Privacy Policy for A2GM

Information We Collect

We collect information that you provide directly, data that is synchronized from linked services, and limited technical data necessary to operate the Service. The primary categories include:

• Account and Authentication Data: Discord user IDs, usernames, avatars, optional display names, and optional email addresses supplied to us through Clerk authentication.
• Subscription and Billing Metadata:subscription status, plan identifiers, billing interval, currency, billing amount, renewal dates, cancellation preferences, and provider references managed via DodoPayments. We do not receive or store full payment card numbers.
• Guild and Roster Records: Discord guild IDs, channel and role metadata, member rosters, DKP/loot ledgers, activity schedules, audit trails, support link states, and configurations you create inside the dashboard.
• Support and Integration Logs: state tokens, webhook event payloads, error messages, and invite or automation statuses required to maintain integrations and troubleshoot issues.
• Usage and Device Data: IP addresses, browser type, operating system, session timestamps, and aggregated analytics supplied by Vercel Analytics when enabled in production builds.

How We Use Information

We process the information above in order to deliver the Service and support ongoing operations:

• Authenticate users and secure account access through Discord and Clerk.
• Provision, monitor, and personalize guild management features.
• Synchronize member, channel, and activity data from Discord and store the records you curate.
• Track usage of premium plans, issue invoices, and process refunds via DodoPayments.
• Send service messages and respond to support requests you initiate.
• Detect, investigate, and mitigate abuse, security incidents, or service disruptions.
• Measure aggregate performance and improve the Service in line with user feedback.

Legal Bases for Processing

Where applicable (for example, under the GDPR), we process personal data under the following legal bases: (i) your consent, when you authorize integrations or marketing communication; (ii) fulfillment of our contract with you; (iii) compliance with legal obligations; and (iv) legitimate interests, such as safeguarding the Service and improving product performance. Continued access to or use of the Service constitutes consent to the data practices outlined here. We balance our interests against your rights and expectations and limit processing to what is necessary.

How We Share Information

We do not sell personal information. We share data with trusted providers only when required to operate the Service, all of whom are contractually bound to safeguard it and, where possible, hold SOC 2 or equivalent certifications. Key partners include:

• Discord: authentication and retrieval of guild metadata and member details per the permissions you authorize.
• DodoPayments: subscription billing, refunds, and financial record keeping. Card numbers and banking credentials never reach our systems.
• Clerk: identity management and secure session handling.
• Vercel: hosting infrastructure, error monitoring, and optional analytics with aggregated metrics.
• Convex: database and job infrastructure that stores guild configuration data inside environments we control.

We may also disclose information to comply with law, respond to lawful requests, protect our rights or users, investigate fraud, or complete a merger or acquisition.

Cookies and Tracking

The Service uses essential cookies to maintain secure sessions and remember preferences. When analytics is enabled, Vercel Analytics may set additional cookies or local storage to provide aggregated insights. You can control cookies through your browser settings; however, disabling essential cookies may limit functionality.

Data Retention

We retain personal data for as long as you maintain an account or as long as necessary to provide the Service. Guild data, audit trails, and activity history remain available until you delete them or remove the integration. Applicable Canadian and provincial record-keeping laws require us to preserve operational and billing records for at least 365 days after collection. Because of these obligations, we do not honor requests to purge or selectively delete records during that retention window. We may retain minimal records after account closure to meet legal, accounting, or security obligations, including fraud prevention, audit requirements, and dispute resolution.

Security

We safeguard data with encryption in transit, encryption for sensitive stores at rest, monitored network boundaries, and continuous observability across SOC 2 certified infrastructure. Our teams maintain intrusion detection, regular audits, and backup routines to preserve service continuity. Despite our efforts, no online service can guarantee absolute security, so we encourage administrators to follow best practices when delegating access within their guilds.

International Data Transfers

Our infrastructure operates primarily in Canada and the United States. When data crosses borders, we rely on contractual safeguards such as Standard Contractual Clauses and service providers with adequate data protection commitments.

Your Rights

Depending on your location, you may have rights to access, correct, delete, or port your personal data, as well as to restrict or object to certain processing. Canadian users may submit requests under PIPEDA, EU/EEA residents may exercise GDPR rights, and California residents may exercise CCPA/CPRA rights. We will verify your identity before fulfilling requests and respond within the timelines required by applicable law. Where retention is mandated by statute or contractual obligations—as described above—we may defer or decline deletion until the legally required period has elapsed, but we will explain the basis for any denial.

Children's Privacy

The Service is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal information, please contact us so we can delete it.

Changes to This Policy

We may update this Privacy Policy to reflect product changes or legal requirements. When we make material updates, we will post the revised policy with a new "Last updated" date and, when appropriate, notify you through the Service or by email.

Contact Us

If you have questions or wish to exercise your privacy rights, reach us at [email protected]. If you are unsatisfied with our response, you may also contact the Office of the Privacy Commissioner of Canada or your local data protection authority.

For security disclosures, please email us and include "Security" in the subject line so we can respond promptly.