Privacy Policy
We take your privacy seriously. We collect only what we need, never sell your data, and give you full control over your information.
BotList ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding it.
By using BotList you agree to the collection and use of information as described in this policy.
When you log in with Discord we receive and store the following from Discord's OAuth2 API:
| Data | Purpose |
|---|---|
| Discord ID | Your unique Discord account identifier (snowflake) |
| Username | Your Discord username, displayed on your profile |
| Avatar hash | Used to display your profile picture across the site |
We additionally collect:
- Bot & server listings you submit, including descriptions, links, and tags.
- Votes & reviews you cast or write on the platform.
- API keys stored as secure one-way hashes — we never store the plaintext key.
- Webhook URLs & secrets — secrets stored as bcrypt hashes.
- Session data in signed, encrypted cookies to keep you logged in.
- Basic server logs (IP, method, path, timestamp) retained for max 30 days.
We use your data to:
- Authenticate you and maintain your session.
- Display your profile, listings, and activity on the platform.
- Process votes, reviews, and premium payments.
- Send vote webhook notifications to URLs you configure.
- Detect and prevent abuse, fraud, and spam.
- Improve the performance and reliability of the Service.
We do not sell your personal data to third parties.
We use the following third-party services which may process your data:
| Service | Role |
|---|---|
| Discord | OAuth2 authentication provider. See discord.com/privacy. |
| Neon | PostgreSQL database hosting. Data is encrypted at rest. |
| Upstash Redis | Rate limiting and caching. Minimal data stored. |
| Stripe | Payment processing for Premium. BotList never sees card details. |
| Railway | Application hosting and deployment platform. |
We retain your data for as long as your account is active. You may request deletion at any time (see Section 8). When you delete a listing, associated data is permanently removed from our database.
Server logs are automatically purged after 30 days.
We take reasonable technical measures to protect your data, including:
- Encrypted connections (HTTPS / TLS) for all traffic.
- Database encryption at rest.
- One-way hashing of API keys and webhook secrets.
- Signed, encrypted session cookies.
No system is 100% secure. In the event of a data breach that affects your personal information, we will notify affected users as required by applicable law.
Depending on your jurisdiction you have the right to:
- Access — Request a copy of the personal data we hold about you.
- Rectification — Request correction of inaccurate data.
- Erasure — Request deletion of your account and associated data.
- Portability — Request your data in a machine-readable format.
- Objection — Object to certain uses of your data.
To exercise any of these rights, contact us through our Discord support server or the contact information on the site. We will respond within 30 days.
BotList is not directed to children under 13. We do not knowingly collect personal data from children under 13. If we become aware that we have inadvertently collected such data, we will promptly delete it.
We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance.
Questions or concerns about this Privacy Policy? Contact us via our Discord support server or the contact information available on the site.
© 2026 BotList. All rights reserved.