Recodive Orca

Recodive

Privacy Policy

Privacy Policy

Effective: 21.04.2026
Last Updated: 21.04.2026

1. Introduction

Recodive oHG ("we," "our," or "us") operates Dehoist, a Discord bot and web dashboard (at https://dehoist.com) that removes hoisting characters and, optionally, cleans up display names in Discord guilds. This Privacy Policy explains how we collect, use, and protect your information when you use Dehoist.

Data Controller:
Recodive oHG
Möllendorffstraße 108
10367 Berlin, Germany
Phone: +49 156 79 75 39 03
Email: [email protected]

1.1 Overview of Data Flow

Dehoist sits inside a two-layer architecture operated by the same data controller, Recodive oHG:

  • Layer 1 — Orca, at https://account.recodive.com. Orca is Recodive oHG's centralised identity platform. It masters all account data (email, username, password hash, two-factor settings, linked providers, consent records) and brokers Discord OAuth where the user chooses to link their Discord account.
  • Layer 2 — Dehoist, at https://dehoist.com. When you sign in to Dehoist, Orca issues a short-lived OIDC token that Dehoist verifies. Dehoist stores only a limited subset of profile claims (listed in Section 2.1) together with the guild configuration and service data described below.

Both layers are operated by the same legal entity (Recodive oHG); we nevertheless distinguish them here so that you can see which data resides where. Account-level rights (access, rectification, erasure of the identity record, data portability of your profile) are fulfilled on Orca; Dehoist-side rights (erasure of guild configuration, activity logs, and OSS application data) are fulfilled by Dehoist.

2. Information We Collect

2.1 Account Information (via Orca)

Dehoist itself does not collect registration data. All account creation, email verification, password storage, 2FA, and linked-provider data is handled by Orca.

On each sign-in, Dehoist retrieves the following claims from Orca's OIDC userinfo endpoint and mirrors them into its own short-lived session:

  • User identifier (id).
  • Email address (email).
  • Display name (name).
  • Username (username).
  • Discord user identifier (discordId) — only if the user has linked a Discord account on Orca.
  • Granted Discord OAuth scopes (discordScopes).
  • Role / entitlement information (role).

For the full catalogue of identity data held in Orca, including fields we never see in the Dehoist application (password hash, 2FA secrets, session history, consent records), please refer to the Recodive Privacy Policy and the privacy notice at https://account.recodive.com.

Legal Basis: Contract fulfilment (Art. 6(1)(b) GDPR).

2.2 Payment Information

All paid Dehoist offerings are sold and processed by Discord Inc. as the merchant of record. Recodive oHG does not receive payment card data, billing names, or billing addresses. We receive only:

  • The SKU or entitlement identifier.
  • The purchasing Discord user's ID.
  • The entitlement's validity period.

For how Discord processes payment data, please see Discord's Privacy Policy.

Legal Basis: Contract fulfilment (Art. 6(1)(b) GDPR).

2.3 Error and Performance Data

We use Sentry to collect error reports and performance traces. These reports have cookies and request headers stripped client- and server-side before transmission. They may contain stack traces, the URL of the affected page, a generated error identifier, browser/runtime information, and — where voluntarily shown by the user — a short feedback comment. We do not deploy Google Analytics, Plausible, PostHog, or any comparable product analytics platform on dehoist.com.

Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR) — operating and securing the Service.

2.4 Technical Data

We automatically collect:

  • IP address (in access logs, kept for a short period for security purposes).
  • Browser type, version, and user-agent string.
  • Operating system.
  • Timestamps of requests.

This data is used only for security, abuse prevention, and debugging.

Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

2.5 Guild Configuration and Processing Data

When you invite Dehoist to a Discord guild and configure it via the dashboard, we store in our database:

  • Guild identifier and owner identifier.
  • Enabled modules (hoisting removal, text cleanup, romanization, etc.) and their options.
  • Excluded roles and custom hoister codes.
  • Activity / audit log entries describing actions the bot has taken. Log retention is 7 days on the free tier and 90 days on Dehoist Pro.
  • Job records (guild scans, resets) including the acting user's ID, timestamps, and outcome.

Guild member display names are read from Discord transiently in order to compute and apply a new nickname. We do not persistently store the list of members or their original names beyond what is needed for the rolling activity log entry of any change we make.

Legal Basis: Contract fulfilment (Art. 6(1)(b) GDPR) for configured guilds; legitimate interests (Art. 6(1)(f) GDPR) for security and auditability.

2.6 Guild Member Data — Our Role as Processor

When Dehoist reads and writes the display names of members of a guild, those members are typically not themselves users of dehoist.com: they have only joined a Discord guild to which a guild administrator has added Dehoist. For this data, Recodive oHG acts as a data processor on instructions from the guild's administrator, who is the data controller within the meaning of Art. 4(7)–(8) GDPR.

If you are a Discord member whose display name has been changed by Dehoist and you wish to exercise data subject rights, please direct your request to the relevant guild's administrator in the first instance. Recodive oHG will assist controllers with their obligations under Art. 28 GDPR. You may also contact us at [email protected] and we will either act on the request ourselves where appropriate or forward it to the controller.

2.7 Open-Source Application Form

If you submit the open-source application form at https://dehoist.com, we collect:

  • Project name, URL, and description.
  • Guild identifier.
  • Contact email address.

Legal Basis: Consent (Art. 6(1)(a) GDPR), withdrawable at any time by emailing [email protected].

