Near 100-server temporary cap — Discord approval pending. Try Ergod in our community Discord →
Privacy

Privacy policy

What data Ergod collects, where it goes, how long we keep it, and what control you have. Plain English, then the formal language.

Effective May 2026 ergod.developer@gmail.com

Overview

Ergod is an AI agent that lives in Discord. It can read and write files, execute code, search the web, and perform other development tasks within isolated containers - all controlled through Discord messages.

This page describes what data we collect when you use Ergod, where it goes, how long we keep it, and what control you have over it. Plain English first; the formal language follows.

Data we collect

When you interact with Ergod, we collect and process:

  • Discord User ID - your unique Discord identifier, used to associate your workspace, memory, and preferences with you.
  • Display name - your Discord display name, used in conversation context.
  • Message content - messages you send to the bot (via @-mention, DM, or thread reply), used to process your requests.
  • Workspace files - files you upload, files Ergod creates, and files generated by code it runs on your behalf.
  • Persistent memory entries - facts, preferences, and project decisions Ergod records when you correct it or state a preference.

We do not read messages in your server unless they @-mention Ergod, are sent in a DM to it, or are inside a thread Ergod is already participating in. We do not scrape channel history, member lists, or unrelated traffic.

Data sent to third parties

To produce AI responses, your message content is sent to large-language-model providers. The specific provider used depends on your tier, the model selected, and whether you have a personal API key configured (BYOK — bring your own key). Providers we may route requests through include:

  • OpenRouter (openrouter.ai) - multi-model API gateway; default for free-tier users (the default model is qwen3-coder, served via OpenRouter)
  • Anthropic (anthropic.com) - Claude models
  • OpenAI (openai.com) - GPT and o-series models
  • Google (Gemini) (ai.google.dev) - Gemini models
  • xAI (x.ai) - Grok models (BYOK only)
  • DeepSeek (deepseek.com) - DeepSeek chat and reasoning models
  • Groq (groq.com) - fast inference for open models
  • Together AI (together.ai) - open model hosting
  • Custom endpoints - any OpenAI-compatible API configured by the operator

Free-tier users without a personal key are routed through OpenRouter by default. Pro / Pro+ users may select any model from a curated picker. Users on every tier can configure a personal API key (Anthropic / OpenAI / Google / xAI / OpenRouter) via /byok set — when active, that user's message content routes through their own provider account using their key, and we charge compute-only against their Ergod usage cap. Provider keys are encrypted at rest with Fernet (AES-128-CBC + HMAC-SHA256) and only decrypted in bot-process memory for the duration of a single outbound API call.

Legal basis for sharing message content with these providers (per Discord's Developer Terms, which permit sharing API Data with a Service Provider, when required by law, or when a user expressly directs the sharing):

  • Hosted turns (free-tier or Pro/Pro+ on our key): the model provider acts as our Service Provider for inference, bound by their own privacy policy and data-handling terms (linked above).
  • BYOK turns (any tier with a personal key configured via /byok set): the user has expressly directed the routing by saving their own provider key. The user's relationship is directly with that provider, governed by the provider's own terms.

Message content is sent to these providers solely to generate AI responses. We do not send your Discord User ID, display name, or workspace files to LLM providers - only the conversation content needed for the response.

Each provider has its own privacy policy (linked above). We encourage you to review the policy of whichever provider is handling your requests.

What we do NOT do

  • We do not sell your data.
  • We do not share your data with third parties beyond what's necessary to operate the service (i.e., sending messages to LLM providers for AI processing).
  • We do not use your data for advertising, marketing, or to train any model. There is no automated training-data export in the codebase — we previously had a CLI-era opt-in trajectory export feature (off by default, never wired into the multi-tenant Discord deployment) and we removed it entirely so this claim is strictly accurate at the code level.
  • We do not read non-trigger messages in your Discord server (anything where Ergod is not @-mentioned and the message is not a reply to one of its own messages).
  • We do not store cross-server profiles, presence snapshots, member activity history, or aggregate channel traffic.

Message content

Ergod's primary interface is multi-turn natural-language conversation. You invoke the bot with an @-mention or by replying to one of its messages, and the agent works across many turns of replies on the same task. Because of this, we need access to message content for triggered messages — there is no way to operate a coding-agent loop with structured slash command arguments alone.

What we read: the text + attachments of messages that @-mention Ergod, messages sent in DMs to Ergod, and messages in a thread Ergod is already participating in. We also read the user's own replies to those messages so the agent can iterate ("no, make it darker," "the error is now different," follow-up code pastes, etc.).

What we don't read: messages where the bot is not addressed. Server admins can further restrict the bot to specific channels via /ergod-config, in which case the bot does not see messages outside those channels at all (uses Discord's existing Manage Channels permission).

Where it goes: message content is sent to the LLM provider routing your turn (see Data sent to third parties) to generate the response, and is retained in your private isolated container as session history so the agent has multi-turn context for follow-ups. Both of those are strictly required for the product to function.

Where it does NOT go: we do not collect, export, or use message content for training, fine-tuning, or any form of dataset assembly. Operational logs surface the initial trigger message text alongside errors, latency, and cost metrics so the operator can correlate a specific request with a specific bug or error during debugging - those logs stay on the bot host, are not exported to any external system or third party, and are not assembled into any dataset. No telemetry pipeline exfiltrates user messages.

