MBTI Meme BasementMBTI Meme Basement
Privacy And Policy

How we handle community data

MBTI Meme Basement uses data only to run accounts, events, profiles, Discord rewards, moderation, and the private app features moving in over time.

Back Home

What We Collect

  • Account identity from Discord or Google, such as username, display name, avatar, and email when the provider gives it to us.
  • Discord membership data when you use Discord-only features, including server membership, roles, and reward eligibility.
  • Profile fields you choose to save, such as display name, bio, MBTI type, and Enneagram.
  • Event quiz data, including answers, calculated element scores, result pages, attempt count, and completion time.
  • Basic security/session details, such as session ID, login time, IP address, browser user agent, and rate-limit data.

Why We Use It

  • To let members log in safely and keep Discord-only features locked to verified Discord members.
  • To run community events, save quiz results, assign Discord rewards, and prevent duplicate official attempts.
  • To show your chosen profile identity around event and community surfaces.
  • To protect the platform from spam, banned accounts, abuse, and unauthorized admin access.

What Other Members Can See

  • Your display name, username, avatar, bio, MBTI type, Enneagram, and public event result pages when those surfaces are shown.
  • Raw Discord IDs, Google IDs, email addresses, OAuth tokens, IP addresses, and session details are not shown on public profile responses.
  • Admin-only tools may show extra operational details needed for moderation, role sync, event review, and safety work.

Discord And Google

  • Google login is used for lightweight site access and basic profile access.
  • Discord login is required for event quizzes, Discord role rewards, server membership checks, and Discord-only app features.
  • Discord OAuth tokens are encrypted before storage. Google OAuth tokens are not stored by this site.
  • Discord remains the authority for membership, role rewards, and server-based access decisions.

Security Choices

  • Login sessions use secure, HTTP-only cookies so frontend scripts do not store session tokens in localStorage.
  • Session records are stored server-side in Redis and expire automatically.
  • Sensitive provider tokens and app secrets are kept server-side, not in the browser.
  • Banned users are blocked from active sessions and future access checks.

Retention And Removal

  • Session data is temporary and expires automatically.
  • Profile and event records are kept while the community feature needs them, unless removed by admins or future account tools.
  • If you need profile data changed or removed before self-service tools exist, contact the community staff team.