Fluxer Bot List

Privacy Policy

Last updated: 2026-04-26

This Privacy Policy explains what information Fluxer Bot List ("FBL", "we", "us") collects when you use our website, dashboard, public API, and related services, how we use it, and the choices you have. By using FBL you agree to the practices described below.

If you do not agree with any part of this policy, do not use FBL.

1. Information we collect

Information you give us

  • Fluxer account information when you sign in via OAuth: your Fluxer user ID, username, display name, avatar, locale, and the email address attached to your Fluxer account (if you grant the relevant scope).
  • Listing content you submit — descriptions, screenshots, invite URLs, theme files, tags, social links, webhook URLs, and any other field you fill in.
  • Communications you send us — support tickets, bug reports, abuse reports, blog comments, and DMs to staff.
  • Payment data, if FBL ever offers paid features, processed by a third-party payment provider; we do not store full card numbers on our own servers.

Information we collect automatically

  • Request metadata: IP address, user-agent, referer, and timestamps for requests you make to the site or API. We use this for rate limiting, abuse prevention, debugging, and high-level analytics.
  • Voting activity: which listings you have voted for and when, so we can enforce per-account cooldowns and detect vote farming.
  • Cookies and local storage: a session cookie tied to your Fluxer login, plus small preference values in localStorage (theme, accent colour, recently searched terms). We do not use third-party advertising trackers.

Information from third parties

  • Fluxer API: when we display a bot or server's avatar, member count, or shard status in real time, we fetch that from Fluxer using your listing's snowflake. The Fluxer API may log this lookup; their handling is governed by Fluxer's Privacy Policy.

2. How we use your information

We use the information we collect to:

  • Operate FBL — authenticate you, render your dashboard, run reviews, deliver webhooks, send lifecycle DMs, surface listings in search and on leaderboards.
  • Enforce rules — investigate abuse, fraud, or guideline violations; suspend accounts and listings when necessary.
  • Improve FBL — debug issues, analyse aggregate usage, prioritise new features. Where we look at logs we use the smallest scope needed to answer the question.
  • Communicate — send transactional notifications (vote confirmations, listing approvals/denials, security alerts), reply to your support requests, and (rarely) post platform-wide announcements you can't unsubscribe from because they affect your account.
  • Comply with law — respond to lawful requests from regulators, courts, or law enforcement; preserve records where retention is legally required.

We do not sell your personal information.

3. Lawful bases (for users in the EEA / UK)

Where the GDPR or UK GDPR applies, the lawful bases we rely on are:

  • Contract — to deliver the services you signed up for (your account, listings, dashboard).
  • Legitimate interests — to keep FBL secure, prevent fraud and abuse, defend against legal claims, and improve the product.
  • Consent — for optional features such as marketing emails (where applicable).
  • Legal obligation — when we must keep or disclose data to comply with law.

4. How we share your information

We share information only in the following limited cases:

  • Public listings: information you submit to a listing (name, description, avatar, tags, vote count) is public by design — that's the whole point of being listed.
  • Service providers: hosting (the cloud platform that runs FBL), Supabase (managed Postgres + storage), Redis (caching, rate limiting, queues), Fluxer (gateway + REST). They process data on our behalf under contractual data-protection terms.
  • Bot service integrations: when a lifecycle event fires, we POST identifiers to our own bot service so it can DM you and post staff log embeds. The payload is limited to what's needed to render the message.
  • Legal: to comply with a valid legal request, to enforce our Terms, or to protect the rights, property, or safety of FBL, our users, or the public.
  • Business transfer: if FBL is acquired, merged, or restructured, your data may transfer to the new owner under the same protections.

We do not share your data with advertisers, brokers, or analytics resellers.

5. Cookies & local storage

We use:

  • Strictly necessary cookies for session authentication and CSRF protection.
  • Functional storage in your browser's localStorage for UI preferences (theme, accent colour, recent search terms).
  • Server-side rate-limit counters keyed on your IP address for the public API and search endpoints.

We do not use cookies for advertising or cross-site tracking. There is no consent banner because we do not run anything that legally requires one in most jurisdictions; if that changes, we will add one.

6. Data retention

  • Account data is kept while your account exists. When you delete your account, your profile, listings, votes, and webhook configurations are removed from production within 30 days. Encrypted backups roll off on a 90-day cycle.
  • Audit logs of staff actions (approvals, denials, bans) are retained indefinitely for accountability.
  • Request logs containing IP + user-agent are kept for up to 30 days unless tied to an open abuse investigation.
  • Webhook delivery logs are kept for 14 days for debugging.

7. Your choices

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and associated personal data.
  • Object to or restrict certain processing.
  • Port your data to another service in a structured machine-readable format.
  • Withdraw consent for any processing based on consent.

You can exercise the first three from your dashboard ("Account → Settings → Export / Delete account"). For the rest, email support@fluxerbotlist.com from the email on your Fluxer account. We respond within 30 days.

You also have the right to lodge a complaint with your local data-protection authority (e.g. the ICO in the UK).

8. Security

We protect your data with:

  • TLS encryption in transit between your browser and our servers, and between our servers and our service providers.
  • Row-level security and least-privilege access at the database layer.
  • HMAC-signed webhooks between our services so payloads can't be forged.
  • Hashed API tokens (we never store the plaintext token).

No system is perfectly secure. If you discover a vulnerability, please report it to support@fluxerbotlist.com before disclosing it publicly so we can fix it.

9. Children

FBL is not directed at children under 13 (or the higher local minimum where one applies). We do not knowingly collect personal data from anyone under that age. If you believe we have, contact privacy@fluxerbotlist.com and we will delete it.

10. International transfers

FBL operates from a single primary region but uses service providers (Supabase, Redis, hosting CDNs, the Fluxer API) that may process data in other countries — including outside the EEA / UK. Where we transfer personal data internationally, we rely on the European Commission's Standard Contractual Clauses or equivalent safeguards in the destination country.

11. Third-party links

Pages on FBL link to third-party sites — bot websites, support servers, theme repositories, social profiles, the Fluxer client itself. We are not responsible for the privacy practices of those sites. Read their policies before sharing personal information with them.

12. Changes to this policy

We may update this policy from time to time. When we do we will:

  • Update the "Last updated" date at the top.
  • For material changes, post an announcement on the FBL blog and (where required) email registered users.

Continued use after a change takes effect means you accept the updated policy.

13. Contact

Questions, requests, or complaints about this policy? Email support@fluxerbotlist.com or open a ticket in the FBL support server.

This document is an original work for Fluxer Bot List. Its structure and scope take guidance from Top.gg's Privacy Policy as a reference for how a community listing platform typically frames these disclosures.