1. Controller
Antonio Schlömer, [PLACEHOLDER – to be filled in], 26506 Norden, Germany. Email: [email protected].
2. Hosting, CDN and security
Disc-Tools is operated on server infrastructure and delivered through Cloudflare as CDN, DNS/proxy and security provider. IP address, timestamp, requested URL, user agent, referrer and security events may be processed. To detect abuse and fraud attempts (e.g. VPN/proxy bypass), the IP address is sent to the security service proxycheck.io. Legal basis: Art. 6(1)(f) GDPR.
3. Server logs
Web server and API logs are used for troubleshooting, abuse prevention and security. They may include IP addresses, timestamps, HTTP method, path, status code and technical error messages, and are retained only as long as necessary.
4. Discord OAuth and Discord features
When you log in with Discord, we process Discord ID, username, display name, avatar, banner, public flags, guild/role data and a Discord OAuth access token in an httpOnly login cookie. This is used for login, profile pages, admin/team role checks and server-related features. Legal basis: Art. 6(1)(b) and Art. 6(1)(f) GDPR.
5. Discord bot and verification
Our Discord bot logs server joins and leaves by posting messages in a public log channel. This serves security and overview purposes. Additionally, the verification system stores the following data in a database:
– Discord user ID (user_id)
– SHA256 hash of your IP address (ip_hash – the raw IP is never stored)
– Verification timestamp (verified_at)
The IP is only hashed to detect potential alt accounts. The raw IP address is never stored at any point. Legal basis: Art. 6(1)(f) GDPR (security and abuse prevention).
6. Spotify OAuth and music features
If team members connect Spotify, we store a Spotify refresh token to display currently playing tracks. Spotify track URLs and SoundCloud URLs may also be shown on public profiles. Connection is voluntary and can be deleted on request.
7. Cookies and local storage
- Login cookie: httpOnly, secure, SameSite=Lax, up to 7 days.
- Cookie consent and UI settings may be stored locally in your browser.
- Cloudflare may set technically necessary security cookies.
8. Analytics
We use self-hosted Umami Analytics at umami.Disc-Tools. We do not use Google Analytics. Umami helps measure usage and improve the service on the basis of legitimate interests, Art. 6(1)(f) GDPR.
9. Fonts and external content
Fonts are served locally by Disc-Tools; no Google Fonts are loaded from Google servers. Icons are loaded via Font Awesome/CDNJS. External embeds or services may involve Discord, Spotify, SoundCloud, Cloudflare and Umami.
10. Contact, partnership requests and admin features
For partnership requests we process Discord ID, username, avatar, server/project information, website, description and message content. Admin logs and moderation data are visible only to authorized administrators.
11. Your rights
Under the GDPR you have rights of access, rectification, erasure, restriction, portability and objection. You may also complain to a data protection authority. Requests: [email protected].
12. Deletion
You may request deletion of stored profile, OAuth, Spotify, partnership and verification data by email. Legal retention obligations and security interests may prevent immediate deletion of some log data.
Last updated: 23 May 2026