Legal — Privacy Policy
Privacy Policy
In plain language: what information Mody collects, what we do with it, who we share it with, how long we keep it, and the choices you have.
- Last updated
- Apr 24, 2026
- Effective
- Apr 24, 2026
This Privacy Policy explains how Mody (“Mody,” “we,” “us,” or “our”) handles information when you use the Mody Discord bot, the mody.gg website, the Mody dashboard, our support channels, and anything else we offer as part of the service (together, the “Service”).
Mody is operated out of the United States. This policy is written with U.S. laws in mind, including the California Consumer Privacy Act (sometimes called the CCPA or CPRA), the Children’s Online Privacy Protection Act (COPPA), and similar state privacy laws. If you are using Mody from somewhere else in the world, please understand that your information will travel to and be stored in the United States.
By using Mody, you agree to how we handle information as described here. If you do not agree, please do not use the Service.
At a glance
The fast version of everything below. The detailed sections are what actually govern, but here is how Mody handles your data, in two columns.
What we do
- Only collect what we need to run the bot and the dashboard.
- Store your Discord sign-in and custom-bot tokens in an encrypted form.
- Process payments through Stripe or Discord, so your full card number never reaches us.
- Delete your data when you ask — just email [email protected].
- Honor the privacy rights of California and other state residents.
- Send your information between you, Discord, and Mody over encrypted connections.
What we never do
- Sell your personal information. Not in the past twelve months, and no plans to.
- Use your data, or your AI assistant chats, to train AI models.
- Run advertising trackers or trade your activity to marketers.
- Keep your Discord messages in a database, beyond the features you turn on.
- Collect precise location, biometric, health, Social Security, or government ID data.
- Knowingly collect information from children under 13.
What we collect
There are three main buckets of information:
- Things you give us directly.
- Things we receive from Discord when you use Mody.
- Things we collect automatically as the Service runs.
A.Things you give us directly. This includes anything you type or configure in the Mody dashboard (your server’s prefix, language, time zone, moderation rules, automation rules, welcome and goodbye messages, logging setup, ticket forms, and so on); messages, form answers, and attachments you send through tickets and modmail; anything you say to the Mody AI assistant, its replies, and basic information about the conversation (its title, length, and how many tokens it used); and anything you send us when you email [email protected] or otherwise get in touch.
B.Things we receive from Discord. When you sign in to the dashboard, and when Mody is present in a Discord server, Discord sends us information so Mody can actually do its job. That includes basic account info (your Discord user ID, username, display name, avatar, language, and — if you give permission during sign-in — your email address); server info (the server’s ID, name, owner, member count, icon, description, roles, and channels); and events that happen inside the server (messages being sent, members joining or leaving, reactions being added or removed, role changes, and button or slash-command interactions), limited by whatever permissions Discord has given Mody. If you run your own custom bot instance through Mody, the bot’s token and related credentials are stored in an encrypted form.
A note on message content: where Discord gives Mody access to message content, Mody reads it in the moment to run commands and evaluate automation rules. We do not keep those messages in a database, except where a feature you have turned on specifically needs us to — for example, a ticket you opened, a modmail conversation you are having, a chat you had with the AI assistant, or a log entry an administrator told Mody to record.
C.Things we collect automatically. As the Service runs we also collect sign-in data (a session identifier and encrypted Discord sign-in tokens, so you can stay signed in); activity history (a record of actions Mody takes on behalf of you or your server — for example, “user X was muted,” “role Y was given to member Z,” “automation A ran” — together with the result, any error, and the time it happened); moderation records (warnings, mutes, kicks, bans, notes, and related configuration you set up); subscription info (which plan you are on, when it starts and ends, whether it will renew, and a reference ID from Stripe or Discord — never your full credit card number); usage and performance information (anonymous statistics about how Mody is being used, so we can keep it running reliably); and technical logs (Discord IDs, request paths, error messages, and timestamps, without message content).
We do not collect precise location data, biometric data, health data, Social Security numbers, or government ID numbers.
How we use it
We use the information we collect to:
- run Mody and make the features you have turned on actually work;
- sign you in through Discord and keep you signed in;
- process paid-plan signups, renewals, and cancellations through Stripe or Discord;
- enforce plan limits and fair-use rate limits;
- keep the Service healthy — monitoring performance, fixing bugs, and investigating misuse;
- detect and prevent spam, fraud, and abuse, and to enforce our Terms and Discord’s rules;
- reply to your support requests and any legal requests we receive; and
- make Mody better over time.
Who sees it
We do not sell your personal information, and we do not trade it to advertisers for cross-site tracking. The only times your information leaves Mody are with our service providers (a small number of trusted partners who help us with cloud hosting, databases, file storage, email delivery, analytics, and AI model hosting — contractually required to treat your information at least as carefully as we do); with Stripe (if you pay for a plan through Stripe, Stripe collects and processes your payment details directly, and we only receive the subscription status and a reference ID); with Discord (because Mody is a Discord application, anything you authorise us to read from Discord, and every action Mody takes inside Discord, goes through Discord’s platform); with other people in your Discord server (owners, admins, and staff roles may be able to see your moderation history, the tickets or modmail conversations you start, and audit-log entries about actions Mody took involving you); in legal and safety situations (if we honestly believe we need to, to follow the law, respond to a valid legal request, enforce our Terms, prevent fraud, or protect Mody, our users, or the public); if our business changes hands (we will let you know); or with your permission, for any other purpose.
