Privacy Policy

Last updated: March 3, 2026

1. Overview

Tixie ("we", "us", "our") operates the Tixie Discord bot and the web dashboard at tixie.bot. This Privacy Policy explains what data we collect, why we collect it, and how we handle it. We are committed to collecting only the data necessary to operate the Service.

2. Data We Collect

2.1 Data from Discord

When you add Tixie to your server or interact with it, we receive and store:

  • Server information: Server ID, server name, and icon. Used to identify your server in the dashboard.
  • User information: Discord user ID and username of ticket creators, staff members, and dashboard users. We do not store email addresses, passwords, or payment details.
  • Ticket messages: The content of messages sent within ticket threads. Stored to provide transcript history and analytics.
  • Interaction data: Button clicks, command usage, and form submissions within ticket workflows.

2.2 Data from Dashboard Sign-In

When you sign in to the web dashboard via Discord OAuth2, we receive:

  • Discord identity: Your Discord user ID, username, and avatar.
  • Server list: A list of servers you are a member of (used to show servers you can manage). We do not store your full server list — it is fetched on each session.
  • OAuth2 access token: Stored encrypted in your session to make Discord API calls on your behalf. Tokens are not shared with third parties.

2.3 Data from AI Features (Optional)

If your server enables AI-powered features:

  • Ticket messages and knowledge base articles may be sent to third-party AI providers (currently OpenAI) to generate responses and embeddings.
  • We send only the minimum data needed for processing (message content, article text). We do not send user IDs, server IDs, or other identifying information to AI providers.
  • AI providers process data according to their own privacy policies. OpenAI's API data usage policy states that API inputs are not used to train models.

3. How We Use Your Data

  • Operating the Service: Creating and managing tickets, delivering notifications, displaying transcripts, and powering the dashboard.
  • Analytics: Generating aggregate ticket statistics (volume, response times, satisfaction ratings) for server administrators. Analytics are per-server and not shared across servers.
  • Service improvement: Monitoring error rates and performance to fix bugs and improve reliability. We do not analyze your message content for this purpose.

4. Data Storage and Security

  • Data is stored in a PostgreSQL database hosted on secure cloud infrastructure.
  • All connections use TLS encryption in transit.
  • White-label bot tokens are encrypted at rest using AES-256-GCM.
  • Dashboard sessions are secured with HTTP-only, secure cookies and CSRF protection.
  • Access to production systems is restricted to authorized administrators.

5. Data Sharing

We do not sell your data. We share data only in these limited circumstances:

  • AI providers: Message content sent to OpenAI for AI features, only when enabled by a server administrator.
  • Error tracking: Anonymized error reports may be sent to Sentry for debugging purposes. These do not contain message content or user-identifiable data.
  • Legal requirements: If required by law, regulation, or valid legal process.

6. Data Retention

  • Ticket data (messages, transcripts, metadata) is retained for as long as the server uses the Service.
  • When the bot is removed from a server, data is retained for 90 days before automatic deletion.
  • Server administrators can request immediate data deletion by contacting us.
  • Dashboard sessions expire automatically and are not persisted beyond the session lifetime.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the data we hold about you.
  • Deletion: Request deletion of your personal data.
  • Correction: Request correction of inaccurate data.
  • Portability: Request your data in a machine-readable format.

To exercise any of these rights, please contact us through our Discord support server. We will respond within 30 days.

8. Children's Privacy

The Service is not directed at children under 13 (or the minimum age required by Discord in your jurisdiction). We do not knowingly collect data from children under this age. If we become aware that we have collected data from a child under the minimum age, we will delete it promptly.

9. Cookies

The web dashboard uses essential cookies for authentication (session tokens, CSRF protection). We do not use advertising or tracking cookies. No third-party analytics cookies are set.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced in our Discord support server. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy or want to exercise your data rights, please contact us via our Discord support server.

See also: Terms of Service