Privacy Policy
Last updated: July 4, 2026
1. Overview
This Privacy Policy explains what data Omnis ("Omnis," "we," "us") collects through the Omnis Discord bot and the companion web dashboard at aegisomnis.com (together, the "Service"), why we collect it, and what control you have over it. It applies to server administrators who configure Omnis, individual Discord users who interact with it, and anyone who logs into the dashboard.
This policy is written primarily to meet UK data protection law (the UK GDPR and the Data Protection Act 2018) and Canadian federal privacy law (PIPEDA — the Personal Information Protection and Electronic Documents Act), since that's where we're principally based and where most of our users are. The practices described here — collecting the minimum data needed, never selling personal data, clear disclosure of optional features, and honoring access/deletion requests — reflect principles found in most other data protection laws too, but we make no claim of formal certification under every privacy law in every country. If a specific local law imposes additional obligations on us for you, tell us (Section 13) and we'll address it.
Omnis operates independently of Discord Inc. and is not affiliated with, endorsed by, or sponsored by Discord. Your use of Discord itself is governed by Discord's own Privacy Policy.
2. Data We Collect
2.1 Discord account data (via OAuth login)
When you log into the dashboard with "Login with Discord," Omnis requests the identify and guilds OAuth scopes. This gives us your Discord user ID, username, discriminator, avatar, and the list of servers you belong to (including which ones you have Manage Server permission on, so we can show you the right settings pages). We do not request your email address, and we never see your Discord password — authentication happens entirely on Discord's servers.
2.2 Server and bot usage data
Depending on which features a server administrator enables, Omnis stores data needed to run those features, scoped to the servers Omnis is added to. This can include: moderation records (warnings, mod-action logs, automod configuration); leveling/XP progress; economy balances and transaction history; ticket transcripts; giveaway entries; welcome/goodbye and autorole configuration; reaction-role setups; custom command definitions; suggestions, polls, and starboard posts; audit-style logs of message edits/deletes and channel/role changes (if logging is enabled); invite-tracking records; birthdays (only if a user chooses to submit one); profile fields, reputation, and social actions users opt into; reminders, notes, and to-dos users create; and quest/achievement progress.
This data is tied to Discord user and server IDs, not to any identity verified outside Discord.
2.3 Dashboard session data
The dashboard uses a session cookie to keep you logged in. The session itself is stored server-side in our database and expires after 7 days of issuance. We don't use advertising or cross-site tracking cookies — see our Cookie Policy.
2.4 Payment data (PayPal subscriptions and premium keys)
If a server subscribes to Premium via PayPal, we store the PayPal subscription ID and its status (active/cancelled/suspended/expired) so we know whether to grant Premium — we never see or store your card number, bank details, or PayPal password; that entire transaction happens on PayPal's own systems, governed by PayPal's Privacy Policy. If Premium is granted via a redeemable key instead, we store which Discord user redeemed which key code for which server, and when.
2.5 White-label bot tokens (Premium+)
If you set up a white-label bot, you provide us with a Discord bot token for an application you created and own. We store it encrypted at rest (AES-256-GCM) and use it only to run that bot on your behalf, restricted to the single server you specify. We never display the token back to you after you submit it, and deleting a white-label bot from the dashboard permanently erases the stored token from our database immediately. This is inherently sensitive credential data — treat the setup page the same way you'd treat entering a password, and rotate the token in the Discord Developer Portal (which immediately invalidates the old one) if you ever suspect it's been exposed.
3. Voice Data (VC Summaries)
Omnis includes an optional, Premium, staff-initiated feature (/ai vc start) that transcribes a voice channel's audio to generate a text summary. This is never automatic or passive — it only runs when a member with permission explicitly starts it, and Omnis posts a visible disclosure in the channel before recording begins, with a short delay so participants can leave first. Audio is transcribed via a third-party AI provider (see Section 6) and discarded after transcription; the resulting text transcript and summary are stored so the feature can be reviewed later or looked up with /ai vc last. If your server enables this feature, you are responsible for complying with recording-consent laws applicable in your jurisdiction and your members' jurisdictions before using it.
4. AI-Processed Content
If a server administrator enables Omnis's AI features (/ai commands, including personality settings and VC summaries) and configures an AI provider, text you submit to those commands — and, for VC summaries, transcribed voice audio — is sent to that provider for processing. We do not train any AI model on your data ourselves; the provider's own data-handling terms apply to that transmission. AI features are off by default and require both a bot-owner-configured API key and a per-server opt-in.
