Privacy Policy
Last updated: 2026-05-17KeepGrid is an independent SaaS for Discord operations across player-run communities, paid creator communities, esports teams, and gaming clans, including FiveM/RedM RP, Minecraft SMP/RP, creator-led Discord servers, and competitive team servers. This policy describes exactly what data we collect, why, where it lives, and how you can delete it.
Plain-language summary: We collect your email, your server name, the details you enter into our intake form, and (if you install the bot) the Discord guild ID. We do not read your Discord messages, do not track members, and do not share data with third parties except for strictly necessary service providers (Stripe for payments, Anthropic for AI, Vercel for hosting). You can delete everything at any time by emailing ops@keepgrid.net.
What We Collect
When you use the landing site
- Anonymous usage analytics via Google Analytics (page views, country, device type, referrer). Configurable in your browser.
When you submit the intake form
- Email address — to deliver your generated documents and send project updates.
- Server name — used in generated documents.
- Server details you entered — platform (FiveM/RedM/Minecraft/creator/esports/other), stage, capacity/member count, staff size, factions/ranks/groups/tiers/rosters, framework, billing stack, game/circuit, problems, free-text description. All used to customize AI generation.
- Optional Discord invite code — scanned once via Discord's public API to fetch server name, member count, and icon. We do not store the invite code.
When AI generation runs
- Your intake details are sent to Anthropic (Claude API) to generate documents. Anthropic's policy applies to that data during processing.
- Generated documents are stored in our database so you can view and download them.
When you pay
- Stripe handles the entire payment — we never see your card number. We store a Stripe customer ID and session ID to reconcile payments.
- Billing email may differ from your login email; both are stored for receipts.
When you install the bot
- Discord guild ID — the numeric ID of the server you installed into.
- Install progress log — step-by-step record of what the bot created, for troubleshooting and the rollback feature.
- Guild name and icon URL — fetched from Discord's public API to display in your dashboard.
- We never store: member lists, messages, roles beyond what we created, channel content, voice state, or user profile data.
When you authenticate via Discord OAuth
- Discord user ID, username, email (if you grant email scope), avatar URL.
- Used only for login. Not shared. Not sold.
What We Don't Collect
- We don't read messages in your Discord server (no
Message Contentintent). - We don't track members of your Discord server.
- We don't collect voice data.
- Launch OS ($49): no passive monitoring after install. The bot only acts on your server when you click Install / Re-install / Roll back.
- Pro ($19/mo): opt-in weekly scheduled scans. These scans are read-only — they read channel/role/permission metadata via Discord's public API to compute your Ops Score and detect drift. They never modify your server. You can pause Pro at any time to stop scheduled scans.
- We don't use your Discord data to train AI models. This is prohibited by Discord Developer Policy.
How Long We Keep Data
| Data | Retention |
|---|---|
| Intake form submissions (unpaid) | 30 days then auto-deleted |
| Paid project data + generated documents | Until you request deletion |
| Stripe records (legal requirement) | 7 years (tax/accounting compliance) |
| Google Analytics | 14 months |
| Server snapshots (rollback feature) | 90 days then auto-deleted |
| Discord install progress logs | 90 days then auto-deleted |
Subprocessors
The following third parties process data on our behalf to deliver the service. Each operates under their own privacy policy and security commitments. We do not sell or rent data to anyone. We have no advertising partners.
| Subprocessor | Purpose | Data shared | Hosting region |
|---|---|---|---|
| Anthropic | AI document generation (Claude API) | Intake form fields (server name, platform, community style, factions/ranks/groups, problems, free-text). Discarded after generation per Anthropic policy. | USA |
| Stripe | Payment processing | Billing email, payment method (Stripe sees card; we never do), Stripe customer ID | USA / EU (Stripe routes by region) |
| Vercel | Web hosting + edge cache + serverless functions | All HTTP requests, IP addresses (transient logs) | Global edge (request-region origin: US-East primary) |
| Neon | PostgreSQL database (managed Postgres) | Project records, generated documents, install progress, ops scans | USA (us-east region) |
| Discord | OAuth login + bot API for guild install | Discord user ID, guild ID, guild metadata (read-only). No messages, no member data. | USA |
| Resend | Transactional email delivery (weekly Ops Reports for Pro users) | Recipient email + report contents | USA |
| Upstash | Redis-based rate limiting (when configured) | IP-derived rate-limit counters only (no PII) | Global |
| Google Analytics | Anonymized site usage metrics (page views, country, device) | Anonymized GA client ID, IP truncated, no PII | Global |
A formal Data Processing Addendum (DPA) is available for B2B, agency, paid creator, and studio customers — email ops@keepgrid.net with subject "DPA request" and we'll send the current version. The broader pilot paperwork path is documented at /business-transparency.
Cookies & Analytics
We use a single first-party login session cookie (HTTP-only, Secure, SameSite=Strict) to keep you logged in. Short-lived Discord OAuth state cookies use SameSite=Lax during the install callback. We use Google Analytics with anonymized IPs to measure aggregate site usage. We do not use advertising cookies, fingerprinting, or cross-site trackers.
EU/EEA / UK users: Google Analytics is loaded after page render only when your browser does not send a Do Not Track signal. You can also block GA via uBlock Origin or your browser's tracker-protection settings — the site works identically without it. We are reviewing a more explicit cookie consent banner ahead of any expansion of analytics scope.
Your Rights
You can at any time:
- Access your stored data — email ops@keepgrid.net and we'll send an export.
- Correct it if something is wrong.
- Delete it entirely — see /data-deletion.
- Revoke the Discord bot at any time via Server Settings → Integrations.
GDPR / Regional Laws
If you are in the EU/UK, you have the right to data portability, to object to processing, and to lodge a complaint with your local data protection authority. We will respond to any GDPR request within 30 days.
California (CCPA): you have the right to know what we collect, delete it, and opt out of any "sale" of personal information. We don't sell data, but the rights still apply.
Children
KeepGrid is not intended for users under 13 years of age. If you learn that a minor has provided us data, email ops@keepgrid.net and we will delete it immediately.
Changes
Updates to this policy are logged on /changelog. If we make a materially adverse change, we will email anyone with an active paid project at least 14 days before the change takes effect.
Contact
Questions or requests: ops@keepgrid.net. Security reports should use ops@keepgrid.net?subject=Security Report.