Privacy Policy

Last updated: June 24, 2026

What You Need to Know (Plain English)

What We Collect
  • Your Discord username, avatar, and server list
  • Your Steam ID when you register
  • Game data from servers you play on
  • Commands you send to the bot
  • Notification preferences you set
What We Do With It
  • Connect your Discord to game servers
  • Send you notifications you want
  • Help admins manage their servers
  • Stop cheaters
  • Make the bot work properly

We don't: Sell your data, track you across websites, send spam, or share info except for anti-cheat purposes.

You can: Delete your account anytime, control your notification settings, and see/change your data through the dashboard.

Complete Privacy Policy

Data We Collect

From Discord

When you use ESM, we collect and store:

  • Username and Avatar: To personalize your experience and identify you in commands
  • Discord User ID: A unique number that identifies your Discord account
  • Server List: Which Discord servers you're in (to determine permissions)
  • Authentication Tokens: To keep you logged into our website (these expire automatically)
  • Message Content: Only when you send commands to the bot (needed to process requests)

From Steam

When you register your Steam account:

  • Steam ID: To link your Discord account to your game character
  • Public Profile Info: Username, avatar, profile URL, VAC ban status (for the whois command only)

From Game Servers

When you play on ESM-enabled servers:

  • Game Statistics: Money, respect, territories, playtime
  • Territory Information: Base ownership, members, payment history
  • Notification Events: Raids, flag events, marketplace sales
  • Command History: Commands you've used for troubleshooting

Website Usage

Automatically collected:

  • Technical Data: IP address, browser type, device info
  • Usage Data: Pages visited, features used (for improving the service)

How We Use Your Data

Core Functionality
  • Connect your Discord identity to game servers
  • Process bot commands and return results
  • Deliver notifications you've requested
  • Manage server permissions and access
  • Provide web dashboard functionality
Security & Anti-Cheat

We share limited ID information with trusted community partners for:

  • Identifying cheaters across communities
  • Preventing ban evasion
  • Maintaining community safety

What gets shared: Limited account information for community safety purposes only. No personal details, chat logs, or sensitive data.

Data Sharing & Disclosure

What We DON'T Do

  • We don't sell your data to anyone
  • We don't track you across other websites
  • We don't send marketing emails or spam
  • We don't share data with advertisers
  • We don't use your data for AI training

Limited Sharing

We only share data in these specific situations:

  • Community Safety Partners: Limited account information with trusted community administrators for safety purposes
  • Legal Requirements: If required by law enforcement or court orders
  • Service Providers: Technical infrastructure (hosting, etc.) with strict data protection agreements

Your Rights & Controls

Account Control
  • Delete your account completely
  • Unlink Steam but keep Discord features
  • Change notification preferences
  • View all your stored data
European Rights (GDPR)
  • Request a copy of your data
  • Correct inaccurate information
  • Object to data processing
  • Data portability

Data Security

We protect your data using:

  • Encrypted connections (HTTPS/TLS)
  • Secure authentication tokens
  • Regular security updates
  • Limited access controls
  • Automated backups with encryption
Current Status

Currently, Bryan (the developer) is the only person with direct database access.

This may change in the future if the project needs new maintainers or if ownership is transferred. We'll update this policy and notify users of any significant changes.

Cookies & Tracking

We use minimal cookies for:

  • Keeping you logged into the website
  • Remembering your preferences
  • Basic functionality (nothing fancy)

We don't use: Google Analytics, Facebook Pixel, ad trackers, or any marketing cookies.

Data Retention

  • Active Accounts: Data kept while you use the service
  • Inactive Accounts: Automatically deleted after 2 years of no activity
  • Deleted Accounts: Data removed within 30 days (some backups may take longer)
  • Legal Holds: May be retained longer if required by law

Children's Privacy

ESM is not intended for children under 13. We don't knowingly collect data from children under 13. If we discover we have, we'll delete it immediately.

International Transfers

ESM's services are hosted internationally. By using the service, you consent to your data being transferred to and processed in various locations as needed to provide the service.

Changes to This Policy

We'll update this policy when needed and notify you by:

  • Posting the new version on our website
  • Sending a Discord notification for major changes
  • Email notification if we have your email address

Contact Information

Questions about privacy? Reach out to:

Still Have Questions?

This policy covers the basics, but if you want to know something specific about how your data is handled, just ask! We're happy to explain our practices in detail.