Privacy Policy

Last Updated: 2026-01-17

Introduction

ACOToolbox ("we," "our," or "the Bot") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Discord bot and associated services.

Information We Collect

Information You Provide

Discord Information

• Discord user ID

• Discord username and discriminator

• Server (guild) IDs where you interact with the bot

• Message content when interacting with bot commands

Email Mapping and Order Tracking

• Email addresses submitted for mapping (EmailMapper)

• Order metadata you submit for tracking (order number, email, postal code)

• OrderScrapper and IMAP panel inputs and scan results

Google Account Information (Optional)

• Google account email (when using Forms integration)

• OAuth tokens for Google services access

• Form responses and data you create through the bot

Webhook Data

• Webhook URLs you configure

• Checkout data processed through webhooks

• Success tracking information

PAS and Giveaway Data

• PAS payment prompts, invoice details, and confirmations you submit

• Giveaway entries and eligibility checks (roles, server tags)

Automatically Collected Information

Usage Data

• Command usage statistics

• Timestamp of interactions

• Error logs and debugging information

• Server configuration settings

Technical Data

• IP addresses (for OAuth and webhook services)

• Browser type and version (for OAuth flow and server verification)

• Operating system information

How We Use Your Information

We use collected information to:

Provide Services

• Execute bot commands and functionality

• Process webhook data and notifications

• Create and manage Google Forms

• Run order tracking scans and display results

• Send PAS payment prompts and manage invoice status

• Manage giveaways and ACO entries

• Track success metrics and analytics

Improve Services

• Monitor and analyze usage patterns

• Debug errors and improve performance

• Develop new features and functionality

• Ensure service security and integrity

Communications

• Send important service notifications

• Respond to support requests

• Provide command responses and confirmations

Data Storage and Security

Storage Practices

• Data is stored on secure servers

• Logs are retained for 30 days by default

• OAuth tokens and all sensitive data are encrypted at rest

• Database backups are performed regularly

Security Measures

• Industry-standard encryption protocols

• Regular security audits and updates

• Access controls and authentication

• Rate limiting and abuse prevention

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information:

With Your Consent

• When you explicitly authorize sharing

• For features requiring third-party integration

Service Providers

• Google APIs (for Forms functionality)

• Hosting providers for bot infrastructure

• Analytics services for usage metrics

Legal Requirements

• To comply with legal obligations

• To protect rights and safety

• To prevent fraud or abuse

Google API Services

OAuth Scopes

Our use of Google API services is limited to:

• Creating and managing Google Forms

• Accessing form responses

• Managing form permissions

Data Usage

• We only access data necessary for requested functions

• Google account data is not used for advertising

• Tokens are revocable at any time through Google settings

Compliance

We comply with Google API Services User Data Policy, including the Limited Use requirements.

Your Rights and Choices

Access and Control

• Request a copy of your data

• Update or correct your information

• Delete your data from our systems

• Revoke bot permissions at any time

Discord Controls

• Remove the bot from your server

• Block the bot from direct messages

• Adjust server permissions for the bot

Google Account Controls

• Revoke OAuth access through Google Account settings

• Delete forms created through the bot

• Manage third-party app access

Data Retention

Retention Periods

• Command logs: 30 days

• Error logs: 90 days

• Checkout data: Until deleted

• Success tracking: Until deleted

• OAuth tokens: Until revoked

Deletion Practices

• Automatic deletion after retention period

• Manual deletion upon request for items without a retention period

Children's Privacy

The Bot is not intended for users under 13 years of age. We do not knowingly collect information from children under 13. If we discover such data, we will delete it immediately and remove access from said users.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify users of significant changes through:

• Bot announcements

• Support server notifications

• Documentation updates

Contact Information

For privacy-related questions or concerns:

• Email: [{{ contact_email }}](mailto:{{ contact_email }})

• Support Server: [{{ support_server }}]({{ support_server }})

• GitHub: [{{ github_repo }}]({{ github_repo }}/issues)

Legal Basis for Processing

We process your data based on:

• Consent (for optional features)

• Legitimate interests (for core functionality)

• Legal obligations (where applicable)

Your California Privacy Rights

California residents have additional rights under CCPA:

• Right to know what data is collected

• Right to delete personal information

• Right to opt-out of data sales (we don't sell data)

• Right to non-discrimination

EU Data Subject Rights

For EU residents under GDPR:

• Right to access

• Right to rectification

• Right to erasure

• Right to restrict processing

• Right to data portability

• Right to object

Cookies and Tracking

The OAuth web interface may use essential cookies for:

• Session management

• Authentication state

• Security features

No tracking or advertising cookies are used and we do not sell any data.