Privacy
Privacy Policy
Last updated July 12, 2026
This policy explains what Shero processes when you use the Discord app, website, dashboard, AI features, meetings, and paid features. It also explains which service providers receive data and how to request access or deletion.
1. Information Shero processes
- Discord account data: user ID, username, display name, avatar, email when provided by Discord OAuth, and the IDs of servers you own or can manage through the dashboard.
- Server data: guild, channel, role, member, permission, app, command, partnership, automation, and configuration identifiers or metadata needed to operate requested features.
- Command and AI data: command inputs, selected or referenced messages, bounded recent channel context, limited embed and attachment metadata, results from requested server lookups, and generated responses.
- Meeting data: voice participant IDs, speaker-separated and mixed audio, timing data, transcripts, summaries, and extracted tasks when a manager starts a Shero meeting recording.
- Billing and usage data: Discord entitlement IDs and status, credit balances, provider usage totals, feature counters, experiment attribution, errors, and service-health events. Discord handles payment details.
- Permission Watch data: the selected private delivery-channel ID, schedule state, one current permission snapshot, and bounded weekly counts. The snapshot includes role IDs with selected high-impact permission labels, IDs of channels where @everyone can post, aggregate safeguard values, and Shero capability gaps. Shero uses role names transiently when composing an alert but does not save them in the Permission Watch record.
- Website security data: session cookies and tokens, keyed rate-limit and 24-hour click-deduplication fingerprints derived from the client IP address, and coarse acquisition categories such as search, referral, campaign, internal, or direct. Shero does not store the raw IP address, user-agent string, or full referrer URL in growth counters. The optional install-confirmation flow uses short-lived, secure cookies for a random one-time authorization state and a signed coarse acquisition category.
- Install confirmation data: when the pilot is enabled, Shero briefly receives a Discord OAuth access token to verify that the installing person can manage the selected server and that the bot joined it. Shero does not save the access token, refresh token, authorization code, Discord user ID, or returned server object, and it requests token revocation before saving a successful confirmation.
2. How AI features use Discord content
Shero uses OpenAI for its deployed text, image, transcription, and meeting-summary features.
- When an authorized operator mentions Shero or uses
/ai, Shero may send OpenAI the request, up to 10 recent messages from the same channel, a replied-to message, limited embed and attachment metadata, and relevant guild, channel, role, user, mention, and permission information. Recent context can include messages written by other server members. - Summarize with Shero sends only the selected message's author display name, text, and limited embed text. That shortcut does not send surrounding channel history or attachment bytes.
- Image generation sends the requested image prompt and requesting Discord user ID.
- Meeting processing sends individual speaker audio to OpenAI for transcription, then sends the speaker-labelled transcript and limited meeting identifiers for summary and task extraction.
OpenAI states that API inputs and outputs are not used to train its models by default. OpenAI may retain abuse-monitoring data for up to 30 days. Shero's ordinary conversational AI also uses stored Responses API state to support short-term continuity; OpenAI states that this application state is retained for at least 30 days unless an approved retention control overrides it. Read OpenAI's current API data controls. Shero does not claim Zero Data Retention or a specific OpenAI data region.
3. Why Shero uses this information
- Deliver commands, AI answers, server actions, meetings, and dashboard features.
- Apply Discord permission checks and prevent unauthorized operations.
- Deliver opted-in Permission Watch comparisons, new-risk alerts, and weekly private digests.
- Manage free credits, paid entitlements, fraud controls, and service limits.
- Diagnose failures, monitor reliability, measure activation, and improve product workflows.
- Respond to support, safety, legal, or data-rights requests.
4. Service providers and disclosure
Shero does not sell personal information. Shero shares information with providers only as needed to operate the relevant feature, comply with law, investigate abuse, or protect users and the service. Current technical providers include:
- Discord for messages, interactions, OAuth, guild data, app permissions, and entitlements.
- OpenAI for text, image, transcription, and meeting-summary processing.
- DigitalOcean for the AI app runtime and private meeting-artifact storage.
