1. Introduction
grindfi ("we," "our," or "us") operates the grindfi Discord bot and web dashboard at grindfi.app. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
By using grindfi, you consent to the data practices described in this policy. If you do not agree with our policies, please do not use our service.
2. Information We Collect
2.1 Information from Discord
When you interact with our bot or authenticate via Discord OAuth, we collect:
- Discord User ID - Your unique Discord identifier
- Username and Display Name - Your Discord username
- Email Address - Only when you log into our dashboard (via Discord OAuth)
- Server (Guild) Information - Server ID, name, and member count for servers where you use grindfi
- Avatar URL - For displaying your profile in our dashboard
2.2 Activity Data
To provide our engagement and rewards features, we collect:
- Message Activity - Message counts (not message content) for points calculation
- Quest Submissions - Content you submit for quests (tweets, screenshots, etc.)
- Points and Achievements - Your earned points, streaks, and achievement progress
- Twitter/X Data - When you connect Twitter for verification: Twitter handle and tweet URLs you submit
2.3 Payment Information
Payment processing is handled entirely by Stripe. We do not store your credit card numbers, bank account details, or other financial information. We only receive:
- Subscription status and plan tier
- Payment confirmation (success/failure)
- Stripe customer ID for managing your subscription
2.4 Technical Data
- IP address (for security and rate limiting)
- Browser type and device information
- Access timestamps and logs
3. How We Use Your Information
We use the collected information to:
- Provide the Service - Track points, manage quests, display leaderboards, award achievements
- Process Payments - Manage subscriptions and billing through Stripe
- Improve Our Service - Analyze usage patterns, fix bugs, develop new features
- Communicate - Send service-related announcements and respond to support requests
- Ensure Security - Detect fraud, spam, and abuse; enforce our Terms of Service
- Comply with Law - Meet legal obligations and respond to lawful requests
4. Data Sharing and Disclosure
4.1 Third-Party Services
We share data with these service providers who help us operate grindfi:
Our Service Providers
- Discord - Authentication and bot functionality
- Stripe - Payment processing (Stripe Privacy Policy)
- MongoDB Atlas - Database hosting (encrypted, EU/US regions)
- Hetzner - Server infrastructure (Germany)
- Twitter/X API - Tweet verification (only if you use Twitter features)
4.2 Public Information
The following may be visible to other users in your Discord server:
- Your username on leaderboards
- Your points, tier, and achievement badges
- Your streak status
4.3 Legal Requirements
We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
4.4 We Do NOT
- Sell your personal data to third parties
- Share your data for advertising purposes
- Read your private Discord messages
5. Data Retention
We retain your data for as long as necessary to provide our services:
- Active Users - Data is retained while your server uses grindfi
- After Bot Removal - Server data is retained for 30 days, then deleted
- Account Deletion - Upon request, we delete your data within 30 days
- Payment Records - Retained for 7 years for tax/legal compliance
6. Data Security
We implement appropriate security measures to protect your data:
- Encrypted database connections (TLS/SSL)
- Secure OAuth 2.0 authentication
- Access controls and monitoring
- Regular security updates
However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
7. Your Rights
Depending on your location, you may have the following rights:
7.1 For All Users
- Access - Request a copy of your data
- Deletion - Request deletion of your data
- Correction - Request correction of inaccurate data
- Objection - Object to certain processing of your data
7.2 For EU/EEA Users (GDPR)
You have additional rights under GDPR including data portability and the right to lodge a complaint with a supervisory authority.
7.3 For California Users (CCPA)
California residents have the right to know what personal information is collected, request deletion, and opt-out of sale (we do not sell data).
To exercise any of these rights, contact us via Discord or email (see Contact section below).
8. Children's Privacy
grindfi is not intended for users under 13 years of age (or the minimum age required by Discord in your country). We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us immediately.
9. International Data Transfers
Your data may be processed in countries outside your own, including the United States and Germany (where our servers are located). We ensure appropriate safeguards are in place for international transfers.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Posting a notice on our website
- Updating the "Last updated" date
- Announcing in our Discord server for major changes
Continued use of grindfi after changes constitutes acceptance of the updated policy.