grokpot grokpot

Privacy Policy

Effective date: May 23, 2026

How grokpot collects, uses, and protects information when you use our website, APIs, OAuth sign-in, and Discord community features.

1. Overview

This Privacy Policy explains how grokpot ("we," "us," or "our") collects, uses, discloses, and protects information when you visit grokpot.io, create an account, connect third-party identities, publish content, or interact with our Discord bot and related services.

This policy applies to the grokpot website and APIs. It does not apply to third-party websites, user-hosted SPAs, or services operated by xAI, X Corp. (operator of X, formerly Twitter), Discord Inc., or other providers—those are governed by their own policies.

Throughout this policy, X refers to the social platform at x.com previously known as Twitter. Any reference to "Twitter" describes that platform under its former branding.

By using grokpot, you agree to this Privacy Policy. If you do not agree, please do not use the service.

2. Who We Are

The data controller for grokpot is the operator of the grokpot.io service. For privacy requests, contact webmaster@grokpot.io.

3. Information We Collect

3.1 Information you provide

  • Account and profile: username, display name, bio, optional birthdate (stored privately; only your age may be shown publicly), avatar image, role/permissions, and preferences such as whether to show your connected X username on your profile.
  • User content: skills, SPAs (HTML/JS and related files), comments, uploaded images, upvotes/likes, reports, and feedback you submit.
  • Communications: messages you send us via feedback forms or email.

3.2 Information from third-party sign-in (OAuth)

When you choose to sign in or connect accounts, we receive information from the provider according to the permissions you approve:

  • X (formerly Twitter): profile identifiers and public profile information (such as X user ID, username, and profile image URL) as permitted by X's API and your authorization. We use this to authenticate you, populate your profile, and optionally display your X username.
  • Discord: Discord user ID, username, global display name, avatar hash, and email address when the identify and email scopes are granted. We use this to authenticate you, link your site account to Discord, and download/store a copy of your avatar on our servers when you select a Discord avatar.

We do not store your X or Discord passwords. OAuth access tokens are used transiently to complete sign-in or account linking and are not retained for long-term access to your social accounts unless we explicitly add a feature that requires it and disclose that here.

3.3 Discord bot and community data

If you participate in a Discord server where the grokpot bot is enabled, we may collect and store:

  • Discord user ID, username, and profile metadata;
  • Messages and attachments metadata from configured channels (message content, channel ID, timestamps, edit indicators);
  • Semantic tags or classifications generated from message content using AI;
  • XP/leveling and activity scores associated with your linked site account where applicable;
  • Moderation and audit logs visible to administrators.

3.4 Automatically collected information

  • Session data: we use HTTP cookies (session cookies) to keep you signed in and protect against cross-site request forgery during OAuth flows.
  • Server logs: IP address, browser type, requested URLs, timestamps, and error logs generated by our web server for security and troubleshooting.
  • Usage data: aggregated or pseudonymous analytics about how features are used (e.g., votes, uploads), where implemented.

3.5 AI processing

When you use features that rely on xAI (such as image generation, automated security scanning of uploads, or Discord bot responses), we send relevant prompts, code snippets, or message text to xAI's API. Do not submit sensitive personal data you do not want processed by an AI provider.

4. How We Use Information

We use information to:

  • Provide, operate, and improve grokpot;
  • Authenticate users and link optional X and Discord accounts;
  • Display profiles, skills, SPAs, comments, and community feeds;
  • Moderate content, enforce our Terms, respond to reports, and protect security;
  • Run automated security scans and AI-assisted features you request;
  • Operate Discord bot features, including XP and community administration tools;
  • Communicate with you about the service or respond to support requests;
  • Comply with legal obligations and protect our rights.

Where required by law, we rely on appropriate legal bases such as contract (providing the service you request), legitimate interests (security, fraud prevention, improvement), and consent (where you connect OAuth accounts or opt into optional features).

