← Back to Xattix

Privacy Policy

Last updated: March 7, 2026

1. What We Do

Xattix is a Discord bot that protects servers from impersonation attacks. We detect users who copy staff names, profile pictures, and bios to scam your members.

2. Data We Collect

We only collect data necessary to provide our security service:

Data	Purpose	Database Table
Discord User IDs	Identify users for blacklist lookups	scammer_blacklist, whitelist
Usernames & display names	Impersonation name matching	scammer_blacklist
Avatar perceptual hashes	Detect stolen profile pictures (images not stored)	avatar_cache
Bio text	Detect copied bios	bio_cache
Consent records	Track DM opt-in status	consent_records
OAuth2 Tokens (Optional)	Manage Global Consent via Linked Roles	oauth_tokens
Guild settings	Server configuration	guild_settings
Alert history	Admin review of impersonation alerts	alert_history

3. What We Don't Collect

• Message content — We never read or store messages
• Email addresses — Unless you contact us directly
• Payment card data — Handled entirely by Stripe
• IP addresses — Not stored beyond rate limiting

4. Third-Party Services

Service	Purpose	Privacy Policy
Discord API	Bot functionality	discord.com/privacy
Stripe	Payment processing	stripe.com/privacy

We never sell, trade, or share your data with advertisers or data brokers.

5. Direct Messages (DMs)

Xattix uses a strict opt-in consent model:

• DMs are only sent to users who explicitly provided consent. You can consent per-server via a button/registration, or globally by verifying our Global Consent Linked Role on your Discord Profile.
• DMs contain security alerts about impersonation actions
• Every DM includes information about revoking consent
• Revoke consent at any time via the consent button, revoking the OAuth app in Discord User Settings, or by leaving the server

6. Data Retention

Data Type	Retention
Guild settings & consent	Deleted when bot is removed from server
Resolved alerts	Auto-deleted after 90 days
Avatar & bio caches	Refreshed periodically
Global blacklist	Retained for cross-server security (legitimate interest)
Payment records	As required by Stripe and applicable law

7. When Bot is Removed

We immediately delete all server-specific data: settings, roles, whitelist, alerts, consent records, and local blacklist. The global blacklist is retained to protect other communities.

8. Your Rights

Data deletion: Use the /privacy delete slash command to instantly queue your data for deletion across all tables, or email contact@xattix.com.

Data export: Use the /privacy export command to instantly generate a JSON copy of all data tied to your Discord ID, or email us.

Consent revocation: Use the bot's consent button, remove the authorized app in your Discord User Settings, or email us.

9. Children's Privacy

We do not knowingly collect data from users under 13. Discord requires all users to be at least 13.

10. Changes

Updates will be posted here with an updated date.

11. Contact

contact@xattix.com