Skip to main content
Last Updated: November 8, 2025 This Privacy Policy (“Policy”) explains how OfficialSteam (“Dock,” “we,” “us,” or “our”) collects, uses, discloses, and protects information in connection with our websites, APIs at api.docksys.xyz, verification system, account link tools, alternate account detection and account link analysis systems, dashboards, and related services (collectively, the “Services”). By using the Services, you agree to this Policy and our Terms of Service. If you do not agree, do not use the Services. Privacy inquiries and data requests: [email protected]
General support: Discord community

1. Scope; Roles; Definitions

Scope. This Policy applies to information processed by Dock when you access or use the Services, including when the Services are used inside Discord guilds. Roles.
  • For Detection Data, security logs, and internal analytics, Dock generally acts as an independent controller.
  • For Customer Data that a guild owner or administrator submits or configures (for example, custom fields, configurations, or certain verification flows), Dock may act as a processor on behalf of that guild, which acts as the controller.
Dock’s role can vary depending on how a customer uses the Services. In all cases, Dock processes data as described in this Policy and the Terms of Service. Definitions.
  • Customer Data: information you, your guild, or your organization submit to the Services.
  • Detection Data: login metadata, internal link records, and derived risk indicators that Dock processes to identify potential alternate or connected accounts and abuse patterns.
  • Personal Data / Personal Information: information that relates to an identified or identifiable individual. This can include Discord IDs, Roblox IDs, guild IDs tied to a user, hashed or encrypted IP related data, and other identifiers.
If there is any conflict between this Policy and the Terms of Service, the Terms of Service control.

2. Categories of Information We Collect

We collect and process the following categories of information as needed to provide and protect the Services: Account and Identity Data
  • Discord identifiers (user IDs, usernames, display names, discriminator or handle)
  • Roblox identifiers (user IDs, usernames, display names)
  • Guild IDs, role information, and limited context needed for verification and linking
Usage and Request Logs
  • API request metadata (endpoint paths, timestamps, HTTP method, response codes, key identifiers, rate limit counters)
  • IP related information stored as hashed or encrypted values associated with login, verification, or access events
  • Limited diagnostics and error logs
Detection Data (Alt Detection / Link Analysis)
  • Internally generated associations between accounts using stored login metadata and link records
  • Information about which Discord and Roblox identifiers have been seen with the same hashed or encrypted IP related value or similar technical signals over certain time windows
  • Risk signals, flags, and scores created by Dock’s internal detection logic
Device and Technical Data
  • Basic device or browser information (for example, user agent, language, approximate region based on IP)
  • Connection information for reliability and security
This information is used at a coarse/approximate level for security and performance, not for precise real time geolocation. Payment and Support Data
  • If you purchase Premium or contact support, we may receive your Discord ID, transaction identifiers, payment status, and limited billing metadata
  • Payment card details are handled by third party payment processors; Dock does not store full card numbers
We do not knowingly collect biometric data, precise GPS location, or similarly sensitive categories, except to the extent limited technical data may be treated as “sensitive” under certain laws. Where that is the case, we handle it as required by those laws.

3. Sources of Information

We collect information:
  • Directly from you when you interact with the Services (for example, using a verification flow or dashboard)
  • From your guild or organization when they configure and connect the Services to their community
  • Automatically from your use of the Services (logs and Detection Data generated by Dock)
  • From integrated platforms (for example, Discord and Roblox) in accordance with their terms and privacy policies and the permissions you grant

