Elpho logo
elpho
Home/Legal

Legal

Privacy Policy and Terms of Service for Elpho.

Service name
Elpho
Effective date
2026-02-21
Contact email
support@metylen.me
Jurisdiction / governing law
Poland
Address (if applicable)
Not publicly listed (available upon a justified request where required by law)

1) Privacy Policy

1.1 Who we are

The provider of the Service (the Discord bot, API and dashboard) is an individual developer (natural person) operating in Poland ("we", "us").

If you are a Discord server owner/admin using the bot in your server, you may also be a separate controller for content and moderation data within your server. This policy describes what we process in order to operate the Service.

1.2 What this covers

This policy applies to:

the Discord bot (commands, events, automated moderation, tickets, reminders, etc.)
the web dashboard (Discord OAuth login, guild management)
the web/API features used by the dashboard and verification

1.3 Data we process

Below are the main categories of data processed by the Service.

A) Discord identifiers and metadata (required to function)

We process:

Discord user ID, guild (server) ID, channel ID, role ID, message ID
username/tag and avatar URL (when provided by Discord)
information about which servers you can manage in the dashboard (as provided by Discord after login)

Purpose: provide bot functionality, permissions checks, configuration per guild, moderation and audit features.

B) User-provided content (feature-dependent)

We process and in some cases store content you provide to the bot, including:

custom command code/content saved per guild (custom commands)
reminders text (stored until delivered/cancelled)
AFK status reason (stored until cleared)
ticket system inputs (panel questions/answers) and operational ticket metadata
scheduled task content configured by server admins (scheduler)

Additionally, the bot may process message content in specific features:

Ghost pings: may store content and mention targets when a ping message is deleted (to allow server staff to review)
Snipes (deleted/edited message previews): may temporarily keep recent deleted/edited message content to display it on request
Highlights / starboard-like feature: may repost message content (or a snippet) into a dedicated highlight channel when configured

C) Moderation, security and audit logs

Depending on configuration, we may store:

warnings and moderation log records (who, whom, when, reason)
anti-spam/content-filter/anti-nuke events (may log actor IDs and triggers)
bot bans (blocking specific users from using the bot)
security scan logs (command/activity risk flags)

Purpose: safety, abuse prevention, server moderation features.

D) Feature data (economy, leveling, games)

Depending on which modules are enabled on a server, we may store feature-specific data linked to Discord IDs, such as:

leveling/XP/achievements progress
economy/game state (balances, items, roles/shop purchases, gangs or similar)
giveaways and other mini-game participation state

Purpose: provide the requested gameplay/utility features and prevent abuse.

E) Telemetry and diagnostics

We may store:

command usage events (user ID, guild/channel IDs, command name, success/error)
error reports (error message and technical details) to diagnose failures

Purpose: reliability, debugging, feature improvements, anti-abuse.

F) OAuth session and cookies (dashboard)

The dashboard uses cookie-based sessions.

Cookies used by the dashboard include:

elpho/dashboard (session cookie used to keep you logged in)
a short-lived login/security cookie used to protect the sign-in flow

Purpose: login state, secure OAuth flow, showing which guilds you can manage.

G) Integrations

If you enable integrations, we may process related identifiers/config:

Last.fm: Discord user ID + linked Last.fm username
YouTube: channel IDs and notification configuration; uses YouTube Data API
TikTok: handles and subscription state

Some integrations may also keep basic delivery/diagnostic records (for example, whether an event was delivered or failed).

H) Script storage (ElphoScript / SimpleScript)

The project includes a scripting/runtime feature that can store arbitrary JSON key/value data on disk, scoped (for example, by guild). Depending on script logic, this storage may contain personal data.

Purpose: allow scripted automations.

1.4 Automated actions

Some safety and moderation features can take automated actions (depending on settings), such as deleting messages, timing out users, or stripping roles. These actions are based on server-configured rules.

1.5 Legal bases (EEA/UK GDPR style; adjust if not applicable)

We generally rely on:

performance of a contract (providing the Service you request / server admins configure)
legitimate interests (security, preventing abuse, service reliability)
consent (where required for optional features; for example, certain integrations), which you can withdraw by disabling the feature

If you operate in the EU/EEA/UK, these bases are intended to align with GDPR requirements. Where applicable, we can clarify our role (controller/processor) for specific features on request.

1.6 Sharing and third parties (processors)

The Service interacts with third parties, including:

Discord (platform provider; we use Discord APIs and your content remains subject to Discord’s policies)
Cloudflare Turnstile (captcha verification for verification; processes IP/device signals to detect abuse)
Groq (LLM API) for AI features (chat/translation). Input text is sent to Groq to generate a response.
Google/YouTube Data API (if YouTube features are enabled)
TikTok (if TikTok features are enabled)
Last.fm (if Last.fm features are enabled)
Hosting / infrastructure provider: Cortano.cloud and Vercel.com
Database host: Cortano.cloud

We do not sell personal data.

