate to Transactions, Token Balances, refunds, disputes, chargebacks, or legal issues, they may be retained for longer periods consistent with transaction, legal, accounting, or enforcement retention needs.
26.11 Backup retention
DiscPay may store backup copies of data for service continuity, recovery, security, or operational reasons.
Backup data may not be deleted immediately when data is deleted from live systems.
Where data is deleted, restricted, or changed in live systems, backup copies may remain until they expire, are overwritten, or are no longer needed according to DiscPay’s backup practices.
DiscPay may restore data from backups where necessary for technical recovery, security, legal compliance, payment integrity, Token Balance integrity, or service continuity.
26.12 Longer retention where necessary
DiscPay may retain data for longer than the normal periods described in this Privacy Policy where necessary for:
(a) ongoing disputes;
(b) chargebacks;
(c) fraud investigations;
(d) abuse investigations;
(e) legal claims;
(f) law enforcement requests;
(g) tax or accounting obligations;
(h) payment processor requirements;
(i) Stripe-related investigations;
(j) Discord-related investigations;
(k) sanctions or compliance checks;
(l) unpaid fees;
(m) enforcement evasion;
(n) security incidents; or
(o) protection of DiscPay’s legal rights.
26.13 Earlier deletion
DiscPay may delete, anonymise, minimise, restrict, archive, or aggregate data earlier than the stated retention periods where DiscPay determines that the data is no longer needed.
DiscPay is not required to keep data for the full stated period if it is no longer necessary.
27. DELETION REQUESTS AND LIMITS
27.1 Deletion requests
Users may request deletion of their personal data by contacting:
A deletion request should include enough information for DiscPay to identify the relevant user, Server, transaction, support request, or account.
DiscPay may need to verify the requester’s identity or authority before acting on a deletion request.
27.2 Deletion is not always absolute
DiscPay may not be able to delete all data immediately or completely where retention is necessary for lawful, operational, security, payment, accounting, dispute, fraud-prevention, or enforcement reasons.
For example, DiscPay may retain certain records where necessary for:
(a) transaction history;
(b) accounting records;
(c) tax-related records;
(d) Stripe-related records;
(e) refund handling;
(f) dispute handling;
(g) chargeback handling;
(h) fraud prevention;
(i) fee-bypass prevention;
(j) enforcement evasion prevention;
(k) Token Balance integrity;
(l) Server reconnection;
(m) legal claims;
(n) security investigations;
(o) compliance with law; or
(p) protection of DiscPay’s rights.
27.3 Owner deletion requests
If a Server Owner requests deletion, DiscPay may still retain certain records where necessary.
This may include Discord user IDs, Server IDs, hashed IP-derived security records until normal expiry, transaction records, Token Balance records, Stripe references, acceptance records, fee records, fraud-prevention records, enforcement records, and legal/compliance records.
This is necessary because Server Owner actions may affect Buyers, Token Balances, payment records, disputes, chargebacks, taxes, fees, Server reconnection, and platform integrity.
27.4 Buyer deletion requests
If a Buyer requests deletion, DiscPay may still retain certain records where necessary.
This may include Discord user IDs, Token Balance records, transaction records, refund records, chargeback records, Reward request records, fulfilment records, fraud-prevention records, support records, and legal/compliance records.
This is necessary because Buyer records may be linked to payment integrity, Token Balance integrity, Reward fulfilment, disputes, chargebacks, fraud prevention, Server records, and legal obligations.
27.5 Operator and Staff deletion requests
If an Operator, Staff member, or permission holder requests deletion, DiscPay may still retain certain records where necessary.
This may include Discord user IDs, permission records, command logs, Token adjustment records, fulfilment actions, ticket actions, support records, security records, and enforcement records.
This is necessary where those records are needed to protect Buyers, Server Owners, Token Balance integrity, payment integrity, auditability, dispute handling, fraud prevention, or enforcement.
27.6 Restriction, minimisation, or anonymisation
Where DiscPay cannot fully delete data, DiscPay may restrict, minimise, anonymise, archive, or limit access to the data where appropriate.
For example, DiscPay may keep a transaction record while limiting access to unnecessary personal details.
DiscPay may keep a security record or enforcement record where needed to prevent repeated abuse, but may avoid using it for unrelated purposes.
27.7 Deletion from backups
Deletion from backup systems may be delayed.
Backup copies may remain until they expire, are overwritten, or are no longer needed according to DiscPay’s backup practices.
DiscPay will not normally restore deleted personal data from backups unless necessary for service recovery, security, legal compliance, payment integrity, Token Balance integrity, or other legitimate operational reasons.
