Legal
Privacy Policy
Last updated: April 3, 2026
Your privacy matters to us. This policy explains what data Zenian collects, how we use it, and your rights regarding your information.
1. Information We Collect
When you use Zenian, we may collect the following types of information:
Discord Information
- User Data: Your Discord user ID, username, display name, and avatar (collected when you interact with the bot or log into the dashboard)
- Server Membership: The servers you share with Zenian, your roles, and permissions within those servers
- Message Metadata: Message IDs and timestamps for logging features (message content is only logged if the server administrator enables content logging)
- Voice Activity: Join/leave timestamps for voice channels when voice logging is enabled by a server administrator
Roblox Information
- Account Data: When you verify, we collect your Roblox user ID, username, and display name through Roblox's official OAuth2 system
- Group Memberships: Your Roblox group memberships and ranks (fetched from Roblox API for role binding features)
- We never receive or store your Roblox password directly
Sensitive Credentials & Secrets
Certain features require server administrators to provide sensitive credentials. When provided, we store the following securely:
- Roblox Security Cookie (.ROBLOSECURITY): If provided by a server administrator, this cookie is stored to enable automated Roblox actions (ranking, group management, etc.) on behalf of a configured Roblox account. Please be aware that a Roblox cookie functions as a session credential and grants access to the associated Roblox account. It is treated with the same level of sensitivity as a password
- ER:LC API Keys: Stored to enable ER:LC server management features (commands, join logs, etc.)
- Other API Tokens & IDs: Server-specific configuration values such as Roblox group IDs, gamepass IDs, and other identifiers required for bot functionality
How we handle your secrets: All stored credentials are used solely to provide the features you have configured. They are never shared with third parties, never viewed by staff for non-support purposes, and are never used for any purpose other than operating the bot's intended functionality. Only the server administrator who entered the credential can update or remove it via the dashboard. We strongly recommend using dedicated bot accounts for any Roblox cookies rather than your personal account.
Server Configuration
- Settings configured by server administrators for bot functionality (channel IDs, role IDs, feature toggles, custom messages, etc.)
- Moderation records: infractions, bans, kicks, warnings, and associated evidence/notes
- Ticket transcripts and ticket system configurations
- Staff management data: promotions, LOA records, activity logs
Dashboard Usage
- Authentication: OAuth2 tokens for Discord login (stored in encrypted sessions)
- Session Data: Browser session identifiers for maintaining login state
- Audit Logs: Records of configuration changes made through the dashboard (who changed what, when)
Payment Information
- We do not directly collect or store credit card numbers, bank account details, or other financial information
- All payment processing is handled entirely by Patreon. When you subscribe, Patreon may share your name, email address, and linked Discord account information with us via webhook to facilitate license key delivery
- We store license key records, associated server IDs, purchase dates, and subscription status
- Your Patreon email may be stored in purchase logs for key retrieval and support purposes
2. How We Use Your Information
We use collected information for the following purposes:
- Service Operation: Link your Discord account to your Roblox account, assign roles, execute commands, and provide configured features
- Moderation: Provide moderation tools, maintain infraction records, enforce global bans, and support server administrators
- Dashboard Access: Authenticate your identity, display your servers, and allow configuration management
- Ticket System: Create, manage, and archive support tickets including transcripts
- Staff Management: Track infractions, promotions, activity, and leave of absence records
- Logging: Record server events (joins, leaves, message edits/deletes, role changes, etc.) when enabled by server administrators
- Network Features: Share moderation actions across linked servers within a network
- Service Improvement: Analyze usage patterns (in aggregate) to improve features and performance
- Security: Detect and prevent abuse, fraud, and unauthorized access
3. Data Storage & Security
- Your data is stored securely on our servers using JSON-based file storage
- Sensitive credentials (Roblox cookies, API keys, tokens) are stored in server-specific configuration files with restricted access — they are only read by automated bot processes to perform their intended function
- Access to stored data is restricted to authorized Zenian staff and automated systems
- Dashboard sessions are encrypted and expire after a period of inactivity
- We implement reasonable security measures to protect against unauthorized access, alteration, disclosure, or destruction of data
- Despite our efforts, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security
4. Data Retention
- Verification Data: Retained as long as you remain verified. Removed upon using
/unverify or upon request
- Server Configuration: Retained while the bot is in the server. May be retained for a reasonable period after bot removal to allow re-addition
- Moderation Records: Retained indefinitely for accountability purposes unless deletion is requested by the server owner
- Ticket Transcripts: Retained as configured by the server administrator
- Global Ban Records: Retained indefinitely or until the ban is lifted via successful appeal
- Audit Logs: Dashboard audit logs are retained for up to 90 days
- Payment Records: Retained for accounting and legal compliance purposes
- Sensitive Credentials: Roblox cookies, API keys, and other secrets are retained as long as the bot is in the server and the feature is configured. They are deleted when the server administrator removes them via the dashboard, or upon request. If the bot is removed from a server, credentials may be retained for a reasonable period to allow re-addition
