Exoguard is a service operated by Xenthys, 58 Rue de Monceau, 75008 Paris, France.

First-party data collection

Exoguard, hereby referred to as our service, does not hold any personal information.

Here is all the data we will directly collect as a first party:

• Discord server IDs, names, owner IDs, settings

• Enrolled user IDs, assigned roles, last login date

• The IDs of users who assign roles or redeem subscription vouchers

• When each subscription voucher is redeemed, by whom on which server

• Custom user titles, access level, Discord OAuth2 access tokens and refresh tokens

• User metadata such as the amount of owned servers, assigned roles, subscriber status

• Requested custom links, who requested it and when, who handled the request and when

• Target URLs for all custom links, who set it and when

For clarification, the "who" term always refers to a Discord user ID, not an individual's identity.

We will use your Discord username to provide you with a QR code during our enrollment procedure. This allows our users with multiple accounts to easily differentiate them within their authenticator. We do not store this data, only your Discord user ID is necessary for all our other operations.

First-party data security

The following data is encrypted before being stored on our servers:

• Secret keys for the TOTP of enrolled users

• Discord OAuth2 access tokens and refresh tokens

• Audit webhooks defined by server owners in their settings

We do not encrypt the target URLs of our custom links due to their public nature. Anyone who knows a custom link can open it in their browser to access its target URL.

Data can be read but not decrypted by service managers. Data can be read, decrypted, and edited by service administrators.

Third-party data processors

We depend on the following third-party services:

• Discord: for Exoguard itself, as it is a Discord integration service (privacy policy)

• Cloudflare: to protect Exoguard from various threats and cyberattacks (privacy policy)

• GitBook: to host the Exoguard documentation website for our users (privacy policy)

• Sellix: to sell Exoguard subscription vouchers using a store front (privacy policy)

• Stripe: to handle credit / debit card payments on Sellix (privacy policy)

Besides Discord and Cloudflare—which is also used by Discord anyway—our service does not directly communicate with these third-party providers. As such, even if you provide any of them with personal information (e.g. to purchase a voucher), this data will remain with the third-party provider.

Data stored with third-party providers can be accessed by service managers for legitimate reasons, such as handling support requests that involve billing issues for example. You may be asked to prove your identity or provide any information to make sure we are talking to the right person. Any personal data sent to us for verification purposes may be shared internally to confirm its legitimacy. This data will be deleted as soon as your identity has been confirmed, unless sent through Discord direct messages since we technically cannot delete other users' messages in this context.

When you scan an enrollment QR code with the third-party authenticator application of your choice, it will receive the following data to allow you to recognize your account:

• The linked Discord server name (or ID if the server name cannot be retrieved)

• Your Discord username and user ID

Our service may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third-party's site. We strongly advise you to review the privacy policy of every website you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party websites or services.

Data deletion requests

We differentiate two kinds of data related to you within our service:

• Local data: bound to your enrollment on a specific Discord server

• Global data: your metadata such as your access level, title, statistics

If you want to delete your local data, please ask someone with a higher hierarchical level than your own to use the /delete command on your user account. Please note that due to the nature of our service, the person who will handle your request may require you to prove you are the legitimate Discord account holder before they can proceed.

If you want to delete your global data, it is mostly computed from the local data we hold and can therefore not be fully erased unless you have all your local data deleted beforehand. Custom metadata such as user titles or access level can be deleted by asking on our support server itself.

Should you be prevented from accessing our support server on Discord, we will erase your custom metadata (if any) since we do not attribute custom titles or access levels to banned users.

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. Important updates will be posted on our support server as well.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page, unless stated otherwise on our support server.

Questions about our Privacy Policy

If you have any questions about this Privacy Policy, you can contact us by:

• Joining our Discord server: https://exoguard.io/support

• Sending us an email: privacy at exoguard dot io

• Send a letter: Xenthys, 58 Rue de Monceau, 75008 Paris, France

Please note that joining our Discord server is the recommended contact method for faster handling.

Questions or request unrelated to our Privacy Policy will not be handled by our privacy email address.