Ghostwire avatar
Ghostwire Quiet defense for the Girls Discord server.

Privacy Policy

Effective May 23, 2026

Ghostwire's privacy disclosures are split into four policies: a General policy that covers the bot as a whole, plus one policy each for the three optional sign-in flows — Discord, Twitch, and Google / YouTube. The General policy applies to everyone; each provider policy applies only if you choose to run the command that uses it. Click a heading below to expand it — the policies link to one another, and following a link will open the policy it points to.

These policies apply to the bot — which runs only in the Girls Discord server — the https://security.girlsnetwork.dev website, and the OAuth callback endpoints served from that domain. In all four, "we" / "the Service" means Ghostwire.

General Applies to everyone

This General policy covers the moderation features that run for every member of the Girls server, plus the rights, security, and legal framework shared by all four policies. The three optional sign-in flows are documented separately: Discord, Twitch, and Google / YouTube.

Data we process

Where we say "processed in memory," the data passes through the bot to handle a Discord event but is not written to disk.

  • Discord message metadata and content (processed in memory): used by the automod, anti-raid, conversation-hijack, and drift-surveillance modules to decide whether a message warrants action. Message content is not persisted by Ghostwire beyond what Discord itself stores; we keep only the minimum needed for the feature to work (e.g. attachment hashes, not the attachments themselves).
  • Discord IDs (stored): user, channel, role, and guild IDs from the Girls server are stored when needed for features such as watchlists, mod notes, alt-account links, and server backups.
  • Moderator-authored notes (stored): when a moderator runs /modnote or adds a user to a watchlist, the text they enter is stored against the target user's Discord ID.
  • Server backup snapshots (stored): structural information about the Girls server — channels, roles, permissions, categories, configured webhooks, etc. — created when a Girls moderator runs the backup commands. Message content from channels is not included in these snapshots.
  • Operational logs (stored short-term): structured logs about command invocations, errors, and moderation actions, used for debugging and audit. Logs are rotated and pruned.

Data tied to the optional sign-in flows — Discord OAuth backup records and activity rank levels, Twitch verification, and Google/YouTube verification — is described in the relevant provider policy above.

Persistent personal data we hold about you

The following table lists every category of personal data that Ghostwire stores linked to your Discord user ID. This list is generated directly from the system's data registry and is the authoritative record — if it is not listed here, it is not stored.

Data Why we hold it Controlled by Auto-expires Cleared by "Clear Personal Data" Included in exports In policy since
Backup record & email Stored at explicit user consent for server recovery contact. You (opt-in) No ✓ Yes ✓ Yes 2026-05-23
Activity level snapshot Stored at explicit user request for level restoration after server events. You (opt-in) No ✓ Yes ✓ Yes 2026-05-23
Alt account links Links accounts at user request for cross-account identity continuity. Unlinking is a manual, staff-assisted process. Moderation staff No ✗ No ✓ Yes 2026-05-23
Birthday Set by user via /community birthday. Used for annual birthday announcements. You (opt-in) No ✓ Yes ✓ Yes 2026-05-23
Behavioral profile Inferred from message activity to detect unusual account behaviour and potential compromise. Staff are excluded. System 30 days of inactivity ✓ Yes ✓ Yes 2026-05-23
Self-timeout sessions Tracks active /touchgrass sessions to prevent stacking and bypassing moderator timeouts. System 24 hours after session ends ✓ Yes ✓ Yes 2026-05-23
File submission records (unblocked) SHA hashes of submitted files used to deduplicate and detect policy-violating content. Blocked hashes are retained as abuse-prevention infrastructure regardless of deletion. System 180 days from submission ✓ Yes ✗ No 2026-05-23
Support reference ID Sequential internal ID assigned on first dashboard login. Used as a privacy-preserving support identifier so users never need to share Discord IDs or emails. System No ✗ No ✓ Yes 2026-05-23
Moderation notes Staff-written notes retained for moderation continuity and audit integrity. Moderation staff No ✗ No ✗ No 2026-05-23
Active watches Staff-placed monitoring flags retained for active moderation use. Moderation staff Optional expiry set by placing staff member ✗ No ✗ No 2026-05-23

What we do not collect

  • We do not sell or rent any data to third parties.
  • We do not run ads or use advertising trackers on https://security.girlsnetwork.dev.
  • We do not store DMs sent to the bot beyond what is needed to answer the immediate request.
  • We do not store Twitch or Google OAuth tokens after the verification check completes.

Legal bases for processing (GDPR)

Where the General Data Protection Regulation applies, our legal bases are:

  • Consent — for the opt-in /backup flow and the creator-verification flows.
  • Legitimate interests — for the moderation features needed to keep the Girls server safe (automod, anti-raid, watchlists). The moderation team of the Girls server acts as the data controller for these features.
  • Legal obligation — where we are required to retain or disclose data by applicable law.