3. How We Use Your Information

We use collected information to:

  • Provide and maintain the Dehoist service.
  • Authenticate you (via Orca) and apply your entitlements.
  • Honour configuration set by guild administrators.
  • Detect, investigate, and remediate abuse or bugs.
  • Comply with legal obligations.
  • Respond to support enquiries and open-source applications.

4. Data Sharing and Third-Party Services

4.1 Internal Recipients within Recodive oHG

Orca / Recodive identity platform (https://account.recodive.com)

  • Purpose: Authentication, account management, consent recording.
  • Data: Full account record, OIDC session.
  • Relationship: Operated by the same legal entity (Recodive oHG); disclosed for transparency per Art. 13/14 GDPR.
  • Reference: Recodive Privacy Policy.

4.2 External Service Providers

Discord (platform, federated login via Orca, merchant of record for paid offerings)

  • Purpose: Operating the bot inside Discord guilds; processing OAuth where a user links their Discord account on Orca; selling and billing all paid offerings.
  • Data: Discord user ID, guild IDs, member display names (transient), entitlement data.
  • Privacy Policy: https://discord.com/privacy.

Cloudflare (Content Delivery & Security)

Sentry (Error Monitoring)

  • Purpose: Capturing error reports and performance traces.
  • Data: Stack traces, request URLs (with cookies/headers stripped), browser/runtime info.
  • Privacy Policy: https://sentry.io/privacy/.

4.3 Legal Requirements

We may disclose information if required by law, court order, or governmental authority.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred. We will notify affected users before information becomes subject to a different privacy policy.

5. Data Storage and Security

5.1 Data Location

Our primary servers, including Orca's identity database, are located in the European Union.

5.2 Data Retention

  • Account data (in Orca): retained while your Orca / Recodive account is active, and removed per the Recodive Privacy Policy when you delete your account.
  • Dehoist session cookie: expires after 7 days.
  • Guild configuration: retained for as long as Dehoist is present in the guild and for 30 days after the bot is removed, after which it is deleted.
  • Activity / audit logs: 7 days on the free tier, 90 days on Dehoist Pro.
  • Deleted accounts: Dehoist-side personal data linked to a deleted account is removed within 30 days.
  • Payments: N/A — processed and retained by Discord Inc. as merchant of record.

5.3 Security Measures

We implement appropriate technical and organisational measures, including:

  • Encryption of data in transit (TLS).
  • Secure password storage (performed by Orca; Dehoist does not see passwords).
  • HttpOnly, Secure, SameSite=Lax session cookies scoped to dehoist.com, with a 7-day lifetime.
  • Stripping of cookies and headers from Sentry error reports.
  • Access controls and authentication on our infrastructure.
  • Regular backups.

6. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right to Access (Art. 15 GDPR).
  • Right to Rectification (Art. 16 GDPR).
  • Right to Erasure (Art. 17 GDPR).
  • Right to Restriction (Art. 18 GDPR).
  • Right to Data Portability (Art. 20 GDPR).
  • Right to Object (Art. 21 GDPR).
  • Right to Withdraw Consent, where processing is based on consent.

Because of the two-layer architecture described in Section 1.1, requests are handled as follows:

  • Account-level rights (access to and correction of your identity record, erasure of your identity record, portability of your profile, management of 2FA and linked providers, withdrawal of identity-related consents) are fulfilled by Orca. Use the tools at https://account.recodive.com/account or contact [email protected].
  • Service-level rights (erasure of Dehoist-side guild configuration, activity logs, open-source application submissions) are fulfilled by Dehoist. Contact [email protected].
  • Rights relating to guild member data where you are a Discord member whose display name was changed by Dehoist — please see Section 2.6.

7. Cookies and Tracking

Dehoist uses only cookies that are strictly necessary for operating the dashboard:

  • A session cookie issued by nuxt-auth-utils, scoped to dehoist.com, httpOnly, Secure, SameSite=Lax, 7-day lifetime.
  • A theme / colour-mode preference cookie (light/dark mode).

When you sign in, you are briefly redirected to account.recodive.com, which sets its own session cookies in that domain. Those cookies are governed by the Recodive Cookie Policy.

Dehoist does not use analytics cookies, advertising cookies, or tracking pixels. For full details see our Cookie Policy.

8. Children's Privacy

Dehoist is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected].

9. International Data Transfers

Our primary infrastructure, including Orca, operates within the European Union. Some third-party services process data outside the EU:

  • Discord (United States) — Standard Contractual Clauses.
  • Cloudflare (United States / global edge) — Standard Contractual Clauses.
  • Sentry — configured for the EU region where available; otherwise Standard Contractual Clauses apply.

These transfers are protected by appropriate safeguards under GDPR.

10. Updates to This Policy

We may update this Privacy Policy periodically. We will notify users of significant changes via:

  • Email notification.
  • Prominent notice on dehoist.com.
  • In-product notification on the Dehoist dashboard.

11. Contact Information

For privacy-related questions or to exercise your rights:

Data Protection Contact:
Recodive oHG
Attn: Data Protection
Möllendorffstraße 108
10367 Berlin, Germany
Phone: +49 156 79 75 39 03
Email: [email protected]

12. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority:

Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219
10969 Berlin, Germany
Phone: +49 30 13889-0
Email: [email protected]
Website: https://www.datenschutz-berlin.de

By using Dehoist, you acknowledge that you have read, understood, and agree to this Privacy Policy.

We use cookies to enhance your experience on our website. Learn more in our Privacy Policy.