4. Purposes of Processing

We process Personal Data for the following purposes:
  • Provide and operate the Services
    To verify and link accounts, process API requests, run dashboards, and deliver features you or your guild request.
  • Security, integrity, and abuse prevention
    To apply rate limits, detect suspicious activity, investigate abuse, protect communities that use the Services, and maintain the integrity of guilds using Dock.
  • Detection and analysis of potential alternate or connected accounts
    To generate Detection Data, including risk signals and account associations, using internal login metadata and link analysis.
  • Maintenance, quality, and improvement
    To debug issues, monitor uptime, optimize performance, and develop new features or improvements.
  • Legal, compliance, and enforcement
    To comply with valid legal requests, enforce the Terms of Service, and protect the rights, property, or safety of Dock, users, or others.
We may also create and use aggregated or de identified information that does not reasonably identify an individual for analytics, metrics, and service improvement.
Where the GDPR or UK GDPR applies, our processing is based on one or more of the following legal bases:
  • Performance of a contract (Art. 6(1)(b))
    When processing is necessary to provide the Services you or your organization requested.
  • Legitimate interests (Art. 6(1)(f))
    For example, to secure the Services, prevent abuse, maintain the integrity of verification and account linking, detect suspicious or alternate accounts, and improve the Services. We apply technical and organizational measures and data minimization to respect your interests and rights.
  • Legal obligations (Art. 6(1)(c))
    When processing is required to comply with laws, regulations, or lawful requests.
  • Consent (Art. 6(1)(a))
    Where we rely on consent for specific optional features. We do not rely on consent as the primary legal basis for core security, logging, or alt detection features.
Hashed or encrypted IP related values and other identifiers may still be treated as Personal Data where applicable law considers them identifiable; where that is the case, we treat them as such.

6. Disclosures of Information

We do not sell or rent Personal Data and do not use it for cross context behavioral advertising. We disclose information only as reasonably necessary for the purposes described in this Policy, including:
  • Service providers and subprocessors
    For example, hosting providers, infrastructure and security providers, logging and monitoring tools, and payment processors. These providers are bound by contracts that require appropriate confidentiality and security.
  • Integrated platforms and guild administrators
    Certain verification or link information may be visible to authorized administrators within your Discord guild or integrated platform, depending on how the Services are configured.
  • Legal and safety
    To comply with applicable law, regulation, legal process, or enforceable governmental request; to enforce our Terms of Service; or to protect rights, property, or safety of Dock, our users, or others.
  • Business transfers
    In connection with a merger, acquisition, reorganization, or other transfer involving Dock’s assets, Personal Data may be transferred as part of that transaction, subject to this Policy or an equivalent policy.
We may provide aggregated or de identified information that does not reasonably identify an individual to third parties for analytics, research, or service improvement. A current description of core infrastructure categories (for example, hosting and database providers) is available upon request.

7. Data Retention

We retain information only for as long as reasonably necessary for the purposes described in this Policy or as required by law, including:
  • Verification and link records
    Retained while a guild or customer actively uses the Services and for a limited period afterwards, for example to investigate abuse, maintain integrity, or support reactivations.
  • Logs and Detection Data
    Retained for security, anti abuse, and audit purposes for periods that reflect threat and abuse patterns. We review retention periodically and may shorten or extend retention where needed for security or legal reasons.
  • Aggregated and de identified data
    May be retained for longer periods for metrics and reliability analysis, where it does not reasonably identify an individual.
When data is no longer needed for the purposes described, we may delete it, anonymize it, or store it in a form that no longer reasonably identifies an individual, subject to legal and operational requirements.

8. Security

We employ reasonable and appropriate technical and organizational safeguards to protect Personal Data, including:
  • Hashing or encryption of IP related values associated with login or verification events
    • Hashing is applied in a one way manner and is not designed to be reversed.
    • Where encryption is used, decryption keys are subject to restricted access and operational controls.
  • Access controls and separation of duties for internal systems
  • Credential management and role based access for staff
  • Rate limiting, abuse detection, and operational monitoring
No security measures are perfect. You are responsible for safeguarding your own credentials, API keys, and accounts that integrate with the Services.

9. International Transfers

Personal Data may be processed and stored in countries other than your own, including the United States or member states of the European Union, by Dock or its service providers. Where required by law, we implement appropriate safeguards for international transfers, such as contractual protections or other mechanisms permitted by applicable data protection laws.

