Privacy Policy

Who we are

Axium ("we", "us") provides a Discord bot, website and companion app for managing Discord and ER:LC communities. This policy explains what we collect, why, how it's protected, and the choices you have. It applies to the Axium bot, axiumbot.xyz, the documentation site, and the Axium app.

What we collect

Discord data: your Discord user ID, username and avatar; the servers you manage; and the role, channel and category IDs you configure Axium to use. We request only the OAuth scopes needed to sign you in and show your servers (identify, guilds).

Configuration you create: server settings, departments, forms, triggers, regions, ticket panels, automod rules and similar setup you enter through Discord or the dashboard.

Operational records: data your community generates while using Axium — moderation cases, shifts, sessions, LOAs, tickets, economy balances, levels, giveaway entries and logs.

Roblox data: if a member verifies, we store the Roblox account they authorize via Roblox's official OAuth, to link it to their Discord account.

Payment data: when you buy tokens or donate, payment is handled by our processor (Stripe). We receive a confirmation and an order reference — we never receive or store your card number.

What we do NOT collect

We do not read or store your direct messages, and we do not collect message content beyond what a feature you enabled requires (e.g. an automod rule inspecting a message it acts on).

We never receive full payment-card numbers — card details are entered on the processor's secure page, not ours.

We do not sell your data, ever, and we do not use it for advertising.

How we use it

To run the features you enable, sync roles and ranks, keep your in-game and Discord state aligned, deliver notifications, process token and donation payments, and keep the service secure (abuse prevention, rate limiting and anti-fraud).

Storage & security

Data is stored in MongoDB. Sensitive credentials — such as ER:LC Server-Keys and webhook URLs — are encrypted at rest, and session cookies are signed (HMAC-SHA256). Access to production data is limited to authorized Axium staff under role-based controls.

No system is perfectly secure, but we apply least-privilege access, encryption of secrets, and signed, tamper-evident tokens (including for configuration exports).

Third parties we share with

Discord and Roblox — to provide the integrations you use, under their respective terms and privacy policies.

Stripe — to process payments (PCI-compliant; they handle card data, not us).

Our hosting and database providers — to operate the service. We do not share your data with anyone else, and we do not sell it.

Retention & deletion

We keep data while your server uses Axium. You can export or wipe a server's configuration from the dashboard at any time, and removing the bot stops further collection.

To request deletion of your personal data or a full account/server data export, use the dashboard tools or contact us — we'll action verified requests within a reasonable period.

Cookies

We use a single, signed, httpOnly session cookie to keep you logged in, and a small preference cookie for your chosen language. We don't use third-party tracking or advertising cookies.

Children

Axium is intended for users who meet Discord's and Roblox's minimum age requirements for their region. We do not knowingly collect data from anyone below those ages.

Changes & contact

We may update this policy as Axium evolves; material changes will be noted here. Questions or requests: reach us through the dashboard, the contact page, or our support server.