PRIVACY POLICY

Last updated: June 7, 2026

PRIVACY POLICY AND DATA PROCESSING AGREEMENT

This Privacy Policy ("Policy") is entered into by and between EMOGIR.LS LLC, doing business as Zelfur.gg ("Company," "we," "us," or "our"), and you, the user ("User," "you," or "your"). This Policy governs the collection, processing, storage, and protection of your personal information in connection with your use of Greed ("Service"). By accessing or using the Service, you expressly consent to the data practices described herein.

DATA COLLECTION AND RETENTION SCHEDULE

CATEGORY I: PERMANENT DATA RETENTION (SUBJECT TO MANUAL DELETION REQUEST)

  • Discord Guild Identifiers and Associated Nomenclature
  • Channel Identification Numbers
  • Role Assignment Identifiers
  • User Identification Numbers
  • Message Identifiers and Temporal Metadata
  • Historical Avatar Representations
  • User Aliases and Nomenclature History
  • Cryptographically Hashed Internet Protocol Addresses

CATEGORY II: THREE HUNDRED AND SIXTY-FIVE (365) DAY RETENTION VIA CLOUDFLARE ENTERPRISE

  • Internet Protocol Addresses and Associated Request Metadata
  • Client Browser and Device Specifications
  • Geolocation Data Points
  • Traffic Analysis and Security Event Logs

CATEGORY III: FOURTEEN (14) DAY RETENTION PERIOD

  • Command Execution Information (Command Name, Invoked By, Invoked At.) NO MESSAGE CONTENT IS STORED
  • Command Parameter and Argument Data

CATEGORY V: POSTHOG ANALYTICS DATA (US SERVERS)

  • Command Invocation Analytics (Command Usage, User ID, Guild ID)
  • Anti-Nuke Event Data (Action Type, Punishment Type, Guild ID, User ID, Success Status, Reason)
  • Anti-Raid Event Data (Action Type, Punishment Type, Guild ID, User ID, Success Status, Reason)
  • Guild Analytics (Total Anti-Nuke/Anti-Raid Actions, Last Action Timestamps, Current Punishment Settings)

CATEGORY IV: TWO (2) HOUR MAXIMUM RETENTION IN VOLATILE MEMORY

  • Recently Deleted Message Content (Maximum of Eighteen (18) Entries)
  • Message Modification History (Maximum of Eighteen (18) Entries)
  • Emoji Reaction Historical Data (Maximum of Eighteen (18) Entries)

DATA SECURITY INFRASTRUCTURE AND PROTOCOLS

DATA CENTER SECURITY SPECIFICATIONS

  • Primary Processing Facility: Ashburn, Virginia (SOC 2 Type II Certified Infrastructure)
  • Secondary Processing Facilities: New York, United States of America and Falkenstein, Federal Republic of Germany
  • Twenty-Four (24) Hour Physical Security Monitoring and Access Control
  • Regular Third-Party Security Audits and Compliance Verification

DATA PROTECTION MEASURES

  • Implementation of Industry-Standard Encryption Protocols for Data at Rest and in Transit
  • Automated Security Update Implementation and Patch Management System
  • Multi-Factor Authentication and Role-Based Access Control Implementation
  • Scheduled Data Backup Verification and Disaster Recovery Testing

SERVER REPORTS AND USER REPORTS

REPORT PROCESSING LIMITATIONS AND DISCLAIMERS

The Company expressly disclaims any and all responsibility for the processing or handling of server-related reports. The Company lacks the requisite capabilities to verify or authenticate the veracity of such reports and therefore cannot undertake any actions predicated upon such unverified information.

In instances where users encounter violations of Discord's Terms of Service or Community Guidelines, such violations must be reported directly to Discord through their designated support channel at dis.gd/support.

  • The Company maintains no report database infrastructure
  • Report verification capabilities are not within the Company's operational scope
  • All violations require direct submission to Discord's Trust & Safety division
  • The Company does not engage in user or server dispute mediation

DATA USAGE AND PROCESSING JUSTIFICATION

Upon command invocation, message content is retained for a maximum duration of fourteen (14) days for diagnostic purposes. Additionally, the system maintains a maximum of eighteen (18) entries for message modifications and deletions in volatile memory, with a retention period not exceeding two (2) hours.

