Privacy policy

Discord OAuth — what we request

Evomon now requests only the Discord identify scope. That gives us your user ID, username, and avatar — nothing else. We no longer request the email scope, so the Discord authorization screen no longer asks you to share your email address with Evomon.

Older accounts created before this change may still have an email on file inside Supabase Auth from when the email scope was requested. A daily scheduled job clears those email addresses from auth storage where the platform allows it. Evomon never displays email anywhere in the product.

What we use in Evomon

For logged-in features (builds, votes, comments, profile, etc.), Evomon uses your Discord identity — display name and avatar — to attribute your actions and show them in the UI. That is the only profile data tied to your account.

Security & data handling

Supabase keeps authentication data in protected auth storage; it is not exposed through public database APIs. Application data in our Postgres database is protected by Row Level Security (RLS), so users can only read or modify what they are allowed to. Server-only secrets (service role keys, cron secrets) stay on the server and out of any public repo.

If a serious data incident ever affects users, Evomon will follow applicable laws (including notification timeframes where required), rotate credentials, assess impact, and publish a clear notice on this site.

SSL / connection warnings

If your browser ever shows an SSL certificate warning on evomon.wiki (for example during a brief deployment or DNS change), that means the browser could not verify the encryption certificate at that moment — it does not mean the site was compromised or hacked. If you see one, refresh after a few minutes or report it via the contacts in the site footer.

Other processing

Normal browsing may generate logs or analytics like any website. Evomon does not sell personal data. Questions: use the contacts in the site footer.