Privacy Policy

How DCAI collects, uses, and protects your personal information.

Version 1.0.0
Effective 2026-07-01Last updated 2026-07-18

1. Overview

This Privacy Policy explains what personal information DCAI ("we", "our", "us") collects when you use https://www.dcauditapp.com (the "Service"), why we collect it, how we use it, and the rights you have over it.

We designed DCAI to require the minimum amount of personal data necessary to audit public Discord servers, generate reports, and (optionally) connect your Discord account for owner-verified audits.

2. Information we collect

We collect only the data you provide or that is necessary to operate the Service:

  • Account information — email address, display name, and (for social sign-in) the identifiers returned by Google.
  • Profile & agency information — company/agency name, role, goals, and optional agency logo you choose to add to reports.
  • Discord OAuth connection (optional) — Discord user ID, username, and the encrypted access/refresh tokens used to list servers you administer. Tokens are encrypted at rest with AES-256.
  • Audit inputs — Discord invite URLs you submit, and the public server metadata Discord returns for those invites.
  • Audit outputs — the reports we generate, notification settings, blueprints, and scheduled-audit configurations.
  • Operational data — timestamps, IP address (transient, for abuse prevention), and error diagnostics.
  • Cookies — see Cookie Notice for the exact list and purposes.

3. How we use information

We use the information above to: authenticate you, run and store the audits and blueprints you request, deliver optional notifications, prevent abuse, and improve the Service. We do not sell personal data.

5. Sharing & subprocessors

We share data only with vetted subprocessors strictly to operate the Service:

  • Supabase — authentication, database, and storage (EU/US).
  • Cloudflare — application delivery and edge compute.
  • Google — Gemini AI model inference (for report narrative generation).
  • Resend — transactional email delivery.
  • Discord — the platform whose public server data we audit and (optionally) your OAuth session.

6. Data retention

Audit reports and blueprints are retained until you delete them or delete your account. Discord OAuth tokens are retained until you disconnect your Discord connection or delete your account. Operational logs are retained for up to 90 days for security and debugging.

When you delete your account, we delete or irreversibly anonymize your personal data within 30 days, except where retention is required by law.

7. Your rights

Depending on where you live, you may have the right to access, rectify, delete, restrict, port, or object to the processing of your personal data. You can also withdraw consent for optional processing at any time.

To exercise these rights, email privacy@dcauditapp.com. We respond within 30 days.

8. Security

We apply industry-standard controls: encrypted transport (TLS), encrypted storage for secrets, per-user row-level security on the database, AES-256 encryption for Discord OAuth tokens, and least-privilege service credentials. No system is perfectly secure — please protect your account credentials and report suspected incidents to the address below.

9. Children

The Service is not directed to individuals under the age of 13 (or 16 in the EEA/UK). We do not knowingly collect personal data from children; contact us if you believe we have.

10. International transfers

Personal data may be processed in countries other than your own, including the United States. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

11. Changes to this policy

We may update this policy from time to time. Material changes will be announced by email or in-app notice and reflected in the version number and effective date at the top of this document.

12. Contact

Questions or requests: privacy@dcauditapp.com. General support: support@dcauditapp.com.