5. Data Sharing
We do not sell, rent, or trade your personal information to third parties. We only share data in the following circumstances:
- With Discord Servers: Your verification status and linked Roblox account information is shared with servers you are a member of that use Zenian
- Within Networks: If a server is part of a network, moderation actions and blacklist data may be shared across all network servers
- Patreon: When you purchase a subscription through Patreon, your payment is processed by Patreon. Patreon shares your name, email, and linked Discord account with us via webhook for license key delivery. We do not share your data back with Patreon beyond what is necessary for the subscription
- Legal Requirements: We may disclose your information if required by law, legal process, or government request
- Safety: We may share information when we believe in good faith that disclosure is necessary to prevent harm, protect our rights, or ensure the safety of users
6. Roblox OAuth2
When you verify your Roblox account through Zenian:
- You are redirected to Roblox's official OAuth2 authorization page
- You explicitly consent to sharing your information before any data is transmitted
- We only receive the information you authorize: user ID, username, and display name
- We never see, access, or store your Roblox password
- OAuth2 tokens are used only for the initial verification and are not stored long-term
- You can revoke Zenian's access to your Roblox account through Roblox's security settings
Note on Roblox Cookies: The Roblox OAuth2 verification process above is separate from the Roblox security cookie (.ROBLOSECURITY) that server administrators may optionally provide for bot ranking features. A Roblox cookie grants session-level access to the associated account — similar to a password. If a server administrator provides one, it is stored securely and used solely for automated ranking and group management. We strongly recommend administrators use a dedicated bot account rather than a personal Roblox account for this purpose. See Section 1 (Sensitive Credentials & Secrets) for full details.
7. Discord OAuth2
When you log into the Zenian dashboard:
- You are redirected to Discord's OAuth2 authorization page
- We request the
identify and guilds scopes to identify you and display your servers
- OAuth2 access tokens are stored securely in encrypted server-side sessions
- We never see or store your Discord password
- You can revoke Zenian's access through Discord's Authorized Apps settings
8. Cookies & Local Storage
The Zenian website and dashboard uses:
- Session Cookies: Essential cookies for maintaining your login session on the dashboard. These are strictly necessary and cannot be disabled while using the dashboard
- Advertising Cookies: We use Google AdSense to display advertisements on our website. Google AdSense may use cookies and web beacons to serve ads based on your prior visits to our site or other websites. Google's use of advertising cookies enables it and its partners to serve ads based on your visit to our site and/or other sites on the Internet. You may opt out of personalized advertising by visiting Google Ads Settings or aboutads.info
- Local Storage: The dashboard may use browser local storage for UI preferences (theme, sidebar state, etc.)
Third-party vendors, including Google, use cookies to serve ads based on a user's prior visits to this website or other websites. You can review how Google uses information from sites that use their services at Google's Partner Sites policy.
9. Children's Privacy
Zenian is not intended for use by individuals under the age of 13. In compliance with Discord's Terms of Service and the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13. If we discover that a user is under 13, their account and data will be removed.
10. Your Rights
You have the following rights regarding your data:
- Access: Request a copy of the data we hold about you
- Deletion: Request deletion of your personal data (subject to legal retention requirements)
- Unlink Accounts: Unlink your Roblox account at any time using
/unverify
- Dashboard Logout: Log out and clear your dashboard session at any time
- Opt-Out: Leave servers using Zenian if you do not wish your data to be processed
- Correction: Request correction of inaccurate data we hold about you
- Portability: Request your data in a portable format
- Subscription Cancellation: Request cancellation of your subscription at any time
To exercise any of these rights, join our Discord server and open a support ticket. We aim to respond to data requests within 30 days.
11. International Data
Zenian operates servers that may be located in various jurisdictions. By using the Service, you consent to the transfer of your data to and from these locations. We take reasonable steps to ensure your data is protected regardless of where it is processed.
12. Third-Party Services
Zenian integrates with the following third-party services, each with their own privacy policies:
- Discord — Chat platform and OAuth2 authentication
- Roblox — Game platform and OAuth2 verification
- Google AdSense — Advertising services and personalized ads
- Patreon — Subscription payment processing and license key delivery
We are not responsible for the privacy practices of these third-party services.
13. Data Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify affected users through our Discord server and, when possible, through direct message
- Investigate the breach and take steps to prevent future occurrences
- Provide information about what data was affected and recommended actions
- Notify relevant authorities as required by applicable law
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes:
- We will update the "Last updated" date at the top of this policy
- We will announce significant changes in our Discord server
- Continued use of Zenian after changes constitutes acceptance of the revised policy
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Discord: Join our support server and open a ticket
- Response Time: We aim to respond to all privacy-related inquiries within 48 hours