Last updated: June 2026 · Effective immediately upon account creation or bot installation
ZeroDay is operated (zeroday-bot.netlify.app). When this policy refers to "ZeroDay", "we", "us", or "our", it means ZeroDay and the ZeroDay platform including the Discord bot and website at zeroday-bot.netlify.app.
For privacy-related questions, contact us via our support server: discord.gg/Ke6exB4368
| Data | Source | Purpose | Required? |
|---|---|---|---|
| Discord User ID | Discord OAuth | Account identification, Account ID generation | Yes |
| Discord Username & Avatar | Discord OAuth | Profile display, public profile | Yes |
| Display Name, Username, Bio | You (profile settings) | Public profile customization | No |
| Recovery Email | You (account settings) | Account recovery, optional notifications | No |
| GitHub / Website links | You (profile settings) | Public profile display | No |
| Discord Server IDs | You (server settings) | Server linking & integrations | No |
| Certification submission data | You (cert form) | Certification verification | Only if submitting |
| Review content & rating | You (review form) | Community reviews | Only if submitting |
| Login timestamps & events | Automatic on login | Security monitoring, account safety | Yes |
| Plan & payment status | Payment processor | Access control for premium features | If purchasing premium |
We do not collect: passwords, Discord message content, IP addresses beyond login security checks, or browsing history.
When you sign in with Discord, Discord sends us your user ID, username, avatar hash, and email (if your Discord account has one and you grant permission). We use the identify scope — we do not read your messages, servers, or friends list.
When you fill in your profile, submit a certification, write a review, or link a server — you provide that data directly. You control what you share.
We record login events (timestamp, success/failure) for account security purposes. We do not use tracking pixels, fingerprinting, or analytics beyond what is necessary for the Service to function.
When the ZeroDay bot is added to a Discord server, it may process message content only to execute commands directed at it. It does not store message content, read private messages, or log conversations.
We do not use your data for advertising, profiling, or any purpose not listed above.
Your data is stored in Supabase, a cloud database provider with encryption at rest and in transit. Our website and serverless functions are hosted on Netlify with HTTPS enforced on all connections.
We implement the following security measures:
No method of transmission or storage is 100% secure. While we take commercially reasonable precautions, we cannot guarantee absolute security of your data.
We do not sell your data. We do not share your personal data with advertisers, data brokers, or any third parties for commercial purposes.
We may share data in the following limited circumstances:
Your public profile data (display name, avatar, bio, links) is visible to anyone who visits your profile URL if you have public profiles enabled in your privacy settings.
We retain your data for as long as your account is active or as needed to provide the Service.
When you delete your account, we will delete your personal profile data within 30 days. Some anonymized or aggregated data may be retained longer for Service improvement purposes.
ZeroDay does not use tracking cookies or advertising cookies.
We use browser local storage to store your authentication token and cached profile data on your device. This is necessary for the Service to function — it keeps you signed in between visits. This data stays on your device and is never sent to third parties.
Clearing your browser's local storage will sign you out of ZeroDay. You can do this at any time from your browser settings.
Our hosting provider (Netlify) may set technical cookies necessary for CDN and security functions. These are not used for tracking.
Depending on where you are located, you may have the following rights regarding your personal data:
To exercise any of these rights, contact us via our support server. We will respond within 30 days. We may need to verify your identity before fulfilling requests.
If you are in the European Economic Area (EEA) or UK, you also have the right to lodge a complaint with your local data protection authority.
ZeroDay is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected data from a child under 13, please contact us immediately and we will delete it.
Users between 13 and 18 should have parental consent before using ZeroDay, consistent with Discord's own Terms of Service.
ZeroDay integrates with the following third-party services. Their privacy practices are governed by their own policies:
CVE and threat intelligence data is sourced from the NVD public API. No personal data is sent to NVD.
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and announce it in our Discord support server. Continued use of ZeroDay after changes take effect constitutes acceptance of the revised policy.
For privacy questions, data requests, or concerns, contact us via our support server:
We aim to respond to all privacy inquiries within 30 days.