Legal

Privacy Policy

Effective May 18, 2026

This Privacy Policy explains what information HypeHeat (the "Service") collects when you use our website, dashboard, or Discord bot, how that information is used, and the choices available to you.

1. Information We Collect

From Discord OAuth

When you sign in via Discord, we receive your Discord user ID, username, display name, avatar, and (where you grant the scope) email address and the list of servers you share with HypeHeat. If you grant the guilds.join scope during verification, we also receive an OAuth access token used to re-add you to a recovery server if the original server is compromised.

From the Discord Bot

When you add the HypeHeat bot to a Discord server, we may collect, for channels where the bot is present and granted access: message content and attachments related to checkouts, orders, success posts, channel and guild IDs, role information, and member identifiers. Server backup snapshots (where applicable) include a list of channels, roles, and members at the time of the snapshot.

From Email Integrations

Where you connect an email (IMAP) account, we store the encrypted credentials needed to access that account and the email messages relevant to order tracking. Email content is parsed to extract order numbers, products, statuses, tracking numbers, and related metadata.

From Your Dashboard Activity

We log usage events necessary to operate the Service, including authentication events, configuration changes, and administrative actions. We may also log technical data such as IP address, user agent, and timestamps.

Information You Provide

Profile data you enter (bio, banner image URL, Discord invite link, social handles) and any other content you submit through the dashboard.

2. How We Use Information

  • Operate, maintain, and improve the Service.
  • Authenticate you and authorize access based on Discord roles and verification status.
  • Match orders, deliver tracking updates, and provide dashboard analytics.
  • Display profile pages, success feeds, and other community-facing surfaces.
  • Notify you of events (e.g., shipment updates) via configured Discord webhooks or other channels.
  • Detect, prevent, and respond to abuse, fraud, or security incidents.
  • Comply with legal obligations.

3. How We Share Information

We do not sell personal information. We share information only as follows:

  • Service providers that host and operate HypeHeat — including Vercel (web hosting), Railway (database and worker hosting), Vercel Blob (image storage), and Discord (authentication and bot infrastructure). These providers process data on our behalf under their own terms.
  • Tracking providers (where integrated) to retrieve shipment status for tracking numbers you submit.
  • Legal requirements: We may disclose information if required by law, subpoena, or to protect the rights, property, or safety of HypeHeat, our users, or others.
  • Public profile content: Profile fields you publish are accessible at your public profile URL by anyone with the link. Success-feed images and captions you have posted in designated Discord channels may be displayed publicly on the community page.

4. Data Retention

We retain personal data for as long as needed to provide the Service and for legitimate operational, legal, or security purposes. Specific retention behaviors include:

  • Server backups rotate automatically; only the most recent snapshots per guild are retained.
  • Success-feed posts follow a rolling window — older posts are pruned automatically.
  • Account data persists until you request deletion or stop using the Service.
  • OAuth tokens are refreshed periodically and stored only as long as necessary for the recovery use case.

5. Security

We use industry-standard practices to protect data, including encrypted database connections, encrypted IMAP credentials, HTTPS-only transport, and signed authentication tokens. No system is perfectly secure; we cannot guarantee absolute security.

6. Your Choices & Rights

  • Profile content: Edit or remove your profile data at any time via the dashboard.
  • Disconnect integrations: Remove email account connections in the Email Hub.
  • Remove the bot: You can remove the HypeHeat bot from any server you administer at any time.
  • Account deletion: You may request deletion of your account and associated personal data. Some data may be retained where required by law or for legitimate operational reasons.
  • Access & correction: Where applicable, you may request a copy of the personal data we hold about you or ask us to correct inaccuracies.

To exercise these rights, contact us via the official HypeHeat Discord server or the support channels listed on the website.

7. Cookies & Local Storage

The dashboard uses an authentication cookie (HTTP-only) to maintain your signed-in session. We may use browser local storage to remember UI preferences. No third-party advertising or tracking cookies are used.

8. Children

HypeHeat is not directed to children under 13 (or the minimum age required by Discord in your country). We do not knowingly collect personal information from such children.

9. International Users

HypeHeat is operated from the United States. By using the Service from other regions, you consent to processing of your information in the United States and the countries where our service providers operate.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Effective" date above. Continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact

Questions about this Privacy Policy can be directed via the official HypeHeat Discord server or the support channels listed on the website.

Terms of ServicePrivacy PolicyCommunityHome