Legal
Privacy Policy
Table of Contents
1.Introduction
PhishFence (“the Bot”, “we”, “us”, “our”) is a Discord bot designed to protect Discord communities from scams, phishing links, malicious content, and other harmful activity. It does this by monitoring messages, analysing attachments and URLs, and applying automated or moderator-assisted responses when threats are detected.
This Privacy Policy explains what information PhishFence collects, why it collects it, how it is stored and protected, and what rights you have over your data. By using or interacting with the Bot — whether as a server administrator, moderator, or regular user — you acknowledge that you have read and understood this policy.
If you do not agree with any part of this policy, please ask your server administrator to disable or remove the Bot from your server.
2.Who We Are
PhishFence is developed and operated by its owner(s) (“the Developer”). The Bot is self-hosted and the data it collects is stored in a MongoDB database controlled exclusively by the Developer.
For all privacy enquiries, please use the contact details listed in Section 14.
3.Scope of This Policy
This policy applies to:
- All Discord servers (“guilds”) that have added PhishFence.
- All users who send messages, join servers, or otherwise interact with any Discord server where PhishFence is active.
- All server administrators and moderators who configure or operate the Bot.
This policy does not apply to:
- Discord itself. Discord's own Privacy Policy governs how Discord processes your data.
- Any third-party services (such as Google Safe Browsing) beyond what is described in Section 7.
4.What Data We Collect
PhishFence collects two categories of data: User Data and Server Data.
4.1 User Data
User data is only recorded when the Bot detects potentially harmful activity from an account. No data is stored for users who have never triggered a detection event.
4.1.1 User Profile Record
When a user is first detected, a profile is created containing:
| Field | Description |
|---|---|
| Discord User ID | Unique identifier for the account |
| Discord Username | Snapshot of the username at the time of first detection |
| Suspicion Score | A numeric score (0–100) calculated from the severity and frequency of detected incidents |
| Suspicion Level | A derived threat level: Low, Medium, High, or Critical |
| Monitoring Status | Whether the account is currently under active monitoring |
| Monitoring Start Date | When monitoring began |
| Monitoring End Date | When monitoring was lifted (if applicable) |
| Total Incident Count | Number of times this account has triggered a detection |
| Servers Flagged In | List of Discord server IDs in which incidents were detected |
| Last Incident Date | Timestamp of the most recent detection event |
| Profile Created Date | Timestamp of the first ever detection |
4.1.2 Incident Log Record
Every time a detection event occurs, a separate log entry is created containing:
| Field | Description |
|---|---|
| Incident ID | A unique identifier (UUID) for this specific event |
| Discord User ID | The user who sent the flagged content |
| Discord Username | Snapshot of the username at the time of the incident |
| Detection Method | How the content was identified (e.g. pattern match, link scanner) |
| Discord Server ID | The server where the incident occurred |
| Discord Server Name | Name of the server at the time of the incident |
| Discord Channel ID | The channel where the message was sent |
| Discord Message ID | The unique ID of the message (may be null if the message was deleted before logging) |
| Scam Category | Type of threat detected (e.g. phishing link, nitro scam, crypto scam) |
| Message Content | The raw text content of the flagged message |
| Detected URLs | All links present in the flagged message |
| Trigger Rule | The specific detection rule or pattern that matched |
| Suspicion Score at Time | A snapshot of the user's score at the moment of this incident |
| Score Increase | The number of points this incident added to the user's score |
| Action Taken | The automated or moderator-applied action (e.g. message deleted, muted, banned) |
| Detection Timestamp | When the incident was detected |
4.2 Server (Guild) Data
A server configuration record is created automatically when PhishFence is added to a server. This record contains:
| Field | Description |
|---|---|
| Discord Server ID | Unique identifier for the server |
| Discord Server Name | Name of the server at time of setup |
| Log Channel ID | The Discord channel where alerts are sent |
| Mute Duration | Configured timeout length (in minutes) for mute actions |
| Threat Rule Overrides | Per-threat-type action settings configured by the administrator |
| Setup Date | When the configuration was created |
| Setup By (User ID) | The Discord user ID of the administrator who ran setup |
Server records are deleted automatically when PhishFence is removed from a server.