1.7 International data transfers

Some providers may process data outside your country/EEA. Transfers depend on the vendors and hosting location. Where required, we will provide information about relevant safeguards (for example, SCCs) upon request.

1.8 Retention (how long we keep data)

Retention depends on feature configuration and maintenance/cleanup.

Typical retention behavior:

Some features keep short-lived, temporary data (for example, message preview/utility features).
Ghost ping records may be retained for a limited time (typically up to 7 days, depending on configuration).
Reminders are stored until delivered or cancelled.
AFK status is stored until cleared.
Telemetry/logs and diagnostics are retained for a limited period and may be deleted as part of maintenance.

We may periodically run cleanup procedures (including deletion of older telemetry/logs) as part of maintenance; exact schedules can vary by deployment.

1.9 Your choices and rights

Depending on your jurisdiction, you may have rights to:

access your data
delete your data
correct your data
object to processing
restrict processing
data portability
lodge a complaint with a supervisory authority (in Poland: UODO)

Practical controls:

You can disable features per guild that store additional data (tickets, highlights, ghost pings, integrations).
You can request deletion via support@metylen.me; include your Discord user ID and relevant guild ID.
Server admins can also remove the bot from a guild to stop future processing in that guild.

1.10 Security

We implement reasonable technical and organizational measures, including:

limiting access to the database and secrets
using HTTPS for web/API where deployed
using httpOnly cookies for session where applicable

No method is 100% secure; you use the Service at your own risk.

1.11 Children

The Service is not intended for children under the minimum age required by Discord’s Terms. Do not use the Service if you are under that age.

1.12 Changes

We may update this policy from time to time. The effective date at the top indicates the latest version.

2) Terms of Service

2.1 Acceptance

By using the Service (bot, dashboard, API), you agree to these Terms and the Privacy Policy.

2.2 Eligibility

You must comply with Discord’s Terms and policies and any applicable laws.

2.3 Service description

The Service provides server utilities and automations, including (depending on configuration): moderation tools, tickets, reminders, verification, telemetry/analytics, integrations, scripting/custom commands, and optional AI features.

2.4 Your responsibilities

You agree to:

use the Service lawfully and follow Discord rules
configure permissions responsibly (the bot needs permissions to act)
not abuse the Service (spam, harassment, malware distribution, evasion)
not attempt to disrupt, reverse engineer, or bypass security controls

If you use scripting/custom commands:

you are responsible for the logic you deploy
scripts may interact with third-party services; do not send personal data to third parties unless you have a lawful basis

2.5 Server admins and content

If you are a server admin, you are responsible for:

informing your members about bot features you enable (tickets/transcripts, ghost pings, logging, etc.)
ensuring you have a lawful basis to enable and operate moderation/logging features

2.6 User content and licenses

You retain ownership of content you submit (messages, custom commands, ticket answers). You grant us a limited license to process that content solely to operate the Service.

2.7 AI features disclaimer

If AI features are enabled:

prompts/messages may be sent to an external AI provider (Groq)
outputs may be incorrect, incomplete, or inappropriate
you are responsible for how you use AI outputs

Do not submit sensitive personal data to AI features unless necessary.

2.8 Availability and changes

We may modify, suspend, or discontinue parts of the Service at any time.

2.9 Termination and enforcement

We may restrict or ban usage (including a global bot-ban) if we believe you violate these Terms or pose a security risk.

2.10 Premium / paid features (if applicable)

The project includes premium tiers/keys and premium appearance/custom limits.

Pricing/payment/refunds depend on how (and whether) premium is sold/distributed. If payments are introduced, purchase terms (price, duration, refunds) will be presented at the time of purchase and/or in a separate premium policy.

2.11 Disclaimers

The Service is provided “as is” and “as available”, without warranties of any kind, to the extent permitted by law.

2.12 Limitation of liability

To the maximum extent permitted by law, we are not liable for indirect, incidental, special, consequential damages, or loss of data, arising from the use of the Service.

2.13 Governing law

These Terms are governed by the laws of Poland.

2.14 Contact

Questions about these Terms or privacy requests:

Email: support@metylen.me

3) Cookies

The dashboard uses essential cookies for authentication and security. These cookies are required for the login flow and to keep you signed in.

elpho/dashboard: session cookie used to keep you logged in.
Short-lived login/security cookie: protects the sign-in flow.