To be clear: we have not sold personal information in the past twelve months, and we have no plans to start.
The AI assistant
When you use the Mody AI assistant, your message — plus useful context, such as the automation you are asking about — is sent to our AI partner so it can generate a reply. The reply, the ongoing conversation, and basic usage numbers are saved so you can see and continue the conversation later. We do not use your chats to train the Mody AI assistant, and we work with AI partners that, where possible, commit in writing not to use your chats to train their own models either. On the free plan, conversation context is only cached for about a day after your last message; paid plans keep context around longer. Either way, you can delete a conversation at any time by asking us or through the dashboard when that option is available.
How long we keep it
In general, we keep information only for as long as we need it to run the Service and to meet our legal obligations. Specifically:
- Your account and sign-in info is kept while your Mody account is active, and for up to 90 days after it is closed, to cover backups and honest mistakes.
- A server’s settings are kept while Mody is in that server. After Mody is removed, the settings are soft-deleted and eventually erased.
- Moderation cases, action history, and audit logs are kept for as long as your server is using Mody, and for a reasonable audit window afterwards (usually up to two years), unless you ask us to delete them sooner.
- Tickets, modmail conversations, and AI assistant chats are kept until you or the server’s staff delete them, subject to any retention window that applies to your plan.
- Billing records are kept for the length of time U.S. tax and accounting rules require us to keep them (usually around seven years).
- Backups are stored in an encrypted form and are replaced on a rolling basis.
After these periods, we either delete the information or strip it of details that would identify you. You can also ask for deletion sooner, as described below.
Keeping your information safe
We take security seriously. Information travelling between you, Discord, and Mody is sent over encrypted connections. Sensitive items like Discord sign-in tokens and custom-bot tokens are stored in an encrypted form, with the keys kept separate from the database. Access to production systems is limited to the people who need it, and that access is logged. We keep our systems and dependencies up to date.
No online service is ever one hundred percent secure. If we ever find out that your information has been involved in a security incident, we will let you know and notify the appropriate authorities to the extent the law requires.
Children
Mody is not designed for children under 13, and we do not knowingly collect information from children under 13. If you believe a child under 13 has shared information with us, please email us at [email protected] and we will delete it.
Mody also respects Discord’s own minimum-age rules for your country. If you are not a legal adult where you live, you should only use Mody with a parent or guardian’s involvement.
We do not knowingly sell or share the personal information of users under 16, using the meanings those words have under state privacy laws.
Your privacy choices
10.1Anyone. No matter where you live, you can ask us to delete your Mody data by emailing [email protected], ask for a copy of the information we hold about you, ask us to correct something that is wrong, and stop using the Service at any time.
10.2California residents. If you live in California, the CCPA / CPRA gives you rights to know the categories and specific pieces of personal information we have collected about you (and where we got it, why we collected it, and who we shared it with); to ask us to delete personal information we collected from you, with some exceptions the law allows; to ask us to correct personal information that is wrong; to opt out of the “sale” or “sharing” of personal information for targeted advertising (note: we do not sell or share personal information in that way); to limit how we use “sensitive personal information” (note: we do not use sensitive personal information for purposes that would trigger that right); and not to be punished for exercising any of these rights.
In the last twelve months, we have collected the categories of information described above (identifiers; electronic activity information; commercial information, limited to subscription details; and inferences based on those categories used to run features). We have shared them with the categories of recipients described above. We have not sold personal information.
10.3Other U.S. states. Residents of Colorado, Connecticut, Virginia, Utah, and other states with comparable privacy laws may have similar rights to look at, correct, delete, or take a copy of their personal information, and in some states to opt out of profiling that has a big effect on them. We do not do that kind of profiling.
10.4How to ask. Email us at [email protected] from the email address connected to your Discord account, and include enough information for us to figure out which records are yours (your Discord user ID is helpful). We will respond within the timeframe the law gives us, usually 45 days.
10.5Having someone else ask for you. You can authorise a friend, family member, or attorney to make a request for you. We may ask for written permission and verify your identity directly.
10.6If you disagree with us. If you do not like how we handled your request, you can reply and ask us to take another look. You can also, depending on where you live, contact your state attorney general or the relevant regulator.
Tracking signals
Mody does not change how it behaves based on “Do Not Track” signals because there is no agreed standard for what they mean. Where state law makes it relevant, we do honour Global Privacy Control (GPC) signals — but since we do not sell or share information for targeted advertising, there is not much for that signal to change.
Using Mody from outside the U.S.
Mody is built, hosted, and operated in the United States. If you are using Mody from somewhere else, your information will be sent to and stored in the U.S. U.S. privacy laws may not be as strict as the ones where you live. By using Mody, you are saying that is okay with you.
Changes to this policy
We may update this Privacy Policy from time to time. If we make an important change, we will update the “Last updated” date at the top and give you reasonable notice — through the dashboard, our website, our support server, or another reasonable channel. If you keep using the Service after the changes go into effect, that means you accept them.
Contact us
Questions, requests, or complaints? We would rather hear them than not. Reach us at:
Email: [email protected]
Web: mody.gg
If you are not happy with how we respond, you can also contact your state attorney general or other relevant regulator.