5. How We Use Information
- To operate the features you or your server administrators enable (moderation, economy, leveling, tickets, etc.)
- To authenticate you and show the correct servers/settings on the dashboard
- To process Premium subscriptions and redeemable keys
- To maintain aggregate, non-identifying statistics shown on our homepage (server count, command count, total commands run)
- To detect and respond to abuse, spam, or raids (including the heuristic, non-AI raid/spam detection described in our documentation)
- To provide support when you contact us
Under UK GDPR, our legal bases for these uses are: performance of a contract (providing the Service you or your server signed up to use), legitimate interests (keeping the Service secure and running smoothly), and consent (for optional features like AI tools and VC summaries, which require an explicit server-level opt-in). We do not sell personal data, and we do not use your data for advertising.
6. Third-Party Services & International Transfers
Running Omnis requires sharing limited data with:
- Discord — for authentication, bot operation, and all message/voice delivery. See Discord's Privacy Policy.
- PayPal (only if you use PayPal billing) — processes your subscription payment; see Section 2.4.
- Our AI provider (only if your server enables AI features) — receives the specific text or audio you submit to AI commands, as described in Section 4.
- Tenor (only if
/fun gifis used and configured) — receives your search query to return a matching GIF. - Our database and hosting infrastructure — stores the data described in Section 2 on servers we control or contract with.
Some of these providers may process data outside the UK or Canada (for example, most AI providers and Discord itself operate infrastructure in the United States). Where that happens, we rely on the provider's own safeguards (such as standard contractual clauses or equivalent mechanisms) for the transfer. We do not share your data with any other third party except where required by law.
7. Data Retention & Deletion
We retain server and usage data for as long as Omnis remains active in a server, or as needed to provide the Service, consistent with the data-minimization and limiting-retention principles of both UK GDPR and PIPEDA. Removing Omnis from your server stops new data collection there, but does not automatically erase historical records already stored — you can request deletion at any time (Section 13, Contact). Dashboard sessions expire automatically after 7 days of inactivity.
8. Your Rights
If UK data protection law applies to you, you have the right to: access the personal data we hold about you; request correction of inaccurate data; request erasure ("right to be forgotten"); restrict or object to certain processing; receive your data in a portable format; and withdraw consent at any time for anything based on consent (e.g., disabling AI features or VC summaries in your server).
If Canadian federal privacy law (PIPEDA) applies to you, you have the right to: know why we collect, use, or disclose your personal information; access the personal information we hold about you; challenge its accuracy and have it corrected; and withdraw consent, subject to legal or contractual restrictions.
In practice, exercising any of these rights works the same way regardless of which framework applies to you:
- Remove Omnis from any server you administer at any time (Server Settings → Integrations).
- Log out of the dashboard at any time, which ends your session.
- Contact us (Section 13) to access, correct, or delete data we hold about you — we'll respond as soon as reasonably possible, and in any case within the timeframes required by applicable law.
9. Children's Privacy
Omnis is a Discord bot, and Discord's own Terms of Service require users to meet Discord's minimum age requirement (13, or higher where local law requires — including the UK's age-of-consent rules for information-society services). We do not knowingly collect data from anyone below that threshold, and we rely on Discord's own age-gating for enforcement.
10. Security & Breach Notification
We take reasonable technical measures to protect stored data, including access controls on our database and encrypted transport (HTTPS) for the dashboard. No system is perfectly secure, and we can't guarantee absolute security of information transmitted to or stored by the Service. If a breach occurs that poses a real risk of harm to you, we'll notify affected users and, where legally required, the relevant supervisory authority (Section 11), without undue delay.
11. Complaints & Supervisory Authorities
We'd rather resolve concerns directly — contact us first (Section 13). But you're also entitled to complain to your local data protection authority. For UK users, that's the Information Commissioner's Office (ICO). For Canadian users, that's the Office of the Privacy Commissioner of Canada (OPC). Users elsewhere should contact their own local authority.
12. Changes to This Policy
We may update this Privacy Policy as the Service changes. Material changes will be reflected by updating the "Last updated" date above. Continued use of the Service after changes take effect means you accept the updated policy.
13. Contact
Questions about this policy or your data can be sent to privacy@aegisomnis.com, or reach us directly in our support server.