28. YOUR RIGHTS
28.1 Overview
Depending on your location and applicable law, you may have rights in relation to your personal data.
These rights may include:
(a) the right to be informed;
(b) the right of access;
(c) the right to rectification;
(d) the right to erasure;
(e) the right to restrict processing;
(f) the right to data portability;
(g) the right to object;
(h) rights relating to automated decision-making, where applicable;
(i) the right to withdraw consent where processing is based on consent; and
(j) the right to complain to a data protection authority.
28.2 Right of access
You may request a copy of the personal data DiscPay holds about you.
DiscPay may need to verify your identity before providing access.
DiscPay may refuse, limit, redact, or delay access where permitted by law, including where disclosure would affect another person’s rights, reveal security controls, expose fraud-prevention methods, interfere with an investigation, or disclose legally privileged or confidential information.
28.3 Right to rectification
You may request correction of inaccurate or incomplete personal data.
Some data may be corrected directly through supported account, onboarding, support, or configuration workflows.
DiscPay may need evidence before changing records that affect payment integrity, Token Balances, Server ownership, Stripe references, onboarding records, transaction records, legal acceptance records, or security records.
28.4 Right to erasure
You may request deletion of your personal data.
Deletion may be limited where DiscPay needs to retain data for legal, accounting, payment, fraud-prevention, security, dispute, chargeback, Token Balance integrity, enforcement, or other lawful reasons.
Further information about deletion limits is set out in section 27.
28.5 Right to restrict processing
You may request that DiscPay restrict the processing of your personal data in certain circumstances.
Where processing is restricted, DiscPay may still retain enough data to record the restriction, comply with law, protect rights, handle disputes, prevent fraud, or maintain necessary records.
28.6 Right to data portability
Where applicable, you may request a copy of certain personal data in a structured, commonly used, machine-readable format.
This right may apply only to certain data and only where the legal requirements for portability are met.
It may not apply to all logs, security records, internal notes, transaction metadata, enforcement records, or records processed for legitimate interests or legal obligations.
28.7 Right to object
You may object to certain processing based on legitimate interests.
DiscPay may continue processing where it has compelling legitimate grounds, where processing is needed for legal claims, or where processing is necessary for fraud prevention, security, payment integrity, Token Balance integrity, enforcement, or legal compliance.
28.8 Right to withdraw consent
Where DiscPay relies on consent, you may withdraw that consent.
Withdrawal of consent does not affect processing that happened before consent was withdrawn.
Some features may stop working if consent is withdrawn.
For example, if optional cookies, optional marketing, or optional features are introduced later and you withdraw consent, those optional features may no longer be available.
28.9 Automated decision-making
DiscPay may use security, fraud-prevention, risk, or abuse-prevention systems to detect suspicious activity, restrict access, flag transactions, block actions, or protect the service.
DiscPay does not currently intend to make solely automated decisions that produce legal or similarly significant effects without appropriate safeguards where such safeguards are required by law.
Where a user believes an automated or security-related restriction was incorrect, they may contact DiscPay support for review.
28.10 Exercising your rights
To exercise your privacy rights, contact:
Your request should include enough information to identify you and the relevant data, such as your Discord user ID, Server ID, transaction reference, support ticket reference, or email address used with DiscPay.
DiscPay may request additional information to verify your identity or authority.
28.11 Response times
DiscPay will respond to privacy rights requests within the time required by applicable law.
Where a request is complex, unclear, excessive, repetitive, or requires additional verification, DiscPay may need more time or may ask for further information.
28.12 Complaints to a data protection authority
If you are unhappy with how DiscPay handles your personal data, you can contact DiscPay first at:
You may also have the right to complain to a data protection authority.
In the United Kingdom, the relevant authority is the Information Commissioner’s Office.
29. COOKIES, LOCAL STORAGE, AND SIMILAR TECHNOLOGIES
29.1 Overview
DiscPay may use cookies, local storage, session storage, and similar technologies to operate its websites, Store Pages, admin interfaces, OAuth flows, sessions, carts, security systems, and related features.
These technologies may store or access information on a user’s device.
29.2 Essential technologies
DiscPay may use essential cookies and similar technologies for purposes such as:
(a) login sessions;
(b) Discord OAuth flows;
(c) admin console sessions;
(d) Store sessions;
(e) cart state;
(f) checkout state;
(g) security;
(h) abuse prevention;
(i) remembering necessary service state;
(j) preventing duplicate actions;
(k) applying permissions;
(l) protecting forms and endpoints; and
(m) maintaining authentication.
