Skip to content

Security and Data Policy

Last updated June 9, 2026

NestBot is a Discord bot that you add to a Discord server. This page explains, plainly, what NestBot collects from a server you connect, how it is stored, how long it is kept, and how you can delete it. It is written to be accurate, not flattering. If anything here is unclear, email nestbot [at] mhd64.dev.

What this is

NestBot is a Discord bot in a pre-launch beta. During the beta it runs in analysis mode: it observes servers you connect and stores data to train and improve the product before launch. It does not moderate. It does not ban, kick, time out, delete messages, or send messages. A later beta phase will turn moderation on; this analysis-mode phase does not moderate.

What we collect

From a connected server, the bot records:

  • Message content, including edits (we keep prior versions) and the fact that a message was deleted.
  • Message metadata: channel, timestamps, reply relationships, and whether a message had attachments.
  • Attachment metadata and the Discord CDN URL. We do not download or re-host the files themselves.
  • Server events: joins, leaves, nickname changes, role changes, bans, unbans, kicks, timeouts, and reactions.
  • When the bot first joins, it backfills past message history from channels it can read.

We do not collect direct messages, voice, or anything from servers you have not connected.

How members are identified

We do not store usernames, display names, or avatars. Before anything is saved, each Discord user is converted to a pseudonym using a one-way HMAC of their Discord ID with a secret salt. The same person maps to the same pseudonym within a server, and to a different pseudonym in a different server, so behavior can be analyzed without identifying who someone is.

Honest limits of this: the pseudonym is derived from the Discord ID, so it is consistent, not anonymous in the strict sense. Anyone who holds both the database and the secret salt could re-derive the original IDs. We keep the salt out of the database for that reason. Also, message content can still contain names people typed themselves (for example "thanks Sarah"); we rewrite Discord @mentions to pseudonyms, but we cannot catch names written as plain text. The same applies to attachment filenames and to reasons moderators type into Discord's audit log: we store those as written, and they can contain names.

How it is stored and protected

  • Data is stored in a Postgres database hosted by Supabase, with row-level security enabled.
  • The bot and dashboard reach it over encrypted connections.
  • The pseudonym salt and database keys are stored as environment secrets, not in the database or the code.
  • We keep the data we collect; we do not sell it.

We are a small team in a beta. We do not claim formal certifications (such as SOC 2 or ISO 27001), and we are not going to pretend otherwise. We rely on the security of our infrastructure providers (Supabase, Vercel, Railway) and the practices above.

Deleting your data

While the beta is running, you are in control:

  • Disconnecting a server makes the bot leave it and permanently erases everything collected from that server.
  • Deleting your account disconnects every server you connected and permanently erases all data collected from them.
  • Erasing runs in the background and can take up to 24 hours. We email you when it is started and again when it is fully complete.

Important: what happens when the analysis period ends

Read this carefully, it is the part most policies would hide. When the beta analysis period ends and we move out of analysis mode, the data collected up to that point is retained as our training dataset and can no longer be deleted on request. After that cutoff, the self-serve delete and disconnect controls no longer erase already-collected data.

The only exception is data you deleted before the cutoff: anything you erased by disconnecting a server or deleting your account while the beta was still running is gone and is not part of the retained dataset. In other words, if you do not want your data kept, delete it before the analysis period ends.

The retained dataset stays pseudonymized as described above. We will give notice before the cutoff so you have a chance to delete first.

Who can see it

Collected data is accessible to the NestBot team for building and improving the product, and to our infrastructure providers to the extent needed to host it. We do not sell it or share it for advertising.

Children

Discord requires users to be at least 13 (older in some countries). Some members of connected servers may be minors, which is exactly why we pseudonymize and never store names. If you believe data about a child should be removed, email nestbot [at] mhd64.dev and, during the beta, we will delete it.

Security testing and abuse

Do not attempt to hack, overload, gain unauthorized access to, reverse engineer, or probe NestBot or its infrastructure, and do not try to fake or manipulate the data we collect (for example inflating a server's member count to claim a higher reward). We take this seriously, both legally and at the account level: such attempts can lead to a permanent ban, forfeiture of any reward, and, in serious cases, legal action. Full terms are in the Terms of Service. If you are a security researcher acting in good faith, contact nestbot [at] mhd64.dev first and we will work with you.

Changes

If we change what we collect or how we handle it, we will update this page and change the date above. If the change is material, we will also email registered users at the address on their account. We can only email people who signed in and gave us an email, not every member of a connected server. For anything here, contact nestbot [at] mhd64.dev.