Discord Guild Identifiers, Channel Identifiers, Role Identifiers, User Identifiers, and Message Identifiers are retained within our systems for the purpose of data aggregation and retrieval functionality.

User alias modifications, username alterations, and avatar modifications are logged to facilitate the functionality of the "namehistory" and "avatarhistory" commands. Users retain the right to purge this data at their discretion. (EFFECTIVE IMMEDIATELY AND AUTOMATIC)

Guild nomenclature modifications are recorded to enable the functionality of the "gnames" command. Server administrators retain the authority to purge this data at their discretion.

Analytics data is collected and processed through PostHog, hosted on US servers, to monitor and improve service functionality. This includes command usage patterns, anti-nuke and anti-raid event tracking, and guild-level security metrics. This data helps us enhance security features, optimize performance, and identify potential abuse patterns. All analytics data is processed in compliance with applicable data protection regulations.

DATA PROCESSING RESTRICTIONS AND LIMITATIONS

While the Company engages in data collection as previously enumerated, the following activities are expressly prohibited:

  • Storage or processing of server-specific or user-specific reports
  • Maintenance of server violation records or documentation
  • Dissemination of user or server data to third-party moderation services
  • Utilization of collected data for server moderation determinations

INFORMATION SHARING AND DISCLOSURE POLICY

The Company maintains a strict non-disclosure policy regarding all collected information. The Company expressly prohibits the sale, transfer, or exposure of user information to third parties or external entities. Furthermore, the Company does not engage in data sharing practices with external moderation services or other Discord-based applications. All collected data remains exclusively within the Company's systems for the purposes previously enumerated in this Policy.

DATA SUBJECT RIGHTS AND ACCESS PROCEDURES

DATA SUBJECT RIGHTS

Pursuant to applicable data protection laws, you are entitled to exercise the following rights:

  • Right to access and obtain a copy of your personal data
  • Right to request deletion of your stored personal data
  • Right to be informed about the processing of your personal data

To exercise any of the aforementioned rights, please submit your request via electronic mail to [email protected]. Please be advised that response times may vary, with a maximum processing time of twenty four (24) days.

AGE RESTRICTIONS AND COPPA COMPLIANCE PROTOCOL

AGE-RELATED REQUIREMENTS AND RESTRICTIONS

In accordance with the Children's Online Privacy Protection Act (COPPA) and Discord's Terms of Service, the following age-related restrictions are strictly enforced:

  • Users must have attained a minimum age of thirteen (13) years to utilize the Service
  • Users between thirteen (13) and eighteen (18) years of age must obtain parental or legal guardian consent
  • Users under eighteen (18) years of age are expressly prohibited from accessing age-restricted functionalities

MINOR DATA PROCESSING PROTOCOL:

  • The Company does not knowingly process or retain data from individuals under thirteen (13) years of age
  • Upon discovery of data collection from an individual under thirteen (13) years of age, such data shall be promptly deleted
  • Parents or legal guardians may request data deletion for users under eighteen (18) years of age

AUTHENTICATION PROTOCOL AND OAUTH2 IMPLEMENTATION

REQUIRED AUTHORIZATION SCOPES:

  • identify - For Discord account verification and authentication
  • guilds - For Service management permission verification

DATA PROCESSING PROTOCOL:

  • The Company generates and maintains its own proprietary authentication tokens, distinct from Discord's account tokens which are never accessible to the Company
  • Company-generated tokens are subject to industry-standard encryption protocols
  • Token utilization is strictly limited to facilitating secure communication between the dashboard interface and Company's application programming interface
  • Immediate token invalidation occurs upon user-initiated logout

The Company maintains minimal authorization scope requirements necessary for Service functionality. No additional authorization scopes are requested or retained beyond those explicitly enumerated above. The Company does not have access to Discord account tokens, which remain exclusively within Discord's control.