Retention

Retention periods for personal data linked to your Discord user ID are shown in the table above. For infrastructure data not linked to individual users:

  • Server backup snapshots: retained on infrastructure under our control for as long as needed to recover from server loss.
  • Operational logs: short-term, typically days to a few weeks, then rotated out.
  • Sign-in flow data: see the Discord, Twitch, and Google / YouTube policies for their specific retention rules.

Sharing

We do not share data with third parties except:

  • Discord, Twitch, and Google, when required to complete the OAuth flows you have explicitly initiated.
  • Members of the Girls server's moderation team, who can see the moderation data the bot surfaces in the course of their duties.
  • Where required by applicable law, court order, or to protect the rights, safety, or property of users.

Security

Data is stored on infrastructure under our control. OAuth tokens that are stored (the Discord backup flow only) are written to disk with restrictive file permissions (0o600). The OAuth callback endpoint is served only over HTTPS. Despite reasonable precautions, no system is perfectly secure; please report any vulnerabilities to [email protected]. We aim to acknowledge security reports within 72 hours.

Your rights

You can exercise the following rights at any time:

  • Access & deletion of your data: use the Clear Personal Data button on your dashboard. This clears all user-resettable data in one step: Backup record & email, Activity level snapshot, Birthday, Behavioral profile, Self-timeout sessions, File submission records (unblocked). Data not cleared by this action (Alt account links, Support reference ID, Moderation notes, Active watches) is retained for the reasons described in the table above. You can also delete individual data categories — backup record, level snapshot, or alt-account links — using the targeted delete buttons on your dashboard, or via the bot commands /backup user-clear, /backup levels-clear, and /alt clear.
  • Data portability / export: use the export buttons on your dashboard to download everything we hold about you. Formats available: JSON, YAML, TOML, and Excel (XLSX). Exports include all data categories marked "Included in exports" in the table above. OAuth tokens are operational credentials and are intentionally excluded from all export formats.
  • Remove creator roles: run /creator clear in the Girls server to remove any Twitch or YouTube creator role the bot previously granted you. The bot does not retain any tokens from the original verification.
  • Withdraw Discord OAuth consent: see the Discord policy.
  • Other GDPR / data-protection requests (rectification, restriction, objection, complaint to a supervisory authority): email [email protected]. We will respond within the timeframes required by applicable law.

Children

Ghostwire is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has interacted with the Service in a way that resulted in data collection, contact us and we will delete the data.

International transfers

The Service is operated from infrastructure that may be located outside your country. By using the Service you understand that your data may be processed in jurisdictions with different data-protection laws than your own.

Changes to these policies

We may update these policies. When we do, we will update the "Effective" date at the top. Material changes will be communicated in the project repository. Continued use of the Service after a change constitutes acceptance of the new policies.

Contact

Privacy questions, deletion requests, and complaints go to [email protected].

Discord — member backup & recovery Opt-in

This policy covers the optional /backup flow, which signs you in with Discord so we can re-invite you to a replacement server if the Girls server is ever lost. It applies only if you run those commands. The shared rights, security, and legal framework live in the General policy.

Data we access and store

  • Backup OAuth record (opt-in): if you run /backup user and complete the Discord OAuth flow, we store your Discord user ID, your Discord OAuth access and refresh tokens, the token expiry, and the timestamp at which you consented. Each user's record is held in a dedicated file on disk, keyed by Discord user ID.
  • Email (optional): by default, /backup user also requests Discord's email OAuth scope and stores the email address Discord returns — used to contact you about a replacement server if the Girls server is ever lost. You can opt out by running /backup user collect-email:false; the authorization link then omits the email scope entirely, no email is requested from Discord, and the stored value is null.
  • Activity rank levels (opt-in): if you run /backup levels, we fetch your current ActivityRank statistics (level, progression, lifetime/year/month/week/day totals across messages, voice minutes, votes, invites, and bonus) from the ActivityRank API and store a snapshot alongside your backup record, so your rank can be restored if your ActivityRank data is ever lost.

How we use the data

The backup record is used solely to re-invite you (via Discord's OAuth guilds.join capability) to a replacement server, and the stored email to notify you if that becomes necessary. We do not use it for anything else.

How we store and protect the data

Backup records are stored on infrastructure under our control, one file per user, keyed by Discord user ID, with restrictive file permissions (0o600). The OAuth callback is served only over HTTPS.

Retention and deletion

  • Backup OAuth records: retained until you run /backup gdpr-clear (or /backup user-clear to remove only the OAuth record), are banned from the Girls server, or remove the bot's authorisation in Discord, whichever comes first.
  • Activity rank levels: retained until you run /backup gdpr-clear or /backup levels-clear.
  • Withdraw consent: visit Authorized Apps in your Discord settings and remove Ghostwire. We recommend running /backup gdpr-clear first so the local copy is also deleted.

