Summary
- The app deletes your own Discord messages on your behalf.
- We keep only what's needed for credits: your Discord ID and your credit balance.
- Your session token and the content of your messages never leave your device — there is no server of ours that receives them.
- We use AdMob (ads), Firebase (stability/performance), and RevenueCat (purchases), which may collect data per their policies.
1. Data we collect and why
| Data | Where it lives | Why |
|---|---|---|
| Discord ID (public number) | Firebase Firestore (users/{discordId}) | Identify your account and tie it to your credit balance |
| Credit balance + total deleted | Firebase Firestore | Server-side credit control (anti-cheat: reinstalling doesn't reset it) |
| Advertising ID + ad usage data | Google AdMob | Show and measure ads (free users) |
| Crash and performance data (stack trace, device model/OS, traces) | Firebase Crashlytics / Performance | Detect and fix crashes and slowness |
| Purchase history and entitlement (Pro) | RevenueCat + Google Play / Apple App Store | Process and restore the Pro subscription |
Note on credits: the balance is controlled on the server (Cloud Functions with Admin SDK) and the per-ad top-up is validated by a Server-Side Verification cryptographically signed by Google — the app can't forge the +30.
2. Data that NEVER leaves your device
- Discord session token: captured at login (inside Discord's WebView) and stored encrypted only on your device (Secure Storage). It's used solely to call Discord's official API from your device to delete your messages. Never sent to any server of ours.
- Content of your messages: read from Discord and deleted directly by your device via Discord's API. Never sent, stored, or logged on any server of ours.
- Discord username and avatar: read from your profile at login only to display on the settings screen. Not sent to our backend.
3. How the app accesses your Discord account
You sign in to your Discord account inside the app (like in a browser). DM Wipe reads the session token Discord issues and uses it to act on your behalf — specifically, to delete your own messages. All this traffic goes straight from your device to Discord's official API.
Important warning: automating Discord with a user token goes against Discord's Terms of Service. This may lead Discord to limit, suspend, or ban the account. Use the app at your own risk and avoid using it on an account you can't afford to lose. When done, sign out of the app and revoke the session under Discord → Settings → Devices.
4. Third parties
Your data may also be processed by these services, per each one's policy:
- Google (AdMob, Play Store) — ads and purchases: Google Policy
- Firebase (Crashlytics, Performance, Firestore) — backend and stability: Firebase Policy
- RevenueCat — purchase processing: RevenueCat Policy
- Discord — you authenticate directly with it: Discord Policy
5. App permissions
- Internet: to talk to Discord, Firebase, RevenueCat, and AdMob.
- No access to contacts, camera, microphone, location, files, or SMS.
6. Security
- The Discord token is kept in the device's secure storage (Secure Store / Keychain).
- Firestore rules allow each user to read only their own balance document; no writes are made by the client (everything goes through Cloud Functions).
- The ad callback (SSV) is validated by Google's cryptographic signature.
7. Retention
- The credit balance (per Discord ID) is kept while you use the app.
- Ad idempotency records (
ssvCallbacks) are kept to prevent duplicate credits. - Crash/performance data follows Firebase's retention policy.
8. Your rights (LGPD / GDPR)
You can request access, correction, or deletion of your data. How to exercise them:
- Credit data (Firestore): contact us with your Discord ID to delete your balance document.
- Crash/performance data: manageable in your device settings (Firebase / usage data).
- Ad data (AdMob): manageable via Google's "My Ad Center" and your device's advertising ID reset.
- Discord account data: managed by Discord itself.
To exercise your rights, contact: contato@greenleafte.ch confirm email before publishing.
9. Children
The app is not directed at children under 13 (Discord's minimum age) and does not knowingly collect data from children.
10. International transfer
Your data may be processed by providers (Google, Firebase, RevenueCat) located outside your country, per their policies.
11. Changes to this policy
We may update this policy. The date at the top indicates the latest version.
12. Contact
Questions: Greenleaf Tech — contato@greenleafte.ch.