Privacy Policy

This Privacy Policy explains how Aegis collects, uses, stores, shares, protects, and retains information when users access Aegis, authenticate with Discord, link Roblox accounts, use investigation workflows, manage evidence references, configure departments, review staff records, or interact with Aegis systems.

Aegis is a Discord-authenticated internal affairs, investigations, evidence management, oversight, auditing, and staff operations platform used by communities, moderation teams, departments, roleplay agencies, organisations, and administrative groups.

Aegis operates primarily from Brisbane, Queensland, Australia. Users, organisations, service providers, and connected platforms can operate from other locations, which means information can be processed in Australia and other countries as described in this Policy.

Aegis collects information that users provide directly, information generated through use of the service, information received from connected platforms, information created by organisations, and technical information needed to operate and secure the platform.

Aegis collects Discord account information when a user signs in with Discord, including Discord ID, username, display name, avatar, authentication identifiers, login status, and account information returned by Discord through the authentication flow.

Aegis may collect depending on enabled features or configuration an email address or additional Discord profile information if Discord provides it through the authorised authentication scope or if a future feature requires it.

Aegis collects Roblox information when a user links a Roblox account, including Roblox user ID, username, display name, profile URL, avatar or headshot URL, linked account status, linking timestamp, unlinking status, and OAuth-related account identifiers.

Aegis collects Roblox inventory verification information when Roblox inventory verification features are enabled, including item identifiers, inventory item references, ownership verification results, verification timestamps, and feature-specific inventory data available through the user.inventory-item:read scope.

Aegis collects authentication data and session identifiers, including session tokens, login timestamps, sign-in events, sign-out events, session refresh events, account linkage events, authentication provider identifiers, and security validation results.

Aegis collects server configuration data, including guild IDs, server names, installation status, server-level settings, department configuration, role mappings, permission settings, access rules, premium plan status, and administrative preferences.

Aegis collects role, permission, and department information, including assigned roles, permission levels, department assignments, staff access groups, administrator designations, access changes, and permission review history.

Aegis collects case records, evidence references, allegations, reports, disciplinary history, member information, investigation notes, staff notes, administrative review notes, oversight workflow status, attachments, linked records, timestamps, and related operational metadata entered or managed by authorised users.

Aegis collects audit history and activity logs, including record creation, record edits, record views where enabled, access changes, administrative actions, department changes, server configuration changes, Roblox link events, export events, deletion actions, and security-relevant activity.

Aegis collects technical information, including IP addresses, browser information, device information, operating system, request metadata, error reports, performance logs, analytics events, security telemetry, cookies, local storage identifiers, feature interactions, page views, and reliability diagnostics.

Aegis uses Discord account information to authenticate users, identify accounts, display user profiles, connect users to authorised servers, enforce access controls, manage sessions, log security events, and associate activity with the correct user.

Aegis uses Discord IDs as stable account identifiers because usernames and display names can change. Aegis uses avatars and display names to help staff recognise users inside dashboards, records, audit entries, account settings, and operational workflows.

Aegis processes Discord information according to the permissions granted through Discord and the configuration of Aegis-enabled servers. Discord remains responsible for its own processing under Discord's policies.

Aegis uses Roblox OAuth for optional Roblox account linking. The Roblox OAuth scopes currently used by Aegis are openid, profile, and user.inventory-item:read.

Aegis uses openid to confirm the linked Roblox identity, profile to display basic Roblox account details, and user.inventory-item:read to support Roblox inventory verification features.

Aegis uses Roblox identity information to associate a Roblox account with an Aegis user, reduce confusion between accounts, display linked account status, support account integrity checks, and provide Roblox-related workflows.

Aegis uses inventory verification information to verify ownership or presence of relevant Roblox inventory items where an enabled Aegis feature requires that verification. Aegis does not use Roblox inventory verification information for unrelated advertising or sale.

Aegis allows users to unlink a Roblox account where the unlink feature is available. Unlinking removes the current account association used for future Roblox-linked features, subject to retained security logs, audit records, backups, and records that Aegis or an organisation must retain for operational reasons.

Aegis uses information for authentication, account integrity, server access control, role and permission enforcement, department assignment, case management, internal investigations, evidence workflows, oversight, audit history, staff operations, administrative review, and Roblox inventory verification.

Aegis uses information for abuse prevention, fraud detection, misuse investigation, unauthorised access detection, moderation support, security monitoring, incident response, and enforcement of these Terms and organisational access rules.

Aegis uses technical information for troubleshooting, performance monitoring, reliability, error resolution, feature improvement, uptime analysis, compatibility testing, and service security.

Aegis uses contact, account, billing, and organisation information for support responses, service communications, security notices, account notices, subscription administration, billing support, plan management, and operational announcements.

Aegis uses aggregated or de-identified information to understand service usage, improve workflows, measure reliability, prioritise features, and monitor platform health where the information no longer identifies a specific user or organisation.

Aegis processes information to perform the service requested by users and organisations, including authentication, access control, case workflows, evidence workflows, audit logging, account settings, support, and subscriptions.

Aegis processes information based on legitimate interests in operating, securing, improving, monitoring, and protecting the platform, preventing abuse, maintaining auditability, enforcing permissions, and supporting organisational workflows.

Aegis processes information based on consent where a user chooses to link a Roblox account, authorises an OAuth flow, enables optional features, or otherwise provides permission for a specific processing activity.

Aegis processes information to comply with legal obligations, resolve disputes, enforce agreements, respond to lawful requests, preserve security records, and protect the rights, safety, and integrity of Aegis, users, organisations, and third parties.

Organisations using Aegis are responsible for identifying their own lawful basis for records they create or manage, including case records, evidence references, allegations, staff notes, member information, disciplinary history, and investigation materials.

Aegis does not sell personal information. Aegis shares information only as needed to operate the service, provide requested features, support authorised organisational access, process payments, maintain security, comply with law, enforce agreements, or protect rights and safety.

Aegis shares information with hosting providers, infrastructure vendors, database providers, logging services, analytics services, payment processors, support tools, security providers, and other service providers that help operate Aegis.

Aegis shares or exposes information inside an organisation according to roles, permissions, department assignments, server configuration, case access settings, audit settings, and administrative controls.

Aegis can disclose information when required by law, subpoena, court order, regulator request, legal process, safety concern, security incident, rights enforcement, fraud investigation, or abuse prevention requirement.

Aegis uses hosting providers, infrastructure vendors, database providers, file storage systems, network services, deployment platforms, and monitoring tools to run the platform.

These providers process information needed to host application code, store records, serve pages, route traffic, maintain uptime, process requests, secure infrastructure, create backups, and diagnose technical issues.

Aegis selects infrastructure and service providers based on operational needs, reliability, security capabilities, availability, scalability, and compatibility with the Aegis platform.

Aegis uses logging services to collect performance logs, application errors, request events, login events, session events, access failures, system failures, and diagnostic information.

Aegis uses analytics to understand feature interactions, page usage, reliability, adoption, performance, product quality, and operational trends.

Aegis uses security providers and security telemetry to detect abuse, investigate suspicious activity, prevent unauthorised access, protect accounts, monitor vulnerabilities, enforce rate limits, and respond to incidents.

Logging, analytics, and security information can include IP addresses, browser information, device information, operating system, session identifiers, request metadata, error messages, timestamps, and feature interactions.

Aegis can offer subscriptions, premium plans, paid features, trials, discounts, server-level purchases, or other billing options.

When payment features are used, Aegis and its payment processors collect and process billing information, transaction records, plan status, payment method references, invoices, tax information, renewal status, cancellation status, chargeback information, and support information related to billing.

Payment processors process payment details under their own terms and privacy policies. Aegis does not store full card numbers unless a payment provider explicitly makes such storage available through secure tokenised systems.

Discord processes information when users authenticate with Discord, access Discord-connected workflows, interact with Discord servers, or use Discord permissions. Discord's own terms and privacy policy govern Discord's processing.

Roblox processes information when users authorise Roblox OAuth, link Roblox accounts, revoke Roblox access, or use Roblox services. Roblox's own terms and privacy policy govern Roblox's processing.

Aegis receives information from Discord and Roblox only for Aegis authentication, account linking, access control, display, audit, and enabled verification features. Aegis does not control how Discord or Roblox independently process information on their own platforms.

Authorised organisation users can access information inside Aegis according to server configuration, department assignment, role permissions, case permissions, staff permissions, and administrative controls.

Server owners, administrators, department leads, investigators, moderators, reviewers, and other authorised staff can view, create, edit, export, archive, or delete records where their permissions allow it.

Organisations are responsible for assigning appropriate access, removing unauthorised users, reviewing staff permissions, correcting records, responding to internal privacy requests, and ensuring that organisational records are handled lawfully and fairly.

Aegis retains information for as long as needed to provide the service, operate accounts, maintain access control, support investigations, preserve audit history, resolve disputes, enforce terms, prevent abuse, maintain security, comply with legal obligations, support billing, and meet operational requirements.

Aegis retains Discord account identifiers and authentication records while an account remains active and for a reasonable period after inactivity, account removal, suspension, or termination where needed for security, audit, support, or legal purposes.

Aegis retains Roblox linking information while a Roblox account remains linked and retains unlinking records, security records, audit events, and historical references where needed for accountability, abuse prevention, or operational integrity.

Aegis retains case records, evidence references, staff notes, disciplinary history, audit entries, attachments, and organisational records according to organisation configuration, product functionality, legal requirements, backup limitations, and operational needs.

Aegis retains technical logs, performance logs, errors, security telemetry, IP addresses, and session events for periods appropriate to security, troubleshooting, abuse prevention, reliability analysis, and incident response.

Aegis uses backups to support recovery, resilience, security, and continuity. Backup copies can retain information after it is deleted from active systems until the relevant backup expires or is overwritten.

Aegis archives information where needed for audit history, investigation continuity, security review, legal compliance, billing records, abuse prevention, or organisational recordkeeping.

When deletion is requested or required, Aegis deletes, anonymises, restricts, or archives information according to account status, organisation controls, legal obligations, technical limitations, backup schedules, and security requirements.

Deletion of a user account or unlinking a Roblox account does not automatically delete organisational records that mention that user, audit entries, security logs, case history, evidence references, backups, or records controlled by an organisation.

Aegis operates from Australia and uses service providers that can process information in Australia and other countries.

Information can be transferred to, stored in, or accessed from countries that have different privacy laws from the country where a user or organisation is located.

Aegis uses contractual, technical, organisational, and provider-based safeguards appropriate to the service and the nature of the information being processed.

Depending on your location, you can have rights to access, correct, delete, restrict, object to processing, withdraw consent, receive a copy of certain information, or complain to a privacy authority.

Aegis handles user rights requests according to applicable law, account verification requirements, organisation responsibilities, security needs, and technical limitations.

Some records are controlled by the organisation that created or manages them. Requests involving case records, evidence references, staff notes, allegations, disciplinary history, audit entries, attachments, or department records can require review or action by the relevant organisation.

Users can request access to personal information associated with their Aegis account through the official Aegis Discord server. Aegis verifies identity before disclosing account information.

Users can request correction of inaccurate account information. Records controlled by an organisation can require correction by an authorised administrator or department member.

Users can object to certain processing or request restriction where applicable law provides that right. Aegis evaluates objections against operational needs, legal obligations, security requirements, audit requirements, and organisational recordkeeping responsibilities.

Users can request portability of eligible account information where applicable law provides that right and where the information can be exported using reasonable technical means.

Users can request deletion of personal information associated with their Aegis account through the official Aegis Discord server.

Aegis evaluates deletion requests according to applicable law, account verification, organisation control, security needs, audit obligations, billing records, legal obligations, backup limitations, and operational requirements.

Aegis can retain information where retention is necessary for security, fraud prevention, dispute resolution, legal compliance, enforcement of terms, payment records, support history, audit history, backup integrity, or organisational records.

Users can unlink a Roblox account through Aegis settings where the feature is available. Unlinking clears the current Roblox account association used by Aegis for future linked-account features.

After unlinking, Aegis stops using that linked Roblox account for future Roblox identity display and inventory verification features unless the user links a Roblox account again.

Aegis retains historical Roblox link events, unlink events, security logs, audit records, verification records, and backup copies where needed for security, abuse prevention, auditability, organisational workflows, or legal requirements.

Aegis uses technical and organisational safeguards designed to protect information against unauthorised access, loss, misuse, alteration, disclosure, and disruption.

Safeguards include Discord authentication, session controls, permission checks, role-based access, department access controls, secure transport, audit logging, technical monitoring, infrastructure security, access restrictions, and operational review.

No online service can guarantee perfect security. Users and organisations must protect Discord accounts, manage staff permissions, review access regularly, secure devices, report suspicious activity, and limit access to authorised personnel.

Security concerns should be directed through the official Aegis Discord server: https://discord.gg/5pJmShHwjf.

Aegis uses cookies, session storage, local storage, and similar technologies for authentication, session management, security, user preferences, feature operation, analytics, reliability, and abuse prevention.

Authentication cookies and session identifiers are required for core account access. Disabling required cookies can prevent Aegis from working correctly.

Aegis can use optional analytics or preference storage where enabled by configuration, browser settings, or future consent controls.

Aegis is intended for authorised staff, moderators, department members, investigators, administrators, and operational users. Aegis is not directed to children.

Users must be at least 13 years old to use Aegis. If a higher minimum age applies under local law, organisation policy, Discord rules, Roblox rules, or another applicable platform policy, that higher minimum age applies.

If Aegis learns that a child has provided personal information without appropriate authority, Aegis can restrict the account, delete information where appropriate, notify an organisation, or take other steps required by law or platform safety requirements.

Aegis can update this Privacy Policy to reflect product changes, legal requirements, security needs, vendor changes, new features, subscription changes, or operational updates.

The effective date identifies the current version. Continued use of Aegis after an updated Privacy Policy becomes effective means the updated Policy applies to future use of Aegis.

Where a change materially affects how Aegis handles information, Aegis will provide notice through the website, application, account notices, or another reasonable method.

Questions relating to Aegis, privacy requests, account issues, legal enquiries, security concerns, moderation issues, or policy requests should be directed through the official Aegis Discord server:

https://discord.gg/5pJmShHwjf

Users submitting privacy, security, or account requests may be asked to verify identity before requests are processed.