Privacy Policy

Last updated: 2026-06-15 · Effective: 2026-06-15

How Individual Entrepreneur Arsenii Maksymenko ("we") handles personal data when you use Throngwatch.

1. Who we are

Individual Entrepreneur Arsenii Maksymenko (“we”, “us”) operates Throngwatch, a service that analyzes activity in the Discord servers you connect and presents the results in a dashboard. For the personal data described below we act as a data controller. Contact us at [email protected].

We are established in Ukraine. Where we offer the service to, or monitor, people in the EU/EEA or the UK and the law requires it, we appoint a representative under Article 27 GDPR / UK GDPR; you can request their current details at [email protected].

2. Scope

This policy covers two groups of people:

  • Account holders — people who sign up for and use the dashboard.
  • Server members — Discord users whose public activity in a connected server we process on an account holder’s behalf. If you are a server member, see §8 (your rights) and §11 (contact).

3. What data we collect

Account data (you provide)

  • Email address; an optional display name; and a hashed password (argon2id — we never store your password in plaintext).
  • If you link Discord: your Discord user ID and OAuth tokens for the identify and guilds scopes, used only to verify that you administer a server you connect. Tokens are encrypted at rest.
  • Billing data is handled by our payment processor; we store only subscription/credit state, never card numbers.

Connected-server data (via Discord’s official API)

When you add our Discord bot to a server you administer, we collect — only for the channels and time window you choose to scan:

  • Server and channel metadata: names, topics, channel list, member counts.
  • Member data: Discord user ID, username, and the role displayed in chat.
  • Message data: message text, timestamps, reactions, attachment metadata, and embeds.
  • Analysis outputs derived from the above: toxicity/moderation signals, topic and FAQ clusters, and report narratives.

Storing message content is more than many comparable bots do; it is necessary for the text-based analysis features and is governed by the retention rules in §6.

Usage data

Standard logs (IP address, user agent, timestamps) used to operate and secure the service, and cookies as described in our Cookie Policy.

4. Why we process it, and our legal basis

PurposeDataLegal basis (GDPR)
Provide your account & dashboardAccount dataContract — Art. 6(1)(b)
Verify you administer a connected serverDiscord identity + guilds scopeContract / legitimate interest
Analyze a server you chose to scanConnected-server + message dataLegitimate interest — Art. 6(1)(f)
BillingAccount + subscription stateContract / legal obligation
Security & abuse preventionUsage dataLegitimate interest

We do not use server members’ data to build cross-server profiles of individuals or their relationships, and we do not sell personal data. Our features are server-level aggregates.

5. How data is collected

A server administrator adds our Discord bot via Discord’s official OAuth flow. We read only the channels and time window the administrator selects, through Discord’s API.

6. How long we keep it

We keep personal data only as long as needed for the purposes above, and delete or aggregate it according to these triggers rather than holding it indefinitely:

  • Raw message content is retained only as long as needed to provide and regenerate your analytics, and is deleted or reduced to aggregates when you delete the scan, disconnect the server, or close your account.
  • Derived aggregates and reports (scores, clusters, narratives) are kept while the related server is connected and your account is active.
  • Account data is kept while your account is active and for a short grace period after closure, then deleted.
  • Logs are kept for a limited period for security and troubleshooting.

We delete connected-server data when you disconnect the server or close the account, and on a valid erasure request (§8).

7. Who we share it with (subprocessors)

We use vetted subprocessors under data-processing agreements, only to run the service:

  • LLM / embeddings providers — to run the text analysis. They do not train models on your data.
  • Payment processor — billing.
  • Hosting / database and email — to run the service and send transactional email.

We disclose data if required by law. We do not sell personal data or share it for cross-context behavioral advertising.

8. Your rights

Subject to applicable law (including GDPR Arts. 15–22 and equivalent US state rights), you may request access, correction, deletion, restriction, objection, and portability, and you may object to processing based on legitimate interest. Server members may request deletion of their data keyed by their Discord user ID even without an account. To exercise any right, contact [email protected]. We aim to respond within 30 days. You may also complain to your data-protection supervisory authority.

9. International transfers, security & children

  • Transfers: data may be processed outside your country, including by subprocessors. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses.
  • Security: hashed credentials, encrypted secrets, access controls, and per-workspace isolation. No method is perfectly secure.
  • Children: the service is not directed to children, and we do not knowingly create accounts for them. Discord’s own minimum age applies to server members. If you believe a child’s data has reached us, contact us and we will delete it.

10. Cookies

We use strictly-necessary cookies to run the service, and — only with your consent — analytics and marketing cookies. See the Cookie Policy for the full list and how to change your choice at any time.

11. Changes & contact

We will post changes here and update the date above; material changes get additional notice. Questions or requests: [email protected].