PRIVACY POLICY
Last updated: June 7, 2026
PRIVACY POLICY AND DATA PROCESSING AGREEMENT
This Privacy Policy ("Policy") is entered into by and between EMOGIR.LS LLC, doing business as Zelfur.gg ("Company," "we," "us," or "our"), and you, the user ("User," "you," or "your"). This Policy governs the collection, processing, storage, and protection of your personal information in connection with your use of Greed ("Service"). By accessing or using the Service, you expressly consent to the data practices described herein.
DATA COLLECTION AND RETENTION SCHEDULE
CATEGORY I: PERMANENT DATA RETENTION (SUBJECT TO MANUAL DELETION REQUEST)
- Discord Guild Identifiers and Associated Nomenclature
- Channel Identification Numbers
- Role Assignment Identifiers
- User Identification Numbers
- Message Identifiers and Temporal Metadata
- Historical Avatar Representations
- User Aliases and Nomenclature History
- Cryptographically Hashed Internet Protocol Addresses
CATEGORY II: THREE HUNDRED AND SIXTY-FIVE (365) DAY RETENTION VIA CLOUDFLARE ENTERPRISE
- Internet Protocol Addresses and Associated Request Metadata
- Client Browser and Device Specifications
- Geolocation Data Points
- Traffic Analysis and Security Event Logs
CATEGORY III: FOURTEEN (14) DAY RETENTION PERIOD
- Command Execution Information (Command Name, Invoked By, Invoked At.) NO MESSAGE CONTENT IS STORED
- Command Parameter and Argument Data
CATEGORY V: POSTHOG ANALYTICS DATA (US SERVERS)
- Command Invocation Analytics (Command Usage, User ID, Guild ID)
- Anti-Nuke Event Data (Action Type, Punishment Type, Guild ID, User ID, Success Status, Reason)
- Anti-Raid Event Data (Action Type, Punishment Type, Guild ID, User ID, Success Status, Reason)
- Guild Analytics (Total Anti-Nuke/Anti-Raid Actions, Last Action Timestamps, Current Punishment Settings)
CATEGORY IV: TWO (2) HOUR MAXIMUM RETENTION IN VOLATILE MEMORY
- Recently Deleted Message Content (Maximum of Eighteen (18) Entries)
- Message Modification History (Maximum of Eighteen (18) Entries)
- Emoji Reaction Historical Data (Maximum of Eighteen (18) Entries)
DATA SECURITY INFRASTRUCTURE AND PROTOCOLS
DATA CENTER SECURITY SPECIFICATIONS
- Primary Processing Facility: Ashburn, Virginia (SOC 2 Type II Certified Infrastructure)
- Secondary Processing Facilities: New York, United States of America and Falkenstein, Federal Republic of Germany
- Twenty-Four (24) Hour Physical Security Monitoring and Access Control
- Regular Third-Party Security Audits and Compliance Verification
DATA PROTECTION MEASURES
- Implementation of Industry-Standard Encryption Protocols for Data at Rest and in Transit
- Automated Security Update Implementation and Patch Management System
- Multi-Factor Authentication and Role-Based Access Control Implementation
- Scheduled Data Backup Verification and Disaster Recovery Testing
SERVER REPORTS AND USER REPORTS
REPORT PROCESSING LIMITATIONS AND DISCLAIMERS
The Company expressly disclaims any and all responsibility for the processing or handling of server-related reports. The Company lacks the requisite capabilities to verify or authenticate the veracity of such reports and therefore cannot undertake any actions predicated upon such unverified information.
In instances where users encounter violations of Discord's Terms of Service or Community Guidelines, such violations must be reported directly to Discord through their designated support channel at dis.gd/support.
- The Company maintains no report database infrastructure
- Report verification capabilities are not within the Company's operational scope
- All violations require direct submission to Discord's Trust & Safety division
- The Company does not engage in user or server dispute mediation
DATA USAGE AND PROCESSING JUSTIFICATION
Upon command invocation, message content is retained for a maximum duration of fourteen (14) days for diagnostic purposes. Additionally, the system maintains a maximum of eighteen (18) entries for message modifications and deletions in volatile memory, with a retention period not exceeding two (2) hours.