- Oracle Cloud Infrastructure for the companion command and meeting-recording runtime.
- MongoDB Atlas for application and meeting records.
- Redis Cloud for queues, credits, identifiers, response pointers, rate limits, and analytics.
- Vercel for the website and dashboard runtime.
Each provider processes information under its own terms and Shero's applicable account or service agreement.
5. Storage and retention
- Shero keeps a conversational OpenAI response pointer in Redis for 30 minutes. Regular message context is fetched from Discord when needed rather than copied into a permanent Shero channel archive.
- Meeting database records and private meeting artifacts are configured to expire after 90 days. Storage lifecycle processing is asynchronous, so final removal may occur after the exact expiry timestamp.
- Permission Watch stores one current snapshot rather than a daily snapshot history. Each successful daily comparison replaces the previous snapshot. Disabling Permission Watch deletes its saved baseline and schedule, and Shero deletes that record when it leaves the server. Aggregate operational counters and logs may remain under the retention rules described in this policy.
- Install authorization state and its one-time completion link expire after 10 minutes. A successful confirmation leaves a server-scoped acquisition marker containing only the allowlisted source, landing group, coarse channel, and completion time for up to 30 days so a later aggregate activation or Supporter conversion can be counted.
- Identifier-based growth cohorts and some activity sets expire after 30 or 90 days. Aggregate usage, billing, entitlement, abuse, and operational counters may be retained longer when needed for accounting, security, or service operation.
- Dashboard account profiles, including the IDs of servers the user owns or can manage, currently have no automatic expiry. They remain until Shero deletes them after a verified request or operational cleanup.
- Operational logs may contain identifiers, timestamps, outcomes, errors, and usage metadata. Older logs created before July 11, 2026 may also contain AI request or response text until the hosting provider or operator removes them.
- Removing Shero from a server stops new processing for that server but does not by itself delete every existing record, artifact, entitlement, backup, or operational log.
6. Access controls, Permission Watch, and meeting privacy
Only a server member with Manage Server permission can configure Permission Watch. Setup accepts a standard private text channel only when @everyone is denied View Channel, the configuring manager can view it, and Shero can view the channel and send messages and embeds. Setup confirmation, new-risk alerts, and weekly digests go only to that selected channel with mentions disabled. Permission Watch sends no direct messages and makes no automatic server changes.
Shero's dashboard limits meeting records and download links to the meeting starter, recorded participants, and authenticated server managers. Signed artifact links expire after five minutes. Bucket objects are private and are not intended to be public links.
A server manager is responsible for telling participants before recording and for using meeting features consistently with Discord's rules and applicable consent or recording laws. Shero posts a recording notice in the invoking text channel, but it does not independently obtain consent from every voice participant.
7. Your choices and deletion requests
- Do not invoke AI or meeting features in channels containing information you do not want processed as described above.
- Server administrators can restrict Shero and individual app commands by role, member, and channel through Discord.
- A server manager can run
/permission-watch disable to stop monitoring and delete the saved baseline and schedule. - You can remove Shero from a server to stop future server processing.
- You can request access to, correction of, or deletion of information associated with your Discord user or server.
Shero does not currently provide a complete self-service deletion tool. Submit a request through the Shero support server. We may need to verify your Discord identity and server authority before acting. Some data may remain where retention is required for security, accounting, legal obligations, backups, or provider-level processing.
8. Direct messages and children
Shero may send direct messages when a user initiates a workflow or when a message is necessary to deliver a requested feature, credit, entitlement, support response, or important service notice. Shero is not directed to people below the minimum age required to use Discord in their country.
Permission Watch is an exception to that general delivery model: it never uses direct messages. Its setup confirmation, new-risk alerts, and weekly digest are delivered only in the private text channel selected by a server manager.
9. Security and policy changes
Shero uses access controls, private object storage, expiring signed links, rate limits, scoped bot permissions, and permission checks. No system can guarantee absolute security. Report suspected unauthorized access through the support server.
We may update this policy when the product, providers, retention, or legal requirements change. Material updates will be dated on this page and may also be announced through Shero's service channels.