Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions SUMMARY.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,12 +28,13 @@
* [Configuration](usage-guide/configuration.md)
* [Permissions](usage-guide/permissions.md)
* [Thread Menu](usage-guide/threadmenu.md)
* [Frequently Asked Questions](frequently-asked-questions.md)
* [Frequently Asked Questions](faq/README.md)
* [Intents Review Process](faq/intents-review.md)
* [Instance Privacy Policy](faq/privacy-policy.md)
* [Instance Terms of Service](faq/terms-of-service.md)
* [Config References]()
* [Configuration Variables](config-references/config-vars.md)
* [Color Names](config-references/color-names.md)
* [Archived Documentation](old-docs/README.md)
* [Configure Modmail and Logviewer](old-docs/configure-modmail-and-logviewer.md)
* [Frequently Asked Questions](old-docs/frequently-asked-questions-old.md)
* [Frequently Asked Questions](old-docs/frequently-asked-questions-old.md)
File renamed without changes.
31 changes: 29 additions & 2 deletions faq/intents-review.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ Modmail requires the **Message Content Intent** to read user messages and create

> *Q: What does your application do? Please be as detailed as possible...*

{% code title="Application Description" overflow="wrap" %}
{% code title="Question 1" overflow="wrap" %}

```
Modmail is a shared inbox bot for server moderation. When a user sends a Direct Message to the bot, it automatically creates a dedicated text channel (a "thread") within a designated staff category in our Discord server. Server staff can read the user's messages in this channel and reply using bot commands. The bot then relays these staff replies back to the user via Direct Message. This allows for organized, private, and collaborative support between users and the moderation team.
Expand All @@ -48,14 +48,41 @@ It is imperative that before adopting any privacy policy you review it personall
{% endhint %}

> *Q: Do you have a public Privacy Policy telling your users about their data usage?*
{% code title="Application Description" overflow="wrap" %}
{% code title="Question 2" overflow="wrap" %}

```
Select: Yes
```

{% endcode %}

{% hint style="info" %}
You'll need to add a link to your bots Privacy Policy to its Bio field via the [Discord Developer Portal](https://discord.com/developers/applications). *The **Description** field on the **General Information** is the text displayed in your bots Bio field.*
{% endhint %}

> *Q: Where is your Privacy Policy available?*
{% code title="Question 3" overflow="wrap" %}

```
The bot has a link to the Privacy Policy in its Bio. As the interaction with the bot occurs via DMs, it is likely that users will see the bot's profile with the Privacy Policy link.
```

{% endcode %}

{% hint style="warning" %}
Only use the Privacy Policy link below if you have chosen to file our published generic privacy policy for bots. If you choose to implement your own, or use the template we provide at the bottom of that page, then you must link that policy instead.
{% endhint %}


> *Q: Please share a link to your Privacy Policy.*
{% code title="Question 4" overflow="wrap" %}