THIRD-PARTY DATA PROCESSING RESTRICTIONS

NON-DISCLOSURE AND NON-TRANSFER POLICY

The Service maintains stringent data handling protocols:

  • Prohibition of data sale or rental to third-party entities
  • Non-disclosure of data to external Discord-based services
  • Exclusive data retention within the Service's infrastructure
  • Restricted external service access to user data

PARTNERSHIP EXCEPTION - PROX BOT

The Company maintains a strategic partnership with Prox (operated by loti.dev, managed by Zelfur.gg) to provide enhanced vanity URL reward functionality. Under this partnership:

  • Configuration data entered through our Service for Prox's vanity URL reward system is shared with Prox
  • This data sharing is strictly limited to information you explicitly provide for Prox's functionality
  • Data sharing occurs only when you choose to configure Prox's services through our interface

LEGAL COMPLIANCE EXCEPTION

The sole exception to this policy shall be in response to legally binding requests from law enforcement agencies or judicial authorities. In such instances, only the specific data required by the legal order shall be disclosed.

EUROPEAN UNION DATA SUBJECT RIGHTS (GDPR)

ENHANCED RIGHTS UNDER GENERAL DATA PROTECTION REGULATION

Data subjects within the European Union are entitled to additional rights pursuant to the General Data Protection Regulation:

  • Right of access to personal data
  • Right to rectification of inaccurate personal data
  • Right to erasure of personal data ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability

EXPEDITED PROCESSING PROTOCOL FOR EU DATA SUBJECTS:

To facilitate expedited processing of data subject requests, please include the designation "(EU CITIZEN)" in the subject line of electronic mail correspondence to [email protected]. Requests from European Union data subjects shall typically be processed within forty-eight (48) hours of receipt.

POLICY MODIFICATION AND UPDATE PROTOCOL

The Company reserves the right to modify, amend, or update these terms at any time without prior notification. Continued utilization of the Service following any such modifications shall constitute acceptance of the updated terms. Violation of the terms of service may result in permanent termination of access to all Company services.

CLOUDFLARE ENTERPRISE DATA PROCESSING AGREEMENT

DATA COLLECTION PARAMETERS:

  • Internet Protocol addresses and associated request metadata
  • Client browser specifications and device identifiers
  • Geographic location coordinates
  • Network traffic patterns and security event logs

DATA RETENTION PROTOCOL:

  • Cloudflare maintains data for three hundred and sixty-five (365) days
  • Data processing is conducted in accordance with Cloudflare's privacy policy
  • The Company maintains no direct control over Cloudflare's data retention practices

PROCESSING OBJECTIVES:

  • Distributed Denial of Service (DDoS) protection and threat mitigation
  • Service performance optimization protocols
  • Security analytics and monitoring systems
  • Service reliability enhancement protocols

For comprehensive information regarding Cloudflare's data processing protocols, please refer to Cloudflare's Privacy Policy at cloudflare.com/privacypolicy

CLOUDFLARE TURNSTILE

PROCESSING PURPOSE:

The Service uses Cloudflare Turnstile to distinguish human visitors from automated bots and to protect against malicious activity. Turnstile may process client-side signals such as Internet Protocol addresses, TLS fingerprints, User-Agent headers, and site key metadata associated with your visit.

DATA CONTROLLER AND PROCESSOR ROLES:

Cloudflare processes Turnstile signals on our behalf as a data processor for bot detection and website protection. Cloudflare may also process certain signals as a data controller to improve Turnstile's bot detection capabilities, as described in Cloudflare's Turnstile Privacy Addendum.

For comprehensive information regarding Cloudflare Turnstile data processing, please refer to Cloudflare's Turnstile Privacy Addendum at cloudflare.com/en-gb/turnstile-privacy-policy

INTERNET PROTOCOL ADDRESS PROCESSING PROTOCOL

INTERNAL PROCESSING PROTOCOL:

  • Internet Protocol addresses undergo cryptographic hashing prior to storage
  • Hashed identifiers are retained indefinitely pending manual deletion request
  • Utilized for security protocol enforcement and abuse prevention measures

SECURITY IMPLEMENTATION MEASURES:

  • Implementation of industry-standard cryptographic algorithms
  • Regular third-party security protocol audits
  • Access control monitoring and authentication protocols

Internet Protocol address processing is essential for maintaining service security protocols and preventing unauthorized access. The cryptographic hashing protocol ensures that unencrypted Internet Protocol addresses are never retained within Company systems while maintaining the capability to identify and prevent malicious activities.