Privacy Policy

Effective date: April 27, 2026 Operator: LdDrako ("COMMS", "we", "us") Contact: hello@lddrako.com

This Privacy Policy explains what information COMMS collects when you use the comms.lddrako.com service, how we use it, and what rights you have over it. We've tried to write it in plain language; defined terms are in bold.

1. The product, in one paragraph

COMMS is a software-as-a-service ("Service") that lets a Discord community administrator route audio in real time between Discord voice channels in different Discord servers ("guilds"), through a pool of bots that we operate. You authenticate to the dashboard at comms.lddrako.com with Discord OAuth, configure a routing matrix, and during a broadcast our service relays the audio from a source (your browser microphone today, an in-channel listener bot in a future feature) to the destination voice channels.

2. Information we collect

We collect only the information we need to operate the Service.

2.1 From Discord, when you sign in

When you sign in with Discord OAuth, we receive and store:

  • Your Discord user ID (a numeric identifier that is the same across the Discord platform).
  • Your Discord username, display name, and avatar URL, used for showing you in the dashboard UI.
  • Your email address as registered with Discord, used for billing receipts, important account notices, and password-style security alerts.
  • A list of the guilds you administer, used to determine which guilds you can configure as a tenant in the dashboard. We refresh this list on demand and cache it for at most five minutes; we do not retain a long-term record of which guilds you administer beyond what's necessary to operate the Service.
  • An OAuth access token and refresh token from Discord, encrypted at rest, used solely to make the API calls described above on your behalf.

We do not read, request, or store the content of any Discord messages, channels, threads, or direct messages.

2.2 From you, while using the Service

  • Configuration data: the matrices, channel routes, and bot assignments you create, plus the Discord guilds and voice channel IDs they reference.
  • Usage metadata: the start time, end time, and total duration of each broadcast you run, used for tier metering and for the audit log described below.
  • Dashboard audit log: for every state-changing action you take in the dashboard (create/edit/delete a matrix, start/stop a broadcast, change tier), we record who did it, what they did, and when. This is for your protection and ours.

2.3 From Stripe, for billing

If you upgrade to a paid tier, billing is handled by Stripe, Inc. Stripe is the data controller for your payment-card data; we never see or store your card number. We receive and store from Stripe:

  • A customer ID, subscription ID, and current subscription status (active, past-due, canceled, etc.).
  • The last four digits and brand of your payment method, for display in the dashboard's billing screen.
  • Webhook event records (subscription created, renewed, payment failed, etc.) for our own audit and reconciliation.

Stripe's privacy policy is at stripe.com/privacy.

2.4 Voice audio — what we do not keep

When you push-to-talk in the dashboard or, in a future feature, a listener bot captures voice from a Discord channel, the audio packets pass through our service in transit only. We do not record, store, transcribe, fingerprint, or analyze the audio. Audio leaves your browser (or the source bot's microphone), is forwarded to the destination bots, and is discarded from our memory in the same operation. The audio is also encrypted end-to-end between the bot and Discord using the Discord Audio End-to-End Encryption (DAVE) protocol — we do not hold the encryption keys long enough to decrypt past audio even if we wanted to.

2.5 Standard server-side logs

Our servers log standard request metadata for security and reliability: source IP, request method, path, response code, response time, user agent. These logs are retained for 30 days and are not used for advertising or profiling.

3. How we use information

We use the information described in §2 only to:

  • Operate, maintain, and improve the Service.
  • Authenticate you and determine which guilds you can configure.
  • Bill you and provide receipts (paid tiers only).
  • Keep an audit log so that you, and we, can see what happened to your matrices and broadcasts.
  • Detect and prevent abuse (e.g., signup farms, attempts to broadcast across guilds you don't administer).
  • Communicate with you about service status, security, billing, and material changes to these terms.

We do not sell your data. We do not share it with advertisers. We do not use it to train machine-learning models.

4. Sharing

We share information only with:

  • Discord, Inc. — necessarily, since the Service operates on top of Discord. Information you give to Discord (your account, your guild memberships, voice traffic that lands in their servers) is governed by Discord's own privacy policy at discord.com/privacy.
  • Stripe, Inc. — for billing, as described in §2.3.
  • Hetzner Online GmbH — our infrastructure provider, who hosts the dashboard and engine in their Ashburn, Virginia data center. They process data only as needed to operate the servers; they do not have application-level access to your account.
  • Law enforcement or other parties — only when required by valid legal process, when necessary to enforce these terms, or when necessary to prevent imminent harm.

We do not transfer data outside of providers we use to operate the Service.

5. Where data is stored

The dashboard, engine, and operational database run on infrastructure located in Ashburn, Virginia, United States. Backups are stored in the same region. If you are accessing the Service from outside the United States, your information will be transferred to and processed in the United States.

6. How long we keep it

| Category | Retention | |---|---| | Account profile | Until you delete the account or 24 months of inactivity, whichever is sooner | | OAuth tokens | Lifetime of the account; refreshed as needed | | Configuration (matrices, routes) | Lifetime of the account | | Audit log | 24 months after the action, then archived for 12 months, then deleted | | Billing records (Stripe customer ID, subscription history) | 7 years after last invoice, as required for tax and accounting | | Server access logs | 30 days | | Voice audio | Not retained — discarded in transit |

When you delete your account, we delete or de-identify your account profile, OAuth tokens, and configuration within 30 days, and the audit log entries that reference you within the retention window above.

7. Your rights

Regardless of where you live, you have the right to:

  • Access the information we hold about you.
  • Correct information that is inaccurate.
  • Delete your account and associated information (subject to the retention exceptions above for billing records).
  • Export a machine-readable copy of your account data.
  • Object to processing or restrict it in certain cases.

If you are in the European Economic Area, the United Kingdom, or Switzerland, you also have the right to lodge a complaint with your supervisory authority. If you are in California, you have rights under the CCPA/CPRA, including the right not to be discriminated against for exercising your rights.

To exercise any of these rights, email hello@lddrako.com from the address on file with us. We will respond within 30 days.

8. Children

The Service is intended for users 16 years of age or older. We do not knowingly collect information from anyone under 16. If you believe a child under 16 has created an account, contact us and we will delete it.

Note that Discord's own terms require users to be at least 13 (or older in some jurisdictions). The Service requires a Discord account, so Discord's age requirements apply in addition to ours.

9. Security

We use industry-standard practices to protect your information: TLS in transit, encryption at rest for sensitive fields (OAuth tokens, billing identifiers), access controls and audit logs on operator access, and isolation of customer data per tenant. No system is perfectly secure, but we work to keep this one as close as practical.

If we discover a data breach affecting your information, we will notify you and any required regulators within the timelines applicable to your jurisdiction.

10. Cookies

The dashboard uses a small number of cookies, all of them strictly necessary:

  • A session cookie set by Auth.js after you sign in, valid until you log out or 30 days, whichever is sooner. HttpOnly, Secure, SameSite=Lax.
  • A CSRF cookie to prevent cross-site request forgery. Same lifetime.

We do not use third-party analytics, advertising, or social cookies.

11. Changes to this policy

We will post any changes to this policy at this URL and update the Effective date above. For material changes, we will notify you by email at least 14 days before the change takes effect. If you continue to use the Service after a change takes effect, you accept the new policy. If you do not accept it, you may export your data and delete your account.

12. Contact

Questions, requests, or complaints: hello@lddrako.com.

This document was last updated on April 27, 2026.