5. How We Share Information

We do not sell your personal information. We may share information in these circumstances:

  • Public content: skills, SPAs, comments, usernames, and profile fields you choose to make visible are available to other users and visitors.
  • Service providers: hosting infrastructure, database providers, and AI APIs (including xAI) that process data on our behalf under contractual safeguards.
  • Platform partners: when you use OAuth, necessary data is exchanged with X (formerly Twitter) or Discord according to their APIs and your settings.
  • Administrators and moderators: authorized staff may access account and moderation data to operate the service.
  • Legal and safety: when required by law, court order, or to protect rights, safety, and security of users or the public.
  • Business transfers: in connection with a merger, acquisition, or asset sale, subject to continued protection consistent with this policy.

6. X (formerly Twitter) API — Specific Disclosures

If you connect your X account (the platform formerly known as Twitter), grokpot accesses X information only as needed to provide authentication and profile features you request. Consistent with X's Developer Agreement and Policy:

  • We use X data to sign you in, display your connected username (if you enable it), and sync profile/avatar information you choose;
  • We do not sell X data or use it for unrelated advertising profiles;
  • We do not use X data to train unrelated machine-learning models;
  • You can disconnect X from your grokpot profile settings (where available) or revoke grokpot's access in your X account security settings;
  • If you ask us to delete your grokpot account, we will delete associated X linkage data stored on our systems within a reasonable period, subject to legal retention requirements.

For X's own practices, see X Privacy Policy and X Developer Agreement.

7. Discord — Specific Disclosures

Discord data is used to authenticate you, link community participation to your site profile, operate bot features, and administer servers configured by grokpot operators. Message content may be analyzed by automated systems for tagging, moderation, or bot responses.

You can leave Discord servers that use our bot and revoke OAuth access in your Discord user settings. See Discord Privacy Policy.

8. Cookies and Similar Technologies

We use essential cookies to maintain your login session (typically a PHP session cookie with HttpOnly and SameSite=Lax flags). These cookies are necessary for the service to function and are not used for third-party advertising on grokpot.

We may load scripts or styles from third-party CDNs (for example, Tailwind CSS or Font Awesome) when you visit pages. Those providers may collect technical data according to their own policies.

9. Data Retention

We retain information for as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce agreements. Examples:

  • Account data: retained while your account is active and for a reasonable period after deletion to allow recovery and backup rotation;
  • User content: may remain in backups for a limited time after deletion;
  • Discord messages: retained according to administrator configuration and operational needs unless deleted through moderation tools;
  • Server logs: typically rotated within a limited period unless needed for security investigations.

10. Security

We implement reasonable administrative, technical, and organizational measures to protect information, including HTTPS, access controls for admin functions, and hashed or restricted storage of secrets (such as API keys). No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

11. International Transfers

grokpot may be operated from the United States. If you access the service from other regions, your information may be transferred to and processed in the U.S. or other countries where our providers operate, which may have different data-protection laws than your home jurisdiction.

12. Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, or export personal information, or to object to or restrict certain processing.

  • Profile: edit display name, bio, and connected account preferences in your profile settings where available;
  • OAuth: revoke grokpot access via X or Discord account settings;
  • Deletion: request account deletion by emailing webmaster@grokpot.io from the address associated with your account or with enough information for us to verify your identity.

We will respond to verified requests within the timeframe required by applicable law. We may deny requests where an exception applies (for example, legal retention or free-speech considerations for public posts).

13. California Privacy Rights (CCPA/CPRA)

California residents may have the right to know categories of personal information collected, request deletion or correction, and opt out of "sale" or "sharing" as defined by California law. grokpot does not sell personal information for monetary consideration.

To exercise rights, contact webmaster@grokpot.io. We will not discriminate against you for exercising privacy rights.

14. European Economic Area, UK, and Switzerland

If you are in the EEA, UK, or Switzerland, you may lodge a complaint with your local supervisory authority. Our legal bases for processing are described in Section 4. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

15. Children's Privacy

grokpot is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact webmaster@grokpot.io and we will take steps to delete it.

16. Changes to This Policy

We may update this Privacy Policy from time to time. The "Effective date" at the top will change when we do. Material changes may also be announced on the site. Continued use after updates constitutes acceptance of the revised policy.

17. Contact Us

Privacy questions or requests: webmaster@grokpot.io

Terms of Service: https://grokpot.io/terms

Questions? Contact webmaster@grokpot.io