These technologies are necessary for DiscPay to provide requested services and protect the platform.
29.3 Store and Checkout functionality
DiscPay Store Pages may use cookies, local storage, or session storage to maintain Store, cart, OAuth, and Checkout-related state.
If a user blocks or deletes these technologies, Store access, Checkout, login, cart state, or Token purchase workflows may not work correctly.
29.4 Admin and owner sessions
DiscPay admin, owner, operator, or staff interfaces may use cookies or similar technologies to maintain secure sessions, apply permissions, protect dashboards, prevent unauthorised access, and detect suspicious activity.
29.5 No advertising or analytics cookies at launch
DiscPay does not currently use advertising cookies, tracking pixels, Google Analytics, Meta Pixel, TikTok Pixel, or similar non-essential marketing or analytics technologies.
If DiscPay later introduces non-essential analytics, advertising, marketing, tracking, or similar technologies, DiscPay will update its notices and obtain consent where required.
29.6 Managing cookies
Users may be able to block, delete, or control cookies and local storage through their browser or device settings.
Blocking essential cookies or local storage may prevent DiscPay from working correctly.
30. CHILDREN AND MINORS
30.1 Intended users
DiscPay is intended for users who are legally able to use the service and, where relevant, make purchases, manage Servers, or sell products or services in their location.
Server Owners must be legally old enough and have legal capacity to sell products or services in their location.
DiscPay may restrict or refuse purchases, onboarding, or account access where it believes a user is not legally permitted to use the relevant feature.
30.2 Server Owner age and capacity
DiscPay requires Server Owners to confirm during onboarding that they are legally old enough and have legal capacity to sell products or services in their location.
DiscPay may refuse, restrict, suspend, or terminate access if it believes this confirmation is false, inaccurate, incomplete, misleading, or no longer valid.
30.3 Buyers and minors
Buyers must be legally permitted to make the relevant purchase and use the relevant service in their location.
DiscPay does not intentionally design the service for children.
If a parent, guardian, Server Owner, or other person believes that a minor has used DiscPay improperly or provided personal data without appropriate permission, they may contact:
30.4 Removal or restriction
DiscPay may delete, restrict, or retain data relating to a minor depending on the circumstances, the law, payment records, fraud-prevention needs, safety concerns, dispute handling, Token Balance integrity, and legal obligations.
31. CHANGES TO THIS PRIVACY POLICY
31.1 Updates
DiscPay may update this Privacy Policy from time to time.
Updates may be made for legal, operational, technical, security, payment, Stripe, Discord, product, service, business, or data-processing reasons.
31.2 Notice of material changes
Where reasonably practical, DiscPay will provide notice of material changes to this Privacy Policy.
Notice may be provided by email, website notice, dashboard notice, Discord bot message, Store notice, admin console notice, or another reasonable method.
31.3 Continued use
Continued use of DiscPay after an updated Privacy Policy takes effect means the updated Privacy Policy will apply to personal data processed from that point onward.
Where consent is required for a new type of processing, DiscPay will seek consent where required.
32. CONTACT AND PRIVACY COMPLAINTS
32.1 Contact
For privacy questions, requests, or complaints, contact:
Please include enough information to identify the relevant account, Discord user ID, Server ID, transaction, Store, support request, or issue.
32.2 Complaints to DiscPay
If you have a privacy complaint, you should contact DiscPay first so that DiscPay can review the issue.
DiscPay may ask for additional information where necessary to investigate the complaint.
32.3 Complaints to the regulator
If you are not satisfied with DiscPay’s response, you may have the right to complain to a data protection authority.
In the United Kingdom, the relevant authority is the Information Commissioner’s Office.
Information Commissioner’s Office: https://ico.org.uk/
33. FINAL NOTES
33.1 Accuracy of information
Users are responsible for providing accurate information where required.
Incorrect information may prevent DiscPay from providing the service, responding to support requests, verifying ownership, crediting Tokens correctly, handling disputes, or processing privacy requests.
33.2 Third-party privacy policies
DiscPay uses third-party services such as Discord, Stripe, Cloudflare, Microsoft, hosting providers, domain/DNS providers, and other infrastructure providers.
Those third parties may process personal data under their own privacy policies and terms.
Users should review third-party privacy policies where relevant.
33.3 English version
This Privacy Policy is written in English.
If DiscPay provides a translation, the translation is for convenience only unless DiscPay expressly states otherwise. In the event of conflict between the English version and any translation, the English version will apply to the fullest extent permitted by applicable law.