Data we collect

How ControlDeck stores and uses information across the dashboard and Discord bot.

Transparency

Identity & sessions

  • Sign-in
    Discord account basics
    When you log in with Discord (scopes: identify, guilds, guilds.members.read) we store your Discord ID, username, and avatar hash in your session. Actions you take record your ID and name for accountability.
  • Guilds
    Server snapshot & permissions
    We fetch your guild list (ID, name, icon, owner flag, permissions, whether the bot is installed) and keep it in your session. The database stores guild ID/name/icon/owner ID/bot presence so the panel stays in sync, and your role IDs for a guild are cached in your session for up to five minutes to check access.
  • Tokens
    Session-only OAuth data
    Discord access and refresh tokens stay in your session to read guild membership; they are not written to the database. Your selected guild ID and recent member role lookups also live in the session.
  • Preferences
    Cookies & local storage
    We set the session cookie "appy_session" to keep you signed in and store your theme preference in the controldeck_theme cookie plus controldeck-theme localStorage key. No advertising or tracking cookies are added.

Server configuration & forms

  • Guild data
    Metadata for your servers
    For each guild we store its ID, name, icon, whether the bot is present, and (when applicable) the owner’s Discord ID, plus timestamps to keep the panel aligned with Discord.
  • Settings
    Bot & reviewer configuration
    Per guild we keep channel IDs for logging, apply, and application deliveries, the stored apply message ID, and admin/reviewer role IDs. Bot tasks (such as posting an apply message) are queued with the guild ID and related payload.
  • Forms
    Form definitions
    We store form names, descriptions, active state, reviewer requirements, question text with options/order/required flags, DM templates for welcome/accept/reject messages, cooldown and inactivity settings, decision role mappings, and who created the form.
  • Selections
    Remembering choices
    When a user picks a specific form from the apply dropdown, we store their Discord ID, guild ID, and chosen form in the selection table so the bot can reuse it.

Applications & moderation

  • Applicants
    Application lifecycle
    When someone applies we record their Discord ID and username, the form/guild IDs, status, start and completion times, and total duration. Session records track which question they are on, and each answer stores the question ID, the text they sent or option they chose, timestamps for asked/answered, and response time in seconds.
  • Reviews
    Staff actions
    Reviewer votes, tags, and private notes include the reviewer’s Discord ID and name, the decision or note text, and timestamps. Tag definitions are stored per guild and mapped to each application.
  • Restrictions
    Bans & cooldowns
    Restriction entries track Discord user IDs, ban flags, reasons, optional expiry times, cooldown seconds, and which staff member set them. Application events record accepted/rejected outcomes, and queued bot tasks keep payloads (such as channel IDs) to deliver messages.
  • Notifications
    What we send out
    If enabled, we post application summaries and logs to your chosen Discord channels (IDs stored in settings) and DM applicants using the templates you configure. Those messages include IDs, names, decisions, and durations relevant to the application.

Logging, limits, and retention

  • Audit
    Action trail
    Audit entries capture the actor’s Discord ID and name, guild ID, action name, target type/ID, optional metadata JSON, and timestamp. The IP address column exists but is not populated by this app.
  • Rate limits
    Abuse protection
    Web POST limits store SHA-256 hashes of keys derived from your IP (and, for some actions like voting, your user ID); raw IPs are not saved in the database. The Discord bot uses in-memory per-user limits for interactions and DMs.
  • Errors
    Operational logging
    Application errors are written to storage/logs/app.log with timestamps and stack traces that may reference IDs or form names involved in the failure. Host-level access logs (outside this app) may record request IPs.
  • Retention
    Control of your data
    Data stays until you remove it in the dashboard. Deleting forms, questions, applications, or restrictions deletes their related records via database cascading. Logging out clears OAuth tokens and session data; clearing browser storage removes the theme preference.

Quick facts

  • Session cookie: appy_session
  • Theme keys: controldeck_theme (cookie) and controldeck-theme (localStorage).
  • OAuth scopes: identify, guilds, guilds.members.read.
  • Bot intents: Guilds, DirectMessages, and MessageContent to deliver and read application DMs.
  • Data control: Delete items in the panel (or remove the bot) to stop collection for a guild.