YellowWorm
BlogTerms of Service →

Privacy Policy

Last updated: March 31, 2026

1. Introduction

YellowWorm ("we", "our", or "the Service") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, how long we keep it, and your rights regarding that data.

2. Data We Collect

2a. Authentication Data

When you log in via Discord OAuth2, we receive and store:

  • Your Discord user ID
  • Your Discord username and display name
  • Your Discord avatar hash
  • A list of Discord servers you are a member of (used only to show your servers, not stored long-term)

2b. Server Activity Data

When the YellowWorm bot is present in a Discord server, we collect:

  • Message metadata: timestamp, channel ID, message type, and author user ID — we never store or read message content
  • Voice activity: session start/end times, channel ID, and duration
  • Member events: join dates, leave dates, and guild membership status
  • Reaction and reply counts — counts only, not content

2c. Login Audit Data

For security purposes, we log each login event including IP address, timestamp, and user identity. This data is visible only to platform administrators.

2d. Cookies

We use a single session cookie (yw_session) to maintain your authenticated session. This cookie is HTTP-only, secure in production, and expires after 7 days of inactivity. We do not use advertising or tracking cookies.

3. How We Use Your Data

  • To provide analytics dashboards to authorised server administrators
  • To identify you when you log in and determine which servers you can access
  • To detect fraudulent or abusive login activity
  • To improve the accuracy and performance of the Service

We do not sell, rent, or share your data with third parties for advertising, marketing, or any commercial purpose.

4. Data Retention

We retain server activity data (messages, voice sessions, member events) for as long as the YellowWorm bot remains in your server. If the bot is removed, we will retain historical data for up to 90 days before it is permanently deleted, unless an earlier deletion is requested.

Authentication data and login logs are retained for up to 12 months.

5. Data Security

We implement industry-standard security practices including HTTPS encryption, signed session cookies using HMAC-SHA256, and access controls that limit data visibility to authorised server administrators. No data security system is 100% infallible, and we cannot guarantee absolute security.

6. Your Rights

You have the right to:

  • Access the data we hold about you
  • Rectification of inaccurate data
  • Erasure — request deletion of your data (your Discord user ID and associated records)
  • Portability — request an export of your data in a machine-readable format
  • Objection — object to processing of your data

To exercise any of these rights, contact us via our Discord support server. We will respond within 30 days.

7. Third-Party Services

YellowWorm uses the following third-party services:

  • Discord API — for authentication and server data. Subject to Discord's Privacy Policy.
  • Google Fonts — for typography. Subject to Google's privacy policy.

We do not use third-party analytics, advertising networks, or social tracking pixels.

8. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related enquiries or to exercise your data rights, please contact us via our Discord support server.

Privacy Policy – YellowWorm · YellowWorm