Privacy Policy
Last Updated: April 5, 2026
Your Privacy MattersThis Privacy Policy explains how CertiFried MultiTool collects, uses, stores, and protects your information when you use our Discord bot and dashboard.
1. Introduction
At CertiFried MultiTool, we are committed to protecting your privacy. We only collect the minimum data necessary to provide our services and never sell your information to third parties.
2. Information We Collect
Automatically Collected Data
| Data Type | Purpose | Retention |
|---|---|---|
| Discord User ID | Identify users for features | Until deletion request |
| Discord Server ID | Store server configurations | Until bot removal |
| Username | Display in commands/leaderboards | Cached temporarily |
| Channel & Role IDs | Configure features | Until changed |
User-Provided Data
- Streamer tracking preferences and platform usernames (Twitch, YouTube, Kick, TikTok, etc.)
- Custom command and custom embed configurations
- Economy, leveling, gambling, and trading data
- Form responses, ticket messages, and support interactions
- Moderation logs, warnings, and infraction history
- Birthday dates and birthday card signatures, messages, likes, and replies
- Reaction role selections
- Welcome card and appearance customizations (uploaded images)
- Suggestion, poll, and giveaway participation
- Custom bot tokens (encrypted with AES-256-GCM at rest)
Group Greeting Cards Data
- Card data: Card title, occasion type, recipient name, creator name, background images (including AI-generated), music URLs, wishlist links, logos, passwords (hashed with SHA-256), scheduled delivery dates
- Signature data: Signer name, Discord/Twitch user ID (if logged in), avatar URL, message text, custom font settings (color, family, size), GIF/image URLs, YouTube video URLs
- Voice recordings: Audio files (WebM format, max 30 seconds) recorded via browser MediaRecorder API, stored as files on our server
- Gift card codes: Encrypted with AES-256-GCM before storage. The plaintext code exists only briefly in server memory during encryption/decryption. Codes are never logged, never rendered in HTML, and never accessible to administrators
- Guest signer data: Name and optional email address provided by the guest. No account is created. Guest entries are identified by a random ID (not trackable across cards)
- AI image prompts: Text prompts used to generate card covers are stored alongside the card for reference. Prompts are sent to Google Gemini API for image generation
- Likes, replies, and view counts: Signature likes, threaded replies, and page view counts
Dashboard Data
- Discord OAuth session data (user ID, username, guild list) for dashboard authentication
- Session IP address and user agent (for security monitoring)
- Uploaded files (avatars, welcome banners, PDF imports, voice recordings, AI-generated images) stored on the server
3. How We Use Your Information
- Deliver bot features and process commands
- Send stream notifications and announcements
- Manage economy, leveling, and game systems
- Provide moderation and security tools
- Analyze usage patterns to improve features
- Prevent abuse and enforce Terms of Service
Administrator Access Disclosure
In the interest of full transparency, the following authorized administrators have dashboard access to view guild settings and bot configurations for any server with the bot installed:
- xXDeath420Xx (Discord ID: 365905620060340224) — Lead Developer & Bot Owner
- Orsokuma (Bear) (Discord ID: 685127470625980501) — Co-Administrator & Support Lead
This access is used exclusively for bot support purposes — diagnosing issues, verifying configurations, and assisting server administrators. We will never access, manage, or modify your server settings without your explicit consent and knowledge.
Administrator access does not include reading private messages, accessing restricted channels, or viewing any user's Discord authentication credentials.
4. Information Sharing
We integrate with third-party APIs (Twitch, YouTube, Kick, Discord) to provide features. These services have their own privacy policies. We may disclose information if required by law.
5. Data Security
- Transport Encryption: All data in transit uses TLS/SSL
- At-Rest Encryption: Sensitive data (custom bot tokens, gift card codes) is encrypted with AES-256-GCM using a server-side encryption key
- Password Hashing: Card passwords and user authentication tokens are hashed with SHA-256 (one-way, non-reversible)
- Database Security: Password-protected with restricted access, private network only
- Gift Code Isolation: Encrypted gift card codes are never rendered in page HTML, never logged, and only decryptable via an authenticated API request by the card recipient
- Rate Limiting: Protection against abuse on all API endpoints
- Regular Updates: Security patches applied promptly
6. Data Retention
| Data Category | Retention Period |
|---|---|
| Server configurations | Until bot removal |
| User economy/leveling data | Until deletion request |
| Moderation logs & infractions | 90 days (configurable) |
| Command statistics | 30 days (anonymized) |
| Message activity logs | 90 days |
| Stream announcements | Deleted when stream ends (configurable) |
| Birthday cards & signatures | Indefinite (deletable by card creator or admin) |
| Standalone greeting cards | Indefinite (deletable by card creator) |
| Voice recordings | Deleted with the associated signature or card |
| Encrypted gift card codes | Deleted with the associated signature or card |
| AI-generated images & prompts | Deleted with the associated card |
| Guest signer names & emails | Deleted with the associated signature or card |
| Uploaded files (avatars, banners, images) | Until replaced or deleted |
| Custom bot tokens | Encrypted at rest; deleted on bot removal |
| Dashboard sessions | 7 days (auto-expire) |
| Error logs | 3 days |
7. Your Rights
- Access: Request a copy of your data
- Correction: Update inaccurate information
- Deletion: Request removal of your data
- Opt-out: Disable specific features to reduce data collection
To exercise these rights, contact us through our Discord Support Server.
8. Children's Privacy
CertiFried MultiTool is not intended for users under age 13. Discord requires users to be at least 13 years old. If we become aware that we have collected data from a child under 13, we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of significant changes through the dashboard or Discord. Your continued use after changes constitutes acceptance.
Contact Us About Privacy
If you have questions or wish to exercise your data rights, please contact us: