Privacy Policy

When you add Nano to a Discord server, we store the following to operate the bot's features:

• Discord user IDs, guild IDs, and usernames (usernames cached temporarily)
• Feature data you generate or configure: levels and XP, economy balances and transactions, moderation case history, ticket transcripts, invite counts, birthdays, vote streaks, and similar
• Message logs for audit purposes (opt-in, requires configuration)

When you visit our website or sign in to the dashboard, we additionally store:

• Discord account ID, username, and email (provided by Discord OAuth at sign-in)
• Session and authentication state (cookies; required for sign-in to work)
• Marketing attribution: click identifiers and campaign tags from the URL where you first arrived, plus the landing path and referrer
• A one-way hashed form of your IP address — never the raw IP — recorded once per attribution touchpoint
• Consent decisions for ads and analytics cookies, with timestamps
• Stripe customer and subscription IDs (if you purchase Premium); payment details are handled by Stripe and never reach our servers

Bot data is used exclusively to operate Nano's features within your Discord server. Dashboard data is used to authenticate you, deliver the dashboard experience, process subscriptions, and — with your consent — to measure marketing performance so we can understand which campaigns bring users to Nano. We do not sell your data to anyone.

We use a small set of cookies and browser storage on nanobot.best and its subdomains. The cookie banner shown on marketing pages lets you accept or reject the non-essential categories. You can change your decision at any time via the “Manage cookies” link in the footer.

• Strictly necessary (always active): sign-in session, CSRF/OAuth state, and minimal UI preferences. Without these, sign-in and core features cannot work.
• Marketing attribution (consent-gated): a first-party cookie that records click and campaign parameters from the URL of the landing page so we can attribute later events (sign-up, bot install, purchase) back to the campaign you came from.
• Analytics and advertising (consent-gated): when you accept, Google Analytics measures anonymous traffic and Google Ads links conversions back to ad clicks. These are used to measure marketing effectiveness; they are not used for personalized ads on our site.

We honor your cookie choice — until you opt in, no analytics or advertising cookies are written and no personalized identifiers are sent.

When you accept the “ads” or “analytics” cookie categories, we measure marketing engagement — page views, account creation, bot installs, and Premium purchases — via Google Analytics. When you originally arrived from a Google Ads click, the same install and purchase events are also reported to Google Ads (along with later refund adjustments to keep the totals accurate).

To match conversions back to the original ad click, we include a one-way hashed form of your email address. We never send your email in plaintext.

Bot data: guild-specific data (settings, economy, levels, moderation logs) is retained for 30 days after Nano is removed from a server, then permanently deleted. Global user data (XP, reputation, vote streak) is retained until you request deletion.

Dashboard data: account and subscription records are kept for the life of the account; attribution touchpoints are retained for 24 months for marketing measurement; consent decisions are retained as long as the related account exists. To request deletion of your data, open a ticket in our support server.

We share data with the following service providers, each strictly for the purpose listed:

• Discord — OAuth authentication, identity verification, and bot interactions. Governed by Discord's privacy policy.
• Stripe — payment processing for Premium subscriptions. Card details are entered on Stripe's hosted checkout and never touch our servers. Governed by Stripe's privacy policy.
• Google Analytics and Google Ads — marketing measurement and conversion tracking, only after you consent. Governed by Google's privacy policy.
• top.gg — bot listing and vote tracking (server count and vote events only, no user profile data). Governed by top.gg's privacy policy.

You may request a copy of your data, ask for its deletion, withdraw consent for analytics or advertising cookies, or object to processing at any time by contacting us in our support server. We will respond within 30 days. Withdrawing consent does not affect the lawfulness of processing before the withdrawal.

Questions? Join our support server.