```
https://docs.modmail.dev/frequently-asked-questions/privacy-policy
```

{% endcode %}

### Server Members Intent

> *Q: Why do you need the Server Members intent?*
Expand Down
47 changes: 25 additions & 22 deletions faq/privacy-policy.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ description: Sample Bot Privacy Policy that can be used by instances at their di
This Privacy Policy only applies to Modmail Instances hosted by administrators who choose to use it. If a bot administrator has provided you this privacy policy, they have agreed to use it for their specific instance. If you have any questions regarding the validity of this privacy policy for any specific Modmail instance, please contact the relevant staff team.
{% endhint %}

Last Updated: June 17th, 2026
Last Updated: July 7th, 2026

This Privacy Policy explains how Modmail (referred to as "the Bot", "we", or "us") collects, uses, stores, and protects your data. The Bot is an instance of the open-source [modmail-dev/modmail](https://github.com/modmail-dev/modmail) project and is hosted independently by the administrators of the Discord server.

Expand All @@ -23,14 +23,12 @@ When you send a direct message to the Bot to initiate a support thread or intera
3. **Server Data:** Relevant Guild (Server) IDs and Channel IDs required to route your messages to the correct moderation team.
4. **Action Logs:** Metadata related to the thread, such as when it was opened, closed, or transferred by moderators.


## 2. How We Store Your Data

The [modmail-dev/modmail](https://github.com/modmail-dev/modmail) application does not store data on Discord's infrastructure once a thread is archived ("closed"). Instead, all collected data (including message logs and user identifiers) is exported and stored off-platform in a MongoDB database.

This database is managed independently by the individual or team hosting the Bot instance. We implement reasonable security measures to protect your data from unauthorized access.


## 3. How We Use Your Data

The data we collect is strictly used to provide and maintain the functionality of the Bot. Specifically, we use it for:
Expand Down Expand Up @@ -73,22 +71,24 @@ If you have any questions, concerns, or data deletion requests regarding this Pr
[^1]: In almost all cases, this is a member of the authorized server staff.

{% updates format="full" %}
{% update date="2026-07-07" tags="beta" %}
Fix typo in last update date.
{% endupdate %}
{% update date="2026-07-05" tags="beta" %}
Initial Publication of the Privacy Policy. *A permanent GitHub commit link will be added here when changes are made to track changes overtime.*
Initial Publication of the Privacy Policy. [Permalink](https://github.com/modmail-dev/modmail-docs/blob/7afe2153184617ac5802cdef9496732235b3cae1/faq/privacy-policy.md)
{% endupdate %}
{% endupdates %}

{% hint style="info" %}
**Server Owners**

If you do not want this one size fits all option, you can use the template below as a starting point.
**Server Owners** — If you do not want this one size fits all option, you can use the template below as a starting point.
{% endhint %}
<details>

<summary>Basic Template</summary>

This Privacy Policy explains how `[Insert Bot Name]` (referred to as "the Bot", "we", or "us") collects, uses, stores, and protects your data. This Bot is an instance of the open-source [modmail-dev/modmail](https://github.com/modmail-dev/modmail) project and is hosted independently by the administrators of `[Insert Discord Server Name]`.

By interacting with the Bot, you consent to the data practices described in this policy. This policy is designed to comply with the [Discord Developer Terms of Service](https://support-dev.discord.com/hc/en-us/articles/8562894815383-Discord-Developer-Terms-of-Service) and [Developer Policy](https://support-dev.discord.com/hc/en-us/articles/8563934450327-Discord-Developer-Policy).

1. Data We Collect

When you send a direct message to the Bot to initiate a support thread or interact with an active thread, we collect and store the following information:
Expand All @@ -103,6 +103,7 @@ When you send a direct message to the Bot to initiate a support thread or intera
The [modmail-dev/modmail](https://github.com/modmail-dev/modmail) application does not store data on Discord's infrastructure once a thread is archived. Instead, all collected data (including message logs and user identifiers) is exported and stored off-platform in a MongoDB database.

This database is managed independently by the individual or team hosting this Bot instance. We implement reasonable security measures within the database environment to protect your logs from unauthorized access.

3. How We Use Your Data

The data we collect is strictly used to provide and maintain the functionality of the Bot. Specifically, we use it for:
Expand Down Expand Up @@ -133,37 +134,39 @@ Under the Discord Developer Policies, you have the right to request the deletion
2. Contacting the server administrators or the contact person(s) listed below.

Upon receiving a verifiable request, we will manually purge your identifying information and message content from our database within [Insert Number, e.g., 30] days.

7. Contact Information

If you have any questions, concerns, or data deletion requests regarding this Privacy Policy or the Bot's operation, please contact us at:

1. Discord User(s): `[Insert Discord Username(s) of the Bot Owner/Administrator(s)]`
2. Email: `[Insert Contact Email, if applicable]`
3. Server: `[Insert Invite Link or instructions on how to reach staff]`

</details>
{% endhint %}

{% hint style="info" %}
{% hint style="warning" %}
**Server Owners**

Please note that by using the Privacy Policy on our Docs site without modification, you are making legally binding promises to your users and to Discord. These promises include, but are not limited to:
1. Strict Data Sharing Limitations

> You are agreeing that you will not share user data with any third parties unless required by law. This means you cannot share Modmail logs with other Discord servers, community ban lists, global moderation databases, or any external entities. If you do so: you are violating this privacy policy, which could carry civil penalties in some jurisdictions.
2. Infrastructure and Hosting Trust
**1. Strict Data Sharing Limitations**

You are agreeing that you will not share user data with any third parties unless required by law. This means you cannot share Modmail logs with other Discord servers, community ban lists, global moderation databases, or any external entities. If you do so: you are violating this privacy policy, which could carry civil penalties in some jurisdictions.

> The policy states that only server staff and the database administrator have access to the logs. You must ensure that your hosting provider and your database host are secure and trustworthy. If your hosting provider has weak security and your database leaks, the responsibility falls entirely on you.
(This is primarily a concern for individuals using hosting providers that are not established, see our comments on [unrecommended hosts](../choose-host/unrecommended-hosts.md).)
**2. Infrastructure and Hosting Trust**

3. Binding Deletion Timelines
The policy states that only server staff and the database administrator have access to the logs. You must ensure that your hosting provider and your database host are secure and trustworthy. If your hosting provider has weak security and your database leaks, the responsibility falls entirely on you. *(This is primarily a concern for individuals using hosting providers that are not established, see our comments on [unrecommended hosts](../choose-host/unrecommended-hosts.md).)*

> If you state that you will delete data upon request within 14 days, you must have a reliable, manual process to find and purge a user's data from your MongoDB cluster within that exact timeframe. Failure to honor data deletion requests is a direct violation of the Discord Developer Terms of Service and can result in action taken against your account. If you fail to honor this you also: are violating this privacy policy, which could carry civil penalties in some jurisdictions.
**3. Binding Deletion Timelines**

4. Managing Staff Access
If you state that you will delete data upon request within 14 days, you must have a reliable, manual process to find and purge a user's data from your MongoDB cluster within that exact timeframe. Failure to honor data deletion requests is a direct violation of the Discord Developer Terms of Service and can result in action taken against your account. If you fail to honor this you also: are violating this privacy policy, which could carry civil penalties in some jurisdictions.

> Because your policy guarantees that only authorized staff have access to user data, you must rigorously manage permissions. When a moderator steps down or is removed from your team, you must immediately revoke their access to the Modmail bot commands, the database, and the log viewer. If you fail to do so: you are violating this privacy policy, which could carry civil penalties in some jurisdictions.
**4. Managing Staff Access**

5. Regional Privacy Laws
Because your policy guarantees that only authorized staff have access to user data, you must rigorously manage permissions. When a moderator steps down or is removed from your team, you must immediately revoke their access to the Modmail bot commands, the database, and the log viewer. If you fail to do so: you are violating this privacy policy, which could carry civil penalties in some jurisdictions.

> Depending on where you and your users reside, you may be subject to strict data protection laws like the GDPR in Europe or the CCPA in California. These laws impose significant obligations regarding data handling, consent, and user rights, even for hobbyist or volunteer run Discord servers.
{% endhint %}
**5. Regional Privacy Laws**

Depending on where you and your users reside, you may be subject to strict data protection laws like the GDPR in Europe or the CCPA in California. These laws impose significant obligations regarding data handling, consent, and user rights, even for hobbyist or volunteer-run Discord servers.
{% endhint %}
Loading