Privacy Policy

Last updated: April 4, 2026

Cuedin ("we", "us", "our") is a SaaS platform that provides Discord bot analytics and order management services. This Privacy Policy describes what data we collect, how we use it, and your rights.

1. Data We Collect

Account and Server Data

• Discord guild ID — used as your tenant identifier to store your configuration and order history
• Discord user ID — used to identify server owners and staff members
• Discord username — stored with customer profiles for display purposes only
• Discord OAuth2 access token — used during dashboard login; not stored persistently

Order and Transaction Data

• Order IDs, product names, prices, payment methods, and status
• Timestamps for order creation, payment, and fulfillment
• Memo words used for payment matching (everyday words like "coffee" or "lunch" — no personal information)
• Payment event records (method, amount, detection source) — no full card numbers or bank account details ever stored

Gmail Metadata (Optional)

If you connect a Gmail account for automatic payment detection, we request access using the gmail.metadata OAuth2 scope only. This means we can read:

• Email sender address
• Email subject line
• Email timestamp

We cannot and do not read email body content, attachments, or any other email data. We store only the OAuth2 access and refresh tokens necessary to poll for payment notification emails. You can revoke this access at any time from your Google account settings or from the Cuedin dashboard.

We strongly recommend connecting a dedicated Gmail account used solely for payment notifications — not your personal or primary Gmail.

Billing Data

Payments are processed by Stripe. We store your Stripe customer ID and subscription ID to manage your plan. We do not store credit card numbers, bank account details, or any other payment instrument data. Stripe's privacy policy applies to all billing data.

Log and Analytics Data

• Bot command usage events (e.g. order created, ticket opened) — no message content
• Server-side application logs for debugging — retained for 30 days

2. How We Use Your Data

• To operate the Cuedin bot and dashboard for your server
• To detect and confirm payments on your behalf via Gmail metadata polling
• To generate revenue analytics and business insights visible only to you and your staff
• To manage your subscription through Stripe
• To send service notifications (plan expiry, Gmail disconnection alerts) via Discord DM or bot messages

We do not sell your data. We do not use your data for advertising.

3. Data Sharing

We share data with third parties only as necessary to operate the service:

• Stripe — for subscription billing processing
• Google — for Gmail OAuth2 authentication (only if you connect Gmail)
• Discord — for bot operation and OAuth2 authentication
• Hetzner — our hosting provider. Data is stored on servers in Helsinki, Finland

We do not share data with any other third parties.

4. Data Retention

• Active tenants — data retained for the duration of your account
• Cancelled accounts — data retained for 90 days after cancellation, then permanently deleted upon request
• Application logs — automatically purged after 30 days
• Gmail OAuth tokens — deleted immediately when you disconnect Gmail from the dashboard

5. Your Rights

You have the right to:

• Access your data — contact us to request a copy of all data associated with your guild
• Delete your data — contact us to request complete deletion of all your data
• Revoke Gmail access — disconnect at any time from Config → Payments in your dashboard or from your Google account settings
• Data portability — Business plan users can export order data as CSV from the dashboard

6. Security

We use industry-standard security measures including:

• HTTPS/TLS encryption for all data in transit
• Encrypted storage for OAuth tokens (access and refresh tokens)
• Parameterized SQL queries to prevent injection attacks
• Tenant isolation — all data is strictly separated by guild ID; no cross-tenant data access is possible

7. Children's Privacy

Cuedin is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided personal data to us, please contact us.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be announced in our support server. Continued use of the service after changes constitutes acceptance.

9. Contact

For privacy-related requests, contact us via our support server. For data deletion requests or access requests, please include your Discord guild ID.