Security and privacy
Data encryption
- In transit — Connections to the dashboard and bot use HTTPS/TLS
- At rest — Data lives in a managed database with hosting-provider encryption at rest
Authentication
Volvox.Bot uses Discord OAuth2 for authentication and never sees or stores your Discord password. When you log in, Discord confirms your identity and issues a temporary token.
Data retention
| Data type | Retention |
|---|
| Moderation cases | Duration of server membership |
| AI conversations | 30 days (a cleanup job deletes them automatically) |
| Audit logs | 90 days by default, configurable in Settings |
| Server configuration | Duration of server membership |
| Community stats and XP | Duration of server membership unless deletion is requested |
Infrastructure
- Hosting — Managed infrastructure with automated deployments
- Updates — Bot and platform updates apply automatically
- Recovery — Automatic restart on failure with health monitoring
Privacy
Volvox.Bot follows these privacy principles:
- Volvox.Bot only collects data necessary to function
- Volvox.Bot shares data only with service providers essential to running the platform (for example, Discord for authentication)
- You can request a full export or deletion of your data at any time
For full details, see the Privacy Policy.
Cookie preferences
The website and dashboard split cookies and local storage into two categories so you stay in control of optional tracking.
| Category | Purpose | Default |
|---|
| Essential | Login, security, and saved dashboard state | Always on |
| Analytics | Amplitude product analytics and session replay for aggregate dashboard usage | Off until you opt in |
Set your preferences
A consent banner appears the first time you visit volvox.bot. You can:
- Accept all — turn on essential and analytics cookies
- Reject non-essential — keep only essential cookies
- Customize — open the preferences dialog and toggle analytics individually
Your browser stores your choice for 365 days. After that, the banner reappears so you can confirm or change your decision.
Change your mind later
Open Cookie Preferences from the website footer at any time to switch analytics on or off. Turning analytics off stops session replay recording and clears any Amplitude identifiers and cookies that were set while you were opted in.
What analytics covers
When you opt in, Volvox.Bot uses Amplitude to collect:
- Product analytics — aggregate dashboard usage like page views, navigation, and feature interactions
- Session replay — a sampled recording of dashboard interactions (clicks, navigation, and scrolling) so the team can diagnose UX issues. Amplitude manages sample rates and masking remotely, and recording stops the moment you opt out
Volvox.Bot also records server-side operational events for bot installs, slash command usage, and AI usage. These events use the Discord server ID as the Amplitude user so activity stays grouped by server. If a server ID is unavailable, the event is skipped instead of falling back to an anonymous device. Events send aggregate properties only — for example, command name, AI token/cost totals, member-count bucket, and whether a server is flagged as large. Discord member user IDs, message content, raw channel IDs, channel names, and server names are not sent to Amplitude.
Cookie preferences are per browser. If you log in from a different browser or device, set your preferences again there.
Reporting security issues
If you discover a security vulnerability, report it responsibly to [email protected]. The team acknowledges reports within 24 hours and works to resolve issues as quickly as possible.