4.3 Data We Do NOT Collect
We explicitly do not collect:
- Messages from users who have not triggered a detection event.
- Voice or video data.
- Direct messages sent to other users (the Bot cannot access DMs between users).
- Payment information of any kind.
- Email addresses or real names.
- IP addresses or device information.
- Any data through cookies, tracking pixels, or web analytics.
5.How We Collect Data
PhishFence collects data through the following Discord gateway events:
| Event | What It Triggers |
|---|---|
| Message Created | Every message sent in a server where PhishFence is active is scanned. Message content, attachments, and embedded URLs are analysed. If no threat is detected, no data from that message is retained. |
| Member Joined | When a user joins a server, PhishFence checks whether an existing profile exists for that user. If the user is already flagged as High or Critical risk, an alert is sent to the server's log channel. No new data is collected at this stage. |
| Server Joined | When PhishFence is added to a new server, a configuration record is automatically created and basic alert logging is set up for that server. |
| Server Left / Removed | When PhishFence is removed from a server, all server configuration data for that server is permanently deleted. |
| Interactions | When a user runs a slash command or clicks a moderation button in an alert, interaction data (user ID, server ID, selected options) is processed to carry out the requested action. |
5.1 Image and Attachment Scanning
When a message contains image attachments, PhishFence may download the image temporarily to compute a perceptual hash (a compact fingerprint of the image). This hash is compared against a database of known scam image hashes. The image file itself is not stored — only the computed hash is used for comparison, and it is discarded immediately after the check.
5.2 URL Scanning
When a message contains URLs, PhishFence may submit those URLs to the Google Safe Browsing API for threat analysis. Only the URLs themselves are sent — no user identifiers, message context, or server information is transmitted to Google. See Section 7 for more detail.
6.How We Use Your Data
PhishFence uses the data it collects solely for the following purposes:
| Purpose | Description |
|---|---|
| Scam Detection | To identify messages, images, and links that match known scam and phishing patterns. |
| Suspicion Scoring | To build a risk profile for accounts that have triggered detections, enabling more informed automated and manual moderation decisions. |
| Cross-Server Threat Sharing | To alert servers when a previously flagged High or Critical risk user joins, allowing server moderators to take precautionary action. |
| Automated Moderation | To automatically delete flagged messages and apply moderation actions according to each server's configured rules and the user's escalation level. |
| Moderator Alerts | To send structured alert messages to designated log channels so human moderators can review detections and take manual action. |
| Statistics and Diagnostics | To provide server administrators and Bot owners with aggregated statistics about detection activity. |
| Bot Operation | To store server-specific settings (log channel, threat rules, mute duration) so the Bot behaves according to each server's preferences. |
We do not use your data for advertising, marketing, selling or licensing to any third party, or any purpose beyond what is described in this policy.
7.Data Sharing and Third Parties
7.1 Google Safe Browsing API
When a message contains one or more URLs, those URLs may be submitted to the Google Safe Browsing API v4 to check whether they are associated with malware, phishing, or other threats.
| Detail | |
|---|---|
| What is shared | The URLs extracted from the flagged message only |
| What is NOT shared | User IDs, usernames, server IDs, message content, or any other identifying information |
| Who receives it | Google LLC |
| Why | To detect phishing and malware links that may not be covered by local pattern rules |
| Google's Privacy Policy | policies.google.com/privacy |
7.2 Discord
By operating on the Discord platform, all bot functionality inherently involves Discord's infrastructure. Messages, user IDs, server IDs, and interactions pass through Discord's systems as part of normal platform operation. This is governed by Discord's Privacy Policy and Terms of Service.
7.3 No Other Third-Party Sharing
PhishFence does not share data with any analytics, advertising, or telemetry service, store data in any cloud service other than its own MongoDB database, or sell, rent, or license any user or server data to any party.
