Privacy Policy

Last Updated: December 30, 2025

This Privacy Policy explains how we process personal data when you use the Modmail Hosting website and dashboard (the “Service”). It is intended to meet the transparency requirements of the GDPR (and related Dutch/EU privacy rules). If anything here conflicts with applicable law, the law prevails.

1. Controller (who is responsible?)

Controller: Modmail Hosting
Operated by: Lorenzo
Contact email: [email protected]

2. What personal data we process

Depending on how you use the Service, we may process:

  • Account identifiers (Discord): your Discord user ID (and during login, we receive basic “identify” profile data from Discord).
  • Subscription status information (Patreon): whether your Patreon membership is active and what tier limit applies, based on the Discord account linked in Patreon.
  • Service configuration data you enter: instance settings such as bot token, guild IDs, owners list, and database connection URIs. These may contain secrets or credentials.
  • Service usage and technical logs: timestamps and records needed to operate, troubleshoot, secure, and audit the Service (for example, dashboard actions and infrastructure/job events). If you are a site admin, you may view instance logs in the admin interface.
  • Technical data: IP address and device/browser metadata typically transmitted when you access a website.

3. Where the data comes from

  • From you: configuration data you submit through the dashboard.
  • From Discord: when you authenticate via Discord OAuth2.
  • From Patreon: when we check subscription entitlement for your linked Discord account.

4. Purposes and legal bases (GDPR Article 6)

We process personal data for the following purposes and legal bases:

  • Provide the Service and authenticate you (performance of a contract; Art. 6(1)(b)).
  • Provision, run, and manage your instances (performance of a contract; Art. 6(1)(b)).
  • Billing/subscription enforcement (performance of a contract; Art. 6(1)(b)).
  • Security, fraud/abuse prevention, and service integrity (legitimate interests; Art. 6(1)(f)).
  • Compliance with legal obligations (legal obligation; Art. 6(1)(c)).

5. Cookies and similar technologies

We use cookies that are necessary to run the Service (for example, to keep you logged in and maintain session security). We do not intentionally place marketing cookies.

Third-party resources may be loaded by your browser, such as: Google Fonts and Font Awesome CDN. When your browser loads these assets, your IP address and device information may be processed by those providers.

6. Sharing and recipients (processors)

We do not sell your personal data. We may share data with:

  • Discord (authentication and API calls).
  • Patreon (subscription entitlement checks).
  • Hosting/infrastructure providers used to run the Service (compute, storage, networking).
  • Database providers involved in storing Service data (for example MongoDB hosting, depending on your setup).
  • Legal/authorities when required by law or to protect rights and safety.

7. International transfers

Some recipients (for example Discord/Patreon/CDN providers) may process data outside the European Economic Area. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) or other lawful transfer mechanisms.

8. Retention

We keep personal data only as long as needed for the purposes described above, including to operate the Service, resolve disputes, enforce agreements, and comply with legal obligations. Retention periods can vary by data type (e.g., account identifiers vs. operational logs).

9. Security

We use reasonable technical and organizational measures to protect personal data. However, no system is 100% secure. You are responsible for keeping your credentials (including bot tokens and connection URIs) confidential.

10. Your rights (GDPR)

Depending on your situation, you may have the right to:

  • Access your personal data.
  • Rectify inaccurate data.
  • Erase data (“right to be forgotten”), in certain cases.
  • Restrict processing, in certain cases.
  • Object to processing based on legitimate interests.
  • Data portability, where applicable.
  • Withdraw consent, where we rely on consent (if applicable).

To exercise rights, contact us at [email protected]. We may need to verify your identity.

11. Complaints (Netherlands)

If you believe we have not handled your personal data properly, you can contact us first. You also have the right to lodge a complaint with the Dutch supervisory authority: Autoriteit Persoonsgegevens.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last Updated” date.

Back to Home