Privacy Policy

Last updated: March 2026

1. Introduction

DoorFee ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Discord subscription management platform. Please read this policy carefully to understand our practices regarding your personal data.

2. Information We Collect

2.1 Information from Discord

When you authenticate with Discord, we collect:

  • Discord user ID and username
  • Email address (if provided to Discord)
  • Avatar and profile information
  • Server membership information (for servers using DoorFee)
  • Guild (server) roles and permissions

2.2 Payment Information

Payment processing is handled by Stripe. We do not store complete credit card numbers. We may receive and store:

  • Last four digits of payment cards
  • Billing address
  • Transaction history and amounts
  • Stripe customer and account IDs
  • Stripe Connect account information for server owners
  • Subscription status, billing intervals, and plan details

2.3 Usage Information

We automatically collect certain information when you use the Service:

  • IP address and browser type
  • Pages visited and features used
  • Time and date of visits
  • Referring website addresses
  • Device type and operating system

2.4 Content You Provide

This includes sales page content, subscription tier descriptions, uploaded images, coupon codes, email marketing content, review responses, and any other content you create using the Service.

2.5 Affiliate and Referral Data

When you participate in or interact with affiliate programs, we collect:

  • Referral link clicks and conversion data
  • Browser fingerprint data for attribution tracking
  • Commission amounts and payout history
  • Referring affiliate identifiers

2.6 Dispute and Recovery Data

When payment disputes or recovery processes occur, we collect:

  • Dispute status, reason, and resolution history
  • Grace period timestamps and outcomes
  • Failed notification retry records (notification type, attempt count, failure reason)
  • Dunning communication history (renewal reminders, grace period warnings, win-back offers)

2.7 Server Transfer Data

When server ownership transfers are initiated, we collect:

  • Transfer initiation and acceptance timestamps
  • Original and new owner identifiers
  • Transfer status and completion records

2.8 Email Marketing Data

When server owners use our email marketing features, we collect:

  • Subscriber email addresses (encrypted at rest using AES-256-GCM)
  • Email open and click tracking data
  • Marketing consent and opt-in/opt-out status
  • Email campaign performance metrics

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process transactions and send related information
  • Manage subscriptions and role assignments
  • Send administrative notifications and updates
  • Respond to your comments, questions, and requests
  • Monitor and analyze usage patterns and trends
  • Detect, investigate, and prevent fraudulent transactions
  • Track and recover abandoned checkouts via email notifications
  • Track affiliate referrals and calculate commissions
  • Facilitate email marketing campaigns on behalf of server owners
  • Verify bot challenges and prevent abuse (via hCaptcha)
  • Comply with legal obligations

4. Information Sharing and Disclosure

We may share your information in the following circumstances:

4.1 With Server Owners

If you subscribe to a Discord server through DoorFee, the server owner (and their authorized team members/managers) may see your Discord username, subscription status, payment history related to their server, and email address if you provided one.

4.2 With Service Providers

We share information with third-party service providers who perform services on our behalf, including Stripe for payment processing, Discord for authentication and bot functionality, and email marketing platforms for campaign delivery.

4.3 With Email Marketing Platforms

When server owners configure email marketing integrations, subscriber email addresses and related data may be synced with their connected email marketing platforms (such as Brevo, Mailchimp, or Klaviyo). This sharing is initiated by the server owner and subject to the respective platform's privacy policy.

4.4 For Legal Reasons

We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of DoorFee, our users, or others.

4.5 Business Transfers

If DoorFee is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of sensitive data at rest using AES-256-GCM (e.g., email addresses, API keys)
  • Secure HTTPS connections for all data in transit
  • Session management with secure, httpOnly cookies
  • Regular security assessments and code reviews
  • Rate limiting and abuse prevention mechanisms
  • Audit logging of administrative actions
  • Content Security Policy (CSP) headers to prevent cross-site scripting and data injection
  • Database backups encrypted with AES-256

However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. We may retain certain information as required by law or for legitimate business purposes, such as resolving disputes and enforcing agreements.

6.1 Specific Retention Periods

  • Transaction and financial records: 7 years (required for tax and legal compliance)
  • Audit logs: 90 days
  • Affiliate tracking data: 180 days
  • Email marketing analytics: Retained while account is active
  • Failed notification records: Retained for 90 days
  • Dispute and grace period records: Retained with financial records (7 years)
  • Checkout abandonment data: Retained for 90 days
  • Session data: Cleared upon logout or expiration

When you delete your account, we anonymize subscription records with payment history rather than deleting them entirely, to maintain financial record integrity while protecting your privacy.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal data:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (subject to legal requirements)
  • Portability: Request a copy of your data in a portable format
  • Objection: Object to certain processing of your data
  • Marketing opt-out: Unsubscribe from marketing emails at any time via the unsubscribe link in each email

To exercise these rights, please contact us through our support channels. You may also request a data export or account deletion directly from your dashboard settings.

8. Cookies and Tracking

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyze usage of the Service.

8.1 Cookie Categories

  • Necessary (always enabled): Required for authentication, session management, and security. These cannot be disabled.
  • Analytics (opt-in): Help us understand how you use the Service to improve functionality and user experience.
  • Marketing (opt-in): Used to measure the effectiveness of our communications and provide relevant content.

8.2 Consent Management

For users in the European Union, we display a cookie consent banner in compliance with GDPR. California residents receive notices in compliance with CCPA. You can modify your cookie preferences at any time through our cookie preferences panel. For guest users, preferences are stored locally in your browser. For authenticated users, preferences are synchronized to our servers for consistency across devices.

You can also control cookies through your browser settings, but disabling necessary cookies may affect the functionality of the Service.

9. Third-Party Tracking Pixels

Server owners may add third-party tracking pixels to their sales pages for analytics and advertising purposes. These may include:

  • Facebook (Meta) Pixel: For conversion tracking and ad optimization
  • Google Analytics / Google Tag Manager: For website analytics and event tracking
  • TikTok Pixel: For ad performance and conversion tracking
  • Snapchat Pixel: For ad attribution and audience building
  • Twitter (X) Pixel: For conversion tracking
  • LinkedIn Insight Tag: For B2B conversion tracking
  • Pinterest Tag: For ad performance measurement

These tracking pixels are controlled by the respective server owner and are subject to the privacy policies of each platform. Server owners are responsible for disclosing their use of tracking pixels to end users as required by applicable law. Tracking pixels configured by server owners are only loaded when analytics cookies are consented to.

10. Third-Party Services

Our Service integrates with third-party services that have their own privacy policies:

  • Discord: For authentication, bot functionality, and role management
  • Stripe: For payment processing and Stripe Connect payouts
  • Brevo (formerly Sendinblue): For email marketing and transactional communications
  • Mailchimp: For email marketing integrations (when configured by server owners)
  • Klaviyo: For email marketing integrations (when configured by server owners)
  • hCaptcha: For bot protection and abuse prevention on sales pages
  • Sentry: For error monitoring and application performance (may collect anonymized error data)
  • Pusher: For real-time notifications and live updates within the dashboard

We encourage you to review the privacy policies of these third-party services.

11. Children's Privacy

The Service is not intended for users under the age of 13 (or the minimum age required by Discord in your jurisdiction). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will take steps to delete that information.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. By using the Service, you consent to the transfer of your information to these countries. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us through our support channels or Discord server. We will respond to your inquiry as soon as reasonably possible.