8.Data Retention
| Data Type | Retention Period | How Deletion Occurs |
|---|---|---|
| User Profile (SAMProfile) | Indefinite while active; suspicion scores auto-reset after 30 days of inactivity | Full deletion available on request — see Section 10 |
| Incident Logs (SAMLog) | Indefinite | Deleted on request — see Section 10 |
| Server Settings (GuildSettings) | Until the Bot is removed from the server | Automatically deleted when the Bot leaves or is kicked |
| Cached Server Settings (in memory) | 5 minutes | Automatically discarded; expired entries swept every 10 minutes |
| Image Buffers | Processing only (seconds) | Never persisted; discarded immediately after hash computation |
| URL Scan Results | Not stored | Results are used in real time and immediately discarded |
8.1 Automatic Score Reset
User suspicion scores and threat levels are automatically reset to zero if no new detection incidents occur within a 30-day rolling window. This reset is performed by a daily background task. Incident log history is preserved even after a score reset unless a full deletion is requested.
9.Automated Decision-Making and Moderation Actions
9.1 How Automated Actions Work
When content is detected as potentially harmful, the Bot determines what action to take based on:
- The server's configured rule for that threat type (e.g. always ban, always delete, or use the automatic escalation system).
- The user's current escalation level, calculated from the number of incidents detected within the past 24 hours.
| Incidents in Last 24 Hours | Automated Action |
|---|---|
| 1 | Message deleted only |
| 2 | Muted (timeout) for the server's configured duration |
| 3 | Kicked from the server |
| 4 or more | Banned from the server |
9.2 Human Review
All automated actions generate an alert message in the server's log channel. Moderators can review the detected content and use the provided buttons to apply or override the Bot's decision. The Bot does not prevent moderators from reversing any automated action.
9.3 Cross-Server Risk Alerts
If a user with a High or Criticalsuspicion level joins a server, an alert is automatically sent to that server's log channel. No action is taken automatically at join time — the alert is informational and requires a human moderator to act.
9.4 Challenging an Automated Decision
If you believe an automated moderation action was taken against you incorrectly, please contact the moderators of the server where the action occurred. If you believe your PhishFence profile data is inaccurate, you may submit a data correction or deletion request as described in Section 10.
10.Your Rights and Data Requests
Depending on your jurisdiction, you may have the following rights over your personal data:
| Right | Description |
|---|---|
| Right to Access | You may request a copy of all data PhishFence holds about you. |
| Right to Rectification | If any stored data about you is factually inaccurate, you may request it be corrected. |
| Right to Erasure | You may request the deletion of your user profile and all associated incident logs. |
| Right to Restriction | You may request that your profile is placed under restricted processing pending a review. |
10.1 How to Submit a Request
To exercise any of the rights above, please contact us using the details in Section 14. Include:
- Your Discord User ID.
- The nature of your request (access, deletion, correction, objection).
- Any relevant context (e.g. the server in which an action occurred).
We will acknowledge your request within 14 days and action it within 30 days.
10.2 Note on Server Administrator Rights
Server administrators may request deletion of their server's configuration data at any time. The fastest method is to remove the Bot from the server, which triggers automatic deletion.
11.Security
We take the security of stored data seriously. The following measures are in place:
- Private self-hosted infrastructure: The Bot and its database are hosted exclusively on privately owned hardware on a privately managed network.
- Isolated database: All data is stored in a private MongoDB database that is not accessible from the public internet.
- No public code repositories: The Bot's source code and configuration are not published in any public repository.
- No public-facing data endpoints: No API, dashboard, or interface exposes raw stored data to the public internet.
- Restricted access: Database and infrastructure access is limited solely to the Bot operator.
No system is completely immune to risk. We cannot guarantee the absolute security of stored data and are not liable for breaches outside of our reasonable control. In the event of a data breach, we will notify affected parties as soon as reasonably practicable.
12.Children's Privacy
Discord requires all users to be at least 13 years of age. PhishFence does not knowingly collect data from users under 13. If you become aware that a user under 13 has had data collected by the Bot, please contact us immediately using the details in Section 14 and we will delete the relevant records.
13.Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last Updated”date at the top of this document and announce the change in the Bot's support server where applicable. Continued use of the Bot after an updated policy is posted constitutes acceptance of the revised terms.
14.Contact Us
For all privacy-related enquiries, data requests, or concerns, please contact us through one of the following:
| Method | Details |
|---|---|
| Discord Support Server | discord.gg/btl |
| Discord User | Contact a Bot owner directly via Discord |
We aim to respond to all enquiries within 14 days.