Your control: see Your rights below. Short version: /workspace reset wipes session state, /session new starts a fresh session (saves the prior one), /memory clear wipes persistent memory entries, and full account deletion is available on email request.

User eligibility & age

Ergod relies on Discord's existing user agreement and age gate for eligibility. Discord requires users to be at least 13 years old (or the minimum age of digital consent in their jurisdiction, whichever is higher). We do not collect age information directly; we trust Discord's account-creation gate.

We do not knowingly process API Data of users under 13. If we become aware that a user under that age is using the service, we will deactivate the tenant and delete the associated data. If you are a parent or guardian who believes your child has used Ergod and want their data removed, contact ergod.developer@gmail.com.

Workspace data

Each user gets an isolated workspace container. Files in your workspace are private to you and any collaborators you explicitly authorize via /collab. Other users cannot access your workspace files. Code execution happens inside isolated Docker containers scoped to your workspace.

Security

We apply standard protections to data we handle:

  • In transit: traffic between you and the bot is encrypted via Discord's gateway (TLS/WSS). Traffic to LLM providers uses HTTPS. Download links served via Cloudflare are TLS-encrypted.
  • At rest — credentials: all stored credentials are encrypted with Fernet (AES-128-CBC + HMAC-SHA256) before being written to disk. This covers linked GitHub tokens, BYOK provider API keys (Anthropic / OpenAI / Google / xAI / OpenRouter / etc.), MCP server headers, and any linked third-party secrets. Plaintext only ever lives in bot-process memory for the duration of a single outbound API call — never reaches the user's sandbox container.
  • At rest — workspace + history: workspace files, conversation history, and memory entries are stored on the host filesystem in per-user paths, under OS-level access controls and locked to the owning Discord User ID via file permissions. Other users (even in the same server) cannot read them.
  • Tenant isolation: each user gets their own Docker container with a dedicated workspace and a separate memory scope. Containers run with reduced Linux capabilities, privilege escalation disabled, and per-tenant resource limits. An outbound network policy blocks private network ranges, common exfiltration channels, and rate-limits suspicious traffic patterns. Containers cannot reach the host or other tenants' containers.
  • Token redaction: credentials are scrubbed from logs and from any text surfaced outside the user's own session by a set of pattern matchers covering common API key formats — defense for cases where a user pastes a credential by accident or a model echoes one back.
  • Prompt-injection scanning: agent-written memory entries are scanned before they're committed, to defend against stored-injection attacks (hidden instructions in user-supplied text being baked into long-term memory).
  • Input screening: commands are screened for abuse patterns (port scanning, crypto mining, mass-outbound loops) before execution.

Data retention

Why some data persists beyond 30 days: the product's value depends on workspace continuity. A user comes back a week later and expects their project files, saved sessions, and persistent memory entries (preferences they've taught the bot) to still be there - wiping at 30 days would break the core product loop. Inactive workspaces are still removed automatically at 90 days of inactivity, and users have granular instant-delete commands for every category at any time.

  • Workspace files persist during active use and for up to 90 days of inactivity, after which they may be removed. You can delete them immediately at any time via /workspace reset or rebuild the container from scratch via /workspace factory-reset.
  • Conversation history is retained for session continuity so the bot can reference earlier context, and is cleared by /session reset, /session new, or after 90 days of inactivity.
  • Memory and preferences persist across sessions to provide a consistent experience. You can inspect, edit, or delete individual memory entries at any time via /memory list, /memory delete, or /memory clear.
  • Aggregate usage metrics (daily command count, token totals, cost) are retained for billing and abuse-prevention for up to 12 months.

Data residency

The Ergod bot and its primary data store are currently hosted in Austin, Texas, United States. LLM sub-processors listed above may process data in their own regions according to each provider's data-residency policy.

Your rights

You can exercise the following rights over your data at any time:

  • Right of access: use /files, /usage, and memory-listing commands to see what's stored. For a full export, contact us.
  • Right to erasure: use /session new to clear conversation history, /workspace reset to wipe workspace files, or /workspace factory-reset to tear down and rebuild your container from scratch. For full account deletion, contact us.
  • Right to data portability: use /export to download your workspace files in their original formats. Machine-readable exports of memory and conversation history are available on request.
  • Right to rectification: you can edit or delete individual memory entries, replace workspace files, or resend corrected messages at any time.
  • Right to object / restrict processing: you can stop using the service at any time. Contact us if you need processing to stop without account deletion.

To exercise any of these rights, use the relevant command above or email us at ergod.developer@gmail.com. We will respond within 30 days.

Breach notification

In the event of a confirmed data breach affecting personal data, we will notify affected users within 72 hours of discovery via Discord direct message (where possible) and publish a public notice at ergod.dev. The notice will describe the nature of the breach, the data affected, likely consequences, and the remediation steps taken.

DPA & audit requests

For formal Data Processing Agreement requests, subject-access requests, third-party audits, or any GDPR-related inquiries, email ergod.developer@gmail.com. Please include the nature of the request and a contact for response.

Changes to this policy

We may update this privacy policy as the service evolves. The effective date at the top of this page will change when we do. Material changes will be announced in the Ergod community Discord.

Contact

For general privacy questions, reach out via our Discord community server or email ergod.developer@gmail.com.