Privacy Policy

Last updated: April 2025

1. Who We Are

Firesong Herald is a free, non-commercial, open-source Discord event management service operated by Ben Firesong. This policy explains what data we collect, why, and how long we keep it. Contact: contact@firesongherald.com

2. Legal Basis

We process your personal data on the basis of your consent (Article 6(1)(a) GDPR), given when you sign in and accept these terms, and where necessary for the performance of the service you requested (Article 6(1)(b) GDPR).

3. Data We Collect

Via Discord OAuth2 sign-in:

  • Discord user ID (snowflake)
  • Discord username
  • Discord avatar hash
  • Discord display name

This data is stored in a signed, encrypted session cookie on your device and in our database as a user record. We do not store your email address or password.

Via bot interactions (Discord-only users):

  • Discord user ID — to associate RSVPs and preferences
  • Username at time of action — stored in audit logs for server moderation purposes

Via dashboard use:

  • Theme and colour scheme preference
  • DM notification consent and timestamp
  • Reminder timing presets
  • Last active timestamp — used for data retention

4. Session Cookie

We use a single strictly necessary session cookie named session. It contains a signed JWT with your Discord ID, username, avatar, and display name. It expires after 7 days. No consent is required for this cookie as it is essential for the service to function. We do not use any analytics, advertising, or tracking cookies.

5. Direct Messages

With your consent, the bot may send you event reminders and relevant notifications via Discord direct message. This consent is on by default when you sign in and accept these terms. You may withdraw consent at any time in your dashboard settings or by contacting us.

6. Data Retention

  • User records — deleted automatically after 12 months of inactivity.
  • Event signups — deleted 30 days after the event ends, or earlier if a server admin clears them manually.
  • Audit logs — retained for 12 months, then permanently deleted.
  • Soft-deleted events — permanently deleted 30 days after soft deletion.

7. Data Sharing

We do not sell, share, or transfer your personal data to third parties. Your data is not used for advertising or profiling. We use Discord's API to authenticate you — Discord's own privacy policy applies to data held by Discord.

8. Your Rights (GDPR)

As a data subject under GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (right to erasure)
  • Withdraw consent at any time, without affecting prior processing
  • Data portability — receive your data in a structured format
  • Object to processing based on legitimate interests
  • Lodge a complaint with your national data protection authority

To exercise any of these rights, contact us at contact@firesongherald.com. We will respond within 30 days.

9. Data Security

All data is transmitted over HTTPS. Session cookies are signed, httpOnly, and scoped to this domain. Access to the database is restricted to the application only.

10. Changes

This policy may be updated from time to time. Significant changes will be communicated via the dashboard. The date at the top reflects the most recent revision.