Twitch and Google/YouTube sign-ins are separate flows with their own policies: Twitch and Google / YouTube.

Twitch — creator verification Opt-in

This policy covers the optional /creator twitch command, which signs you in with Twitch to confirm you are a Twitch Affiliate or Partner so the bot can grant a creator role. It applies only if you run that command. The shared rights, security, and legal framework live in the General policy; the parallel YouTube flow is documented in the Google / YouTube policy.

Data we access

The flow requests the user:read:email scope as a technical minimum (Twitch refuses an empty scope), but we never read your email. The only field we read is broadcaster_type from your own Twitch user record, which tells us whether your account is affiliate, partner, or neither.

How we use the data

broadcaster_type is used for one purpose only: to decide whether to grant the Twitch creator role in the Girls Discord server. We make no other use of it and do not profile you or use it for advertising.

How we store, protect, and share the data

Ghostwire does not store any Twitch data. The access token and the broadcaster_type value exist only as transient values in memory for the few seconds the check takes; nothing is written to disk, cached, or logged, and the access token is explicitly revoked with Twitch as soon as the check finishes. The data is not shared with any third party.

Retention and deletion

  • Because nothing is stored, there is nothing to retain or delete on request.
  • Run /creator clear in the Girls server to remove the Twitch creator role the bot previously granted you.
  • Review or revoke Ghostwire's access at any time under Twitch → Connections.
Google / YouTube — creator verification Opt-in

This policy describes, in full, how Ghostwire accesses, uses, stores, shares, and retains Google user data. It applies only to the optional /creator youtube command, which you start yourself and which asks you to sign in with Google. If you never run that command, Ghostwire never requests or receives any Google user data about you. The shared rights, security, and legal framework live in the General policy; the parallel Twitch flow is documented in the Twitch policy.

Data we access (OAuth scopes)

When you run /creator youtube and complete the Google consent screen, you authorise Ghostwire for the following Google OAuth scopes. We request the narrowest set of scopes that lets us confirm YouTube Partner Program (YPP) membership:

  • https://www.googleapis.com/auth/youtube.readonly — read-only access used to identify the YouTube channel that belongs to the signed-in Google account (channel==MINE).
  • https://www.googleapis.com/auth/yt-analytics.readonly — read-only access to YouTube Analytics reports for that channel.
  • https://www.googleapis.com/auth/yt-analytics-monetary.readonly — read-only access to monetary YouTube Analytics, required to query the estimatedRevenue metric.

Using these scopes, the only Google data Ghostwire actually reads is a single YouTube Analytics report for your own channel — the estimatedRevenue metric over the most recent 30-day window. We do not read your videos, comments, subscribers, watch history, contacts, email address, profile details, or any other Google or YouTube data.

How we use the data

The estimatedRevenue figure is used for one purpose only: to determine whether your channel is an active YouTube Partner Program member. A channel that returns YPP revenue data is treated as eligible and is granted the corresponding creator role in the Girls Discord server. A channel with no such revenue data is treated as not eligible and no role is granted. The Service makes no other use of the data, does not profile you, and does not use Google user data for advertising or any form of personalisation.

How we store and protect the data

Ghostwire does not store any Google user data. The OAuth access token and the estimatedRevenue result exist only as transient values in memory for the few seconds the verification takes. Nothing from the Google flow is written to disk, saved in a database, cached, or recorded in our logs. The OAuth callback that handles the flow is served only over HTTPS. As soon as the eligibility check finishes — whether it succeeds or fails — the access token is explicitly revoked with Google and discarded.

How we share the data

Ghostwire does not share Google user data with any third party. The only outcome shared is the resulting Discord creator role, which is visible inside the Girls server; the underlying Google data is never transmitted to anyone, sold, rented, or transferred. Communication with Google's own APIs occurs solely to complete the verification you initiated.

Data retention and deletion

Because no Google user data is stored, there is nothing to retain and nothing for us to delete on request — the access token is revoked and all values are dropped at the end of each verification. You can additionally:

  • Run /creator clear in the Girls server to remove the YouTube creator role the bot previously granted you (this removes a Discord role; it involves no stored Google data).
  • Review or revoke Ghostwire's access to your Google account at any time at Google Account → Third-party access.

Limited Use

Ghostwire's use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. We do not use Google user data for serving advertisements, do not transfer it to others except as necessary to provide or improve the verification feature you requested or as required by law, do not allow humans to read the data unless we have your consent, it is necessary for security or to comply with applicable law, or the data has been aggregated and anonymised, and we use the data only for the YPP eligibility check described above.

Join the Girls server

Ghostwire runs only in the Girls Discord server. Hop in to chat with the community, see who's online, and grab an invite straight from the live widget.

Open invite →