Crosslink Data & Privacy policy

Released Q3 2022


Data & Privacy policy

This document will cover the data collected & distributed by Crosslink

Data we collect

For various reasons, Crosslink collects certain kinds of data. Some of this data is not considered publicly identifiable information and thus is not protected under GDPR or similar legislation.

Analytics Data

Crosslink will collect the following information for analytics events:

Analytics data is stored indefinitely & encrypted at rest. All live data is transmitted over TLS. If you wish for all analytics data from your Discord server/guild to be completely anonymized or removed, please reach out to <email here> with a relevant data removal request. We currently do not support do-not-track status on a per-server or per-user basis, so if you wish for no more data to be collected you must remove Crosslink from your Discord server/guild.

Link Data

Links sent in Discord & detected by Crosslink will have several operations performed on them which extract various elements of data. Links will be resolved meaning a full redirect chain will be retained by Crosslink. DNS lookups will be performed on links meaning all DNS data will be collected but not retained by Crosslink. This data includes MX servers & other records. DNS data is considered public information so it is freely collected without restrictions. WHOIS & RDAP records may be collected by Crosslink on domains it sees during operation. These records are not retained and contact information is discarded. This data is collected to help Crosslink build a profile of links it detects, and none is preserved in data later stored by Crosslink.

Discord Event Data

Crosslink is required to collect certain event data from Discord for core functionality. This includes Crosslink’s commands run by end users & messages sent by end users. Currently no other events are tracked by Crosslink. Crosslink does not store full message content, it only retains links detected within message content/embeds and links to attachments sent within messages. Attachments sent in Discord are covered by Discord’s own Data policy, and will have all associated data removed once the attachment is removed from Discord’s CDN. Message content may be sent via a Discord message from the Crosslink bot to logs on a per-server/guild basis as configured by the relevant server’s staff. This logging only occurs when Crosslink detects a link type that has been configured to be logged in a message.

3rd Party Data

Crosslink collects data on links & domains from the following 3rd party providers:

No other 3rd party data is currently collected for the function of Crosslink.

Data Processing

Event data is processed through several providers and platforms. Incoming data may be sent through an antivirus daemon. Incoming commands are processed on AWS with minimal event logging and no event information directly logged. Errors may be logged via Sentry, though these logs do not contain any personal information. Discord message event data is processed on a dedicated virtual private server that only allows traffic to the relevant AWS endpoints maintained by the Crosslink service via HTTPS, Discord’s API via HTTPS and Discord’s gateway via WSS.