Discord Guild Identifiers, Channel Identifiers, Role Identifiers, User Identifiers, and Message Identifiers are retained within our systems for the purpose of data aggregation and retrieval functionality.
User alias modifications, username alterations, and avatar modifications are logged to facilitate the functionality of the "namehistory" and "avatarhistory" commands. Users retain the right to purge this data at their discretion. (EFFECTIVE IMMEDIATELY AND AUTOMATIC)
Guild nomenclature modifications are recorded to enable the functionality of the "gnames" command. Server administrators retain the authority to purge this data at their discretion.
Analytics data is collected and processed through PostHog, hosted on US servers, to monitor and improve service functionality. This includes command usage patterns, anti-nuke and anti-raid event tracking, and guild-level security metrics. This data helps us enhance security features, optimize performance, and identify potential abuse patterns. All analytics data is processed in compliance with applicable data protection regulations.
DATA PROCESSING RESTRICTIONS AND LIMITATIONS
While the Company engages in data collection as previously enumerated, the following activities are expressly prohibited:
- Storage or processing of server-specific or user-specific reports
- Maintenance of server violation records or documentation
- Dissemination of user or server data to third-party moderation services
- Utilization of collected data for server moderation determinations
INFORMATION SHARING AND DISCLOSURE POLICY
The Company maintains a strict non-disclosure policy regarding all collected information. The Company expressly prohibits the sale, transfer, or exposure of user information to third parties or external entities. Furthermore, the Company does not engage in data sharing practices with external moderation services or other Discord-based applications. All collected data remains exclusively within the Company's systems for the purposes previously enumerated in this Policy.
DATA SUBJECT RIGHTS AND ACCESS PROCEDURES
DATA SUBJECT RIGHTS
Pursuant to applicable data protection laws, you are entitled to exercise the following rights:
- Right to access and obtain a copy of your personal data
- Right to request deletion of your stored personal data
- Right to be informed about the processing of your personal data
To exercise any of the aforementioned rights, please submit your request via electronic mail to [email protected]. Please be advised that response times may vary, with a maximum processing time of twenty four (24) days.
AGE RESTRICTIONS AND COPPA COMPLIANCE PROTOCOL
AGE-RELATED REQUIREMENTS AND RESTRICTIONS
In accordance with the Children's Online Privacy Protection Act (COPPA) and Discord's Terms of Service, the following age-related restrictions are strictly enforced:
- Users must have attained a minimum age of thirteen (13) years to utilize the Service
- Users between thirteen (13) and eighteen (18) years of age must obtain parental or legal guardian consent
- Users under eighteen (18) years of age are expressly prohibited from accessing age-restricted functionalities
MINOR DATA PROCESSING PROTOCOL:
- The Company does not knowingly process or retain data from individuals under thirteen (13) years of age
- Upon discovery of data collection from an individual under thirteen (13) years of age, such data shall be promptly deleted
- Parents or legal guardians may request data deletion for users under eighteen (18) years of age
AUTHENTICATION PROTOCOL AND OAUTH2 IMPLEMENTATION
REQUIRED AUTHORIZATION SCOPES:
- identify - For Discord account verification and authentication
- guilds - For Service management permission verification
DATA PROCESSING PROTOCOL:
- The Company generates and maintains its own proprietary authentication tokens, distinct from Discord's account tokens which are never accessible to the Company
- Company-generated tokens are subject to industry-standard encryption protocols
- Token utilization is strictly limited to facilitating secure communication between the dashboard interface and Company's application programming interface
- Immediate token invalidation occurs upon user-initiated logout
The Company maintains minimal authorization scope requirements necessary for Service functionality. No additional authorization scopes are requested or retained beyond those explicitly enumerated above. The Company does not have access to Discord account tokens, which remain exclusively within Discord's control.
