Privacy
Privacy Policy
Plain language, no surprises. This explains what LavaBot stores, why it needs it, how long it sticks around, and how to get it deleted.
Last updated: June 4, 2026
Who runs this
The short version.
LavaBot is a self-hosted Discord bot and dashboard operated by an individual hobbyist (the "operator"). Your data lives in the operator's own database. It is not sold, rented, or handed to advertisers, and there is no third-party analytics or tracking baked into the site.
What we collect
Only what the features actually use.
- Website account: your email, a hashed password (we never store the plain one), the display name you pick, an optional headline and bio, your role, and sign-in timestamps.
- Sign-in audit: IP address and browser user-agent for login, register, and logout events, kept so the account stays defensible against break-in attempts.
- Discord link: if you connect your Discord account, we store your Discord user ID so the bot can match premium status to you.
- Server configuration: for servers where LavaBot is added, the settings a server admin chooses (anti-raid, chat filter, automod, logging, welcomes, reaction roles, feature toggles) plus role and channel IDs those settings reference.
- Moderation and event logs: when a server enables logging or automated moderation, we record the events it is configured to record (joins, leaves, bans, edits, deletes, and so on), including the target user ID, the acting moderator ID, a reason, and a timestamp.
- Server backups: on request, a snapshot of a server's structure (roles, categories, channels, permission overwrites). Backups do not contain message history.
Message content
The honest part everyone should read.
Chat filtering, automod, and message logging need to read message content to do their job. That reading happens in memory, in the moment, to check a message against the rules a server admin turned on.
We do not keep a copy of every message. Content is only written down when a server has logging enabled and an event fires that is configured to capture it (for example, the previous text of an edited message or the body of a deleted one). If a server never enables those features, no message content is stored at all.
How long we keep it
Logs expire on their own.
- Moderation logs, anti-raid events, chat-filter events, and sign-in audit events expire automatically after a set retention window (90 days by default) and are removed by the database.
- Account data and server settings are kept while the account or the server configuration exists, and are removed when you delete them.
- Server backups are kept until you delete them or they roll off the per-server backup limit.
Your choices
You are in control of your data.
- See it: signed-in users can export a copy of the data tied to their account from the dashboard.
- Delete it: you can delete your website account, which removes your profile, unlinks your Discord ID, and clears your sign-in history.
- On Discord: the
!forgetmecommand unlinks your Discord ID from its LavaBot website account, and!mydatashows what is stored. - Per server: server admins can turn any logging or moderation feature off, which stops new data from being recorded.
How it is protected
Reasonable, current safeguards.
Passwords are stored using a strong one-way hash. Sensitive payment metadata, where it exists, is encrypted at rest. The dashboard rate-limits requests, locks out repeated failed logins, sets hardened session cookies, and is served over HTTPS in production. No system is perfect, but the goal is to keep your data boring and uninteresting to attackers.
Third parties and children
Two quick notes.
The only outside service in the normal flow is Discord itself, which you already use, and its content delivery network for avatars. We do not share your data with anyone else.
LavaBot is not directed at children. Discord requires users to be at least 13 (or older where local law sets a higher age), and the same applies here.
Changes and contact
How to reach a human.
If this policy changes in a meaningful way, the date at the top will move and the change will show up in the changelog. For privacy questions, data exports, or deletion requests that the in-app tools do not cover, reach the operator through the support server linked from the dashboard.