10. Your Privacy Rights

Depending on your jurisdiction, you may have some or all of the following rights with respect to Personal Data we control:
  • Access: request confirmation whether we process Personal Data about you and receive a copy, subject to security and legal limitations.
  • Correction: request that we correct inaccurate Personal Data.
  • Deletion: request deletion of Personal Data where there is no valid reason for us to continue processing it.
  • Restriction / objection: request that we limit or stop certain processing where permitted by law, including objections based on legitimate interests.
  • Portability: request a copy of certain Personal Data in a structured, commonly used, and machine readable format.
To exercise rights, contact [email protected]. We may need to verify your identity and may ask for additional information to properly address your request. In some cases, we may deny or limit requests where allowed by law, for example where fulfilling a request would:
  • compromise security or integrity of the Services or alt detection systems
  • violate the rights of other users
  • prevent us from complying with legal obligations
Where we act as a processor on behalf of a guild or organization, we may refer your request to that controller.

11. Cookies and Similar Technologies

We use minimal cookies or similar technologies as needed to provide reliability, security, and integrity of the Services. These may include:
  • Security and session related identifiers
  • Network and performance telemetry (for example, from providers such as Cloudflare or hosting platforms)
We do not use advertising cookies or cross site behavioral tracking cookies. Your browser or device may provide tools to delete or block cookies; however, doing so may affect the functionality or availability of certain features.

12. Automated Processing and Alt Detection

Dock performs automated analysis of internal login metadata, hashed or encrypted IP related values, link records, and similar signals to identify potential alternate or connected accounts and suspicious activity. Detection Data and associated risk signals are probabilistic and do not constitute definitive proof of identity or wrongdoing. Guild owners and administrators are responsible for how they use detection outputs, including any moderation or enforcement actions they take based on those outputs. These automated protections are an essential part of how the Services maintain security and integrity. Where required by law, you may have the right to object to certain types of automated processing or request human review. When our opt out or automated decision objection workflows are available, we will describe them in this Policy or related documentation and honor valid requests consistent with security and legal requirements.

13. Children’s Data

The Services are intended for use by communities and users who meet the minimum age required by Discord, Roblox, and applicable law. We do not knowingly process Personal Data of children under 13 years of age (or the minimum age in your jurisdiction). If you believe that a child has provided Personal Data in connection with the Services, contact [email protected] so that we can review and, where appropriate, delete that information.

14. California and Similar State Privacy Laws

If you are a resident of California or another jurisdiction with similar privacy laws, you may have additional rights regarding your Personal Information. Notice at Collection.
The categories of Personal Information we collect are described in Section 2 (Categories of Information We Collect). The purposes for which we use Personal Information are described in Section 4 (Purposes of Processing) and our retention practices are described in Section 7 (Data Retention). We do not:
  • “sell” Personal Information as defined by the California Consumer Privacy Act (CCPA/CPRA), nor
  • “share” Personal Information for cross context behavioral advertising.
We use Personal Information only for the business purposes described in this Policy. California rights.
Subject to certain exceptions, California residents may have the right to:
  • request access to and deletion of Personal Information
  • request correction of inaccurate Personal Information
  • receive information about categories of Personal Information collected, sources, business purposes, and categories of recipients
  • not be discriminated against for exercising privacy rights
To exercise these rights, contact [email protected]. If you use an authorized agent, we may require proof of authorization and may still require direct verification from you. We do not collect or use “sensitive personal information” for purposes that would trigger additional rights to limit its use under California law.

15. Changes to This Policy

We may update this Policy from time to time. The “Last Updated” date at the top of this page reflects the latest revision. For material changes (for example, changes to categories of data we collect or core purposes of processing), we may provide additional notice, such as posting an update in the Services or referencing the change in our Change Log. Your continued use of the Services after an updated Policy becomes effective means that you accept the updated Policy. If you do not agree with changes, you must stop using the Services.

16. Contact

If you have questions or concerns about this Policy or our data practices, or if you wish to exercise your privacy rights, you can contact us at:

Terms of Service

Review our governing terms

Change Log

See what’s new and updated