THIRD-PARTY DATA PROCESSING RESTRICTIONS
NON-DISCLOSURE AND NON-TRANSFER POLICY
The Service maintains stringent data handling protocols:
- Prohibition of data sale or rental to third-party entities
- Non-disclosure of data to external Discord-based services
- Exclusive data retention within the Service's infrastructure
- Restricted external service access to user data
PARTNERSHIP EXCEPTION - PROX BOT
The Company maintains a strategic partnership with Prox (operated by loti.dev, managed by Zelfur.gg) to provide enhanced vanity URL reward functionality. Under this partnership:
- Configuration data entered through our Service for Prox's vanity URL reward system is shared with Prox
- This data sharing is strictly limited to information you explicitly provide for Prox's functionality
- Data sharing occurs only when you choose to configure Prox's services through our interface
LEGAL COMPLIANCE EXCEPTION
The sole exception to this policy shall be in response to legally binding requests from law enforcement agencies or judicial authorities. In such instances, only the specific data required by the legal order shall be disclosed.
EUROPEAN UNION DATA SUBJECT RIGHTS (GDPR)
ENHANCED RIGHTS UNDER GENERAL DATA PROTECTION REGULATION
Data subjects within the European Union are entitled to additional rights pursuant to the General Data Protection Regulation:
- Right of access to personal data
- Right to rectification of inaccurate personal data
- Right to erasure of personal data ("right to be forgotten")
- Right to restriction of processing
- Right to data portability
EXPEDITED PROCESSING PROTOCOL FOR EU DATA SUBJECTS:
To facilitate expedited processing of data subject requests, please include the designation "(EU CITIZEN)" in the subject line of electronic mail correspondence to [email protected]. Requests from European Union data subjects shall typically be processed within forty-eight (48) hours of receipt.
POLICY MODIFICATION AND UPDATE PROTOCOL
The Company reserves the right to modify, amend, or update these terms at any time without prior notification. Continued utilization of the Service following any such modifications shall constitute acceptance of the updated terms. Violation of the terms of service may result in permanent termination of access to all Company services.
CLOUDFLARE ENTERPRISE DATA PROCESSING AGREEMENT
DATA COLLECTION PARAMETERS:
- Internet Protocol addresses and associated request metadata
- Client browser specifications and device identifiers
- Geographic location coordinates
- Network traffic patterns and security event logs
DATA RETENTION PROTOCOL:
- Cloudflare maintains data for three hundred and sixty-five (365) days
- Data processing is conducted in accordance with Cloudflare's privacy policy
- The Company maintains no direct control over Cloudflare's data retention practices
PROCESSING OBJECTIVES:
- Distributed Denial of Service (DDoS) protection and threat mitigation
- Service performance optimization protocols
- Security analytics and monitoring systems
- Service reliability enhancement protocols
For comprehensive information regarding Cloudflare's data processing protocols, please refer to Cloudflare's Privacy Policy at cloudflare.com/privacypolicy
CLOUDFLARE TURNSTILE
PROCESSING PURPOSE:
The Service uses Cloudflare Turnstile to distinguish human visitors from automated bots and to protect against malicious activity. Turnstile may process client-side signals such as Internet Protocol addresses, TLS fingerprints, User-Agent headers, and site key metadata associated with your visit.
DATA CONTROLLER AND PROCESSOR ROLES:
Cloudflare processes Turnstile signals on our behalf as a data processor for bot detection and website protection. Cloudflare may also process certain signals as a data controller to improve Turnstile's bot detection capabilities, as described in Cloudflare's Turnstile Privacy Addendum.
For comprehensive information regarding Cloudflare Turnstile data processing, please refer to Cloudflare's Turnstile Privacy Addendum at cloudflare.com/en-gb/turnstile-privacy-policy
INTERNET PROTOCOL ADDRESS PROCESSING PROTOCOL
INTERNAL PROCESSING PROTOCOL:
- Internet Protocol addresses undergo cryptographic hashing prior to storage
- Hashed identifiers are retained indefinitely pending manual deletion request
- Utilized for security protocol enforcement and abuse prevention measures
SECURITY IMPLEMENTATION MEASURES:
- Implementation of industry-standard cryptographic algorithms
- Regular third-party security protocol audits
- Access control monitoring and authentication protocols
Internet Protocol address processing is essential for maintaining service security protocols and preventing unauthorized access. The cryptographic hashing protocol ensures that unencrypted Internet Protocol addresses are never retained within Company systems while maintaining the capability to identify and prevent malicious activities.