Privacy Policy

Last Updated: December 8, 2025

GDPR Compliant: TheCore is fully compliant with the General Data Protection Regulation (GDPR) and respects your privacy rights. We are committed to transparency, data minimization, and user control.
We NEVER Sell Your Data: TheCore will never sell, rent, or give your data to third parties for marketing, advertising, or any other commercial purposes. Your data is used solely to provide our services to you. Period.

1. Introduction

TheCommunityCore.com ("TheCore," "we," "us," or "our") operates a community intelligence platform that provides analytics and insights for Discord servers. This Privacy Policy explains how we collect, use, store, and protect your data when you use our services.

By using TheCore, you agree to the collection and use of information in accordance with this policy. If you do not agree with our practices, please do not use our services.

2. Data Controller

For the purposes of GDPR and other data protection laws, the data controller is:
TheCommunityCore.com
Jurisdiction: United Kingdom
Email: hello@thecommunitycore.com

3. Information We Collect

3.1 User Account Information

When you authenticate with Discord OAuth, we collect:

  • Discord User ID
  • Discord Username
  • Discord Avatar
  • Email address (if provided by Discord)
  • Account creation and last login timestamps

3.2 Discord Server Data (Event Data)

When our bot is installed in a Discord server, we collect metadata about server activity:

  • Message Events: Message IDs, channel IDs, user IDs, message length, presence of attachments/embeds, timestamps (we do NOT store full message content, only samples up to 500 characters for AI analysis)
  • Member Events: User join/leave events, timestamps
  • Reaction Events: Emoji reactions, user IDs, message IDs
  • Voice Events: Voice channel join/leave events, user IDs, timestamps

3.3 Automatically Collected Data

  • Session information (session IDs, expiration times)
  • IP addresses (for security and audit purposes)
  • Browser and device information
  • Usage patterns and analytics (pages viewed, features used)

4. How We Use Your Data

We use the collected data for the following purposes:

  • Service Delivery: To provide community analytics, sentiment analysis, engagement metrics, and insights
  • AI Analysis: To perform sentiment analysis and trend detection using AI models (processed via Groq AI)
  • Dashboard & Reports: To generate analytics dashboards, charts, and weekly reports
  • Alerts: To detect engagement drops, sentiment shifts, and other community health signals
  • Account Management: To manage user accounts, authentication, and access control
  • Security: To prevent fraud, abuse, and unauthorized access
  • Compliance: To comply with legal obligations and enforce our Terms of Service

5. Data Sharing and Third Parties

We do NOT sell, rent, trade, or give away your personal data to third parties for any reason.

We only share data with essential service providers in the following strictly limited circumstances:

5.1 Service Providers

  • AI Model Providers: Message samples (up to 500 characters) are sent to one or more AI providers for sentiment analysis, insights, and trend detection. We may use Groq, OpenAI, Anthropic (Claude), or Google (Gemini) depending on the specific use case. We believe each model has unique strengths and weaknesses, and we select the most appropriate provider for each task. All AI providers process data according to their respective privacy policies.
  • Discord: We use Discord OAuth for authentication. Discord's privacy policy applies to data they collect.
  • Stripe (Payment Processing): All payment transactions are processed through Stripe. We do NOT store credit card numbers, CVV codes, or complete payment information on our servers. Stripe collects and processes: cardholder name, billing address, card number, expiration date, and CVV. Stripe is PCI DSS Level 1 compliant (the highest level of payment security certification). See Stripe's Privacy Policy for details on how they handle payment data.

5.2 Legal Requirements

We may disclose your data if required by law, court order, or to protect our rights, property, or safety.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

6. Data Retention

We retain data for as long as necessary to provide our services and comply with legal obligations:

  • User Accounts: Retained until account deletion is requested
  • Discord Event Data: Retained indefinitely for historical analytics unless deletion is requested
  • Session Data: Automatically deleted upon expiration
  • Audit Logs: Retained for 12 months for security purposes

7. Your Privacy Rights

While these rights are mandated by GDPR for residents of the UK and European Economic Area (EEA), we voluntarily extend these same privacy rights to all users worldwide, except where prohibited by international sanctions or embargoes.

You have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing of your data
  • Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)

To exercise any of these rights, contact us at hello@thecommunitycore.com. We will respond within 30 days.

8. Data Security

We implement industry-standard security measures to protect your data:

  • Encrypted data transmission (HTTPS/TLS)
  • Secure password hashing (bcrypt)
  • API key authentication for bot-to-backend communication
  • Role-based access control (RBAC) for multi-tenant isolation
  • Regular security audits and updates
  • Database backups and disaster recovery procedures

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

9. Cookies and Tracking

We use minimal cookies for essential functionality:

  • Session Cookies: To maintain user login sessions
  • Preference Cookies: To remember user preferences (e.g., selected server)

We do not use third-party advertising or tracking cookies. You can disable cookies in your browser settings, but this may affect service functionality.

10. Children's Privacy

TheCore is not intended for users under 13 years of age. We do not knowingly collect data from children. If we discover that a child under 13 has provided us with personal data, we will delete it immediately.

11. International Data Transfers

As a UK-based company, we process data in accordance with UK GDPR. Your data may be transferred to and processed in countries outside the UK and EEA (e.g., when using AI providers). When we transfer data internationally, we ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions recognized by the UK Information Commissioner's Office (ICO).

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, contact us at:

Email: hello@thecommunitycore.com
Website: https://thecommunitycore.com

14. Supervisory Authority

If you believe we have not addressed your concerns adequately, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at https://ico.org.uk or your local data protection supervisory authority if you are located in the EEA.