Legal

Privacy policy.

What we collect, why we collect it, and how to make us stop. Last updated May 7, 2026.

Who we are

Livecord is operated from Turin, Italy. When this policy says we, us, or Livecord, that's who we mean. If you're in the EU/EEA or the UK, your data is protected under GDPR (or UK GDPR), and the rights described below apply to you.

What we collect

We try to collect only what we need to run the service. In practice that means:

  • Account data. Your username, email address, and a hashed password (Argon2id — we never see the plaintext).
  • Discord credentials you provide. When you add a Discord account to Livecord, we store the user token you give us so we can keep that account online and forward messages on your behalf. You can remove an account — and its token — at any time from the dashboard.
  • Configuration. Your onliner presence settings, mirror routes, selfbot module preferences, notification rules.
  • Operational logs.Activity events (account-online, mirror-forwarded, module-triggered), error traces, request logs. We use these to debug and to show you your own activity history. They're kept for as long as the account exists and rotated where it makes sense.
  • Cookies and local storage. A signed JWT cookie keeps you logged in. A localStorage entry (livecord-cookie-consent) remembers your analytics consent choice. That's it for first-party tracking.

What we don't collect

  • We don't read or store the content of Discord messages unless you've explicitly configured a mirror that forwards them — and even then we only hold them long enough to forward.
  • We don't sell your data. Ever. There is no scenario where this changes.
  • We don't fingerprint your browser or build behavioral ad profiles.

Third parties

We keep this list short on purpose.

  • Google Analytics 4. Off by default. Only loads if you click Accept in the cookie banner. Records anonymized page views and a session identifier. You can revoke consent any time by clearing the livecord-cookie-consent entry in your browser's storage.
  • Discord. By design, Livecord talks to the Discord API on your behalf using the token you provided. Anything you do through Livecord is also subject to Discord's privacy policy.
  • Email provider. Transactional email (verification, password reset) is sent through an SMTP relay. The recipient address and the email body are obviously visible to that provider.

Where data lives

Account data, configuration, and logs sit in a PostgreSQL database on infrastructure we control. Backups are encrypted. We don't replicate user data outside the EU.

How long we keep it

  • Active accounts: for as long as you keep the account.
  • Deleted accounts: when you delete your account, we wipe your record, your Discord tokens, your configurations, and your logs from the live database within 30 days. Encrypted backups age out within a further 30 days.
  • Inactive accounts:if an account hasn't been signed into in 18 months, we may email you and then delete it.

Your rights

Under GDPR (and similar laws elsewhere), you can:

  • Ask for a copy of the personal data we hold about you.
  • Correct anything that's wrong.
  • Have it deleted — usually by hitting Delete account in settings, or by emailing us if that doesn't work for you.
  • Take it elsewhere (data portability) — we'll give you a machine-readable export.
  • Object to or restrict specific processing.
  • Withdraw consent for analytics any time, with no effect on your account.

To exercise any of these, email [email protected]. We aim to respond within 14 days. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) or your local supervisory authority.

Security

Passwords are hashed with Argon2id. Discord tokens are stored encrypted. Sessions use signed JWTs over HTTPS-only cookies. We're a small team running a real service — we can't promise perfect security, and anyone who does is lying. We can promise we treat token theft and credential leaks as Sev 1 incidents and disclose them to affected users without bargaining.

Changes to this policy

If we change anything that meaningfully affects your data, we'll bump the date at the top, and for material changes we'll email you. Smaller copy edits and clarifications won't trigger a notice.

Contact

Questions, takedown requests, GDPR requests, or just feedback on this policy: [email protected].

← Back to Livecord