1. Overview
This Privacy Policy explains what personal information DCAI ("we", "our", "us") collects when you use https://www.dcauditapp.com (the "Service"), why we collect it, how we use it, and the rights you have over it.
We designed DCAI to require the minimum amount of personal data necessary to audit public Discord servers, generate reports, and (optionally) connect your Discord account for owner-verified audits.
2. Information we collect
We collect only the data you provide or that is necessary to operate the Service:
- Account information — email address, display name, and (for social sign-in) the identifiers returned by Google.
- Profile & agency information — company/agency name, role, goals, and optional agency logo you choose to add to reports.
- Discord OAuth connection (optional) — Discord user ID, username, and the encrypted access/refresh tokens used to list servers you administer. Tokens are encrypted at rest with AES-256.
- Audit inputs — Discord invite URLs you submit, and the public server metadata Discord returns for those invites.
- Audit outputs — the reports we generate, notification settings, blueprints, and scheduled-audit configurations.
- Operational data — timestamps, IP address (transient, for abuse prevention), and error diagnostics.
- Cookies — see Cookie Notice for the exact list and purposes.
3. How we use information
We use the information above to: authenticate you, run and store the audits and blueprints you request, deliver optional notifications, prevent abuse, and improve the Service. We do not sell personal data.
4. Legal bases (GDPR / UK GDPR)
Where GDPR/UK GDPR applies, we rely on the following legal bases: performance of a contract (to provide the Service you sign up for), legitimate interests (to secure the Service and prevent abuse), consent (for non-essential cookies and optional marketing), and legal obligation (to comply with applicable law).
6. Data retention
Audit reports and blueprints are retained until you delete them or delete your account. Discord OAuth tokens are retained until you disconnect your Discord connection or delete your account. Operational logs are retained for up to 90 days for security and debugging.
When you delete your account, we delete or irreversibly anonymize your personal data within 30 days, except where retention is required by law.
7. Your rights
Depending on where you live, you may have the right to access, rectify, delete, restrict, port, or object to the processing of your personal data. You can also withdraw consent for optional processing at any time.
To exercise these rights, email privacy@dcauditapp.com. We respond within 30 days.
8. Security
We apply industry-standard controls: encrypted transport (TLS), encrypted storage for secrets, per-user row-level security on the database, AES-256 encryption for Discord OAuth tokens, and least-privilege service credentials. No system is perfectly secure — please protect your account credentials and report suspected incidents to the address below.
9. Children
The Service is not directed to individuals under the age of 13 (or 16 in the EEA/UK). We do not knowingly collect personal data from children; contact us if you believe we have.
10. International transfers
Personal data may be processed in countries other than your own, including the United States. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.
11. Changes to this policy
We may update this policy from time to time. Material changes will be announced by email or in-app notice and reflected in the version number and effective date at the top of this document.
12. Contact
Questions or requests: privacy@dcauditapp.com. General support: support@dcauditapp.com.
Related: Terms of Service · Legal Center
