Privacy Policy
Nexoscale, operator of enCode!, is committed to protecting your privacy. This policy explains what data we collect, why, and how you can control it.
1. Who We Are
enCode! is operated by Nexoscale (nexoscale.com). For privacy inquiries, contact us at [email protected].
2. Data We Collect
2.1 Data from Discord OAuth
When you sign in with Discord, we receive and store:
| Discord User ID | Required to identify your account across sessions |
| Username | Displayed in the dashboard and audit logs |
| Avatar | Displayed in the dashboard UI |
| Email address | Account notifications and support (if provided by Discord) |
| Guild list | To let you associate bots with your servers (not stored permanently) |
We do not receive your Discord password, payment information or any DM content.
2.2 Data you provide
When using the platform you may submit:
| Bot configurations | Stored to run and manage your bots |
| Discord Bot Tokens | Encrypted with AES-256-GCM at rest, never returned to client |
| Discord Client IDs | Used to generate invite links and register commands |
| AI chat prompts | Sent to Anthropic's API for processing (see §5) |
| Bot names / descriptions | Stored and displayed in your dashboard |
2.3 Data generated automatically
| Session tokens | Encrypted cookies for session management (30-day expiry) |
| IP address | Stored per session for security and fraud prevention |
| User-agent string | Stored per session for device identification |
| Bot logs | Stdout/stderr from your bots (retained 90 days) |
| Bot analytics | Command usage counts, guild count, uptime (aggregated) |
| AI usage counters | Daily request counts for plan enforcement |
2.4 Data we do NOT collect
- Content of Discord messages in servers where your bot operates
- Discord server member lists or message history
- Payment card numbers (handled entirely by Tebex)
- Biometric data, precise location, or device identifiers
3. How We Use Your Data
| Purpose | Data used |
|---|---|
| Authenticate your account | Session tokens, Discord ID |
| Run and manage your bots | Bot tokens (encrypted), configuration, Client ID |
| Display your dashboard | Username, avatar, bot data, analytics |
| Enforce plan limits | AI usage counters, bot count |
| Security and fraud prevention | IP address, session data, audit logs |
| Process subscription payments | Passed to Tebex — we only receive confirmation webhooks |
| Improve the platform | Aggregated, anonymised usage statistics |
| Communicate with you | Email for billing events and critical notices only |
We do not sell your personal data. We do not use your data for advertising.
4. Legal Basis for Processing
We process your data on the following legal bases (GDPR / applicable law):
- Contract performance — to provide the service you signed up for
- Legitimate interests — security, fraud prevention, service improvement
- Legal obligation — compliance with applicable laws and law enforcement requests
- Consent — for optional communications (you may withdraw at any time)
5. Third-Party Services
5.1 Anthropic (AI provider)
AI prompts you submit are sent to Anthropic's Claude API for processing. Anthropic may retain prompts in accordance with their own Privacy Policy. Do not include sensitive personal data in AI prompts.
5.2 Tebex (payments)
Premium subscriptions are processed by Tebex. When you subscribe, you interact directly with Tebex's checkout. We receive only a payment confirmation webhook containing your enCode! user ID and transaction amount. We do not receive or store card details.
5.3 Cloudflare
All traffic passes through Cloudflare for DDoS protection and CDN. Cloudflare may log request metadata. See Cloudflare's Privacy Policy.
5.4 Discord
enCode! is an independent platform and is not affiliated with, endorsed by, or in partnership with Discord Inc. Your use of Discord is governed by Discord's own Privacy Policy.
6. Data Retention
| Data type | Retention period |
|---|---|
| Account data | Retained while your account is active + 30 days after deletion |
| Bot configuration | Retained while the bot exists + 90 days after deletion |
| Bot logs | 90 days from creation, then automatically purged |
| Session tokens | 30 days or until logout |
| AI usage counters | Aggregated daily; raw counts purged after 90 days |
| Billing webhooks | 7 years for tax and legal compliance |
| Audit logs | 12 months |
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you
- Rectification — correct inaccurate data
- Erasure — request deletion of your account and associated data
- Portability — receive your data in a machine-readable format
- Restriction — restrict processing in certain circumstances
- Objection — object to processing based on legitimate interests
To exercise any of these rights, email [email protected]. We will respond within 30 days. You may also delete your account directly from the Settings page, which initiates automatic data removal.
8. Security
We implement industry-standard security measures including:
- TLS 1.3 encryption for all data in transit
- AES-256-GCM encryption for Discord tokens at rest
- RS256 JWT tokens with 15-minute access token expiry and rotation
- Rate limiting and DDoS mitigation via Cloudflare
- fail2ban and SSH hardening on server infrastructure
- Isolated Docker containers for each hosted bot
Despite these measures, no system is 100% secure. If you discover a security vulnerability, please disclose it responsibly to [email protected].
9. Cookies
We use a single HTTP-only session cookie (ec_session) strictly necessary for authentication. We do not use advertising cookies, tracking pixels or third-party analytics cookies.
10. Children's Privacy
enCode! is not directed to children under 13 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact [email protected] and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or a prominent notice on the platform at least 7 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.
12. Contact
For privacy questions or to exercise your rights: [email protected]