Legal

Privacy Policy

This Privacy Policy describes how EdenPass, operated by The Eden Apis, collects, uses, stores, and protects information when you use our Discord bot and web dashboard (collectively, the “Service”). By using EdenPass, you agree to the practices described below.

1. Overview

EdenPass is a Discord bot and web dashboard that bridges Discord and VRChat. Its core features include VRChat account linking, age verification status transfer, and cross-server member verification. To provide these services, we must collect and process certain personal identifiers associated with your Discord and VRChat accounts.

We are committed to handling your data responsibly and transparently. We collect only what is necessary to deliver the Service and we do not sell your personal information.

2. Data We Collect

We collect the following categories of data:

2.1 Discord Account Data

  • Your Discord User ID (a unique numerical identifier assigned by Discord)
  • Your Discord OAuth2 access token, stored temporarily inside your session to allow the dashboard to retrieve your server list from Discord on your behalf

We do not collect your Discord username, avatar, email address, or any other Discord profile field beyond the identifiers strictly required for authentication.

2.2 VRChat Account Data

When you choose to link your VRChat account through the bot, we collect and store:

  • Your VRChat User ID
  • Your VRChat display name
  • Your VRChat trust rank (e.g., Visitor, New User, User, Known User, Trusted User)
  • Whether your VRChat account holds an age-verification status

This data is collected only at the time of linking and when the bot re-checks your status to grant or update your Discord roles. We do not continuously monitor your VRChat activity.

2.3 Server (Guild) Data

  • Discord Server ID and server name of servers where EdenPass is installed
  • Discord Server Owner ID
  • Server configuration settings (channel IDs, role IDs, feature flags, and custom message templates chosen by server administrators)

2.4 Activity Logs

For auditing, troubleshooting, and server administrator transparency, we record activity logs per server. These logs may include:

  • User verification and un-verification events
  • Account linking and unlinking events
  • Bot join/leave events
  • Configuration changes made by server administrators
  • Authentication failure events

Logs are associated with server IDs and user IDs. They are accessible only to the administrators of the relevant server through the EdenPass dashboard.

3. How We Use Your Data

We use collected data exclusively to operate and improve the Service:

  • To authenticate you to the web dashboard via Discord OAuth2
  • To link your Discord and VRChat accounts and grant appropriate roles within Discord servers
  • To transfer your age-verification status from VRChat to Discord, via The Eden Apis
  • To enable cross-server verification, allowing partner servers to recognise your verified status without repeating the process
  • To maintain activity logs for server administrators to audit verification events in their community
  • To display aggregate, anonymised statistics on the EdenPass landing page (total links used, verifications processed, active servers)
  • To diagnose technical issues and improve the reliability of the Service

We do not use your data for advertising, profiling, or any purpose unrelated to the direct operation of EdenPass.

4. Data Retention

We retain your data for as long as your account link or server membership exists within EdenPass, or as long as the bot remains installed in a server you are a member of.

  • VRC link data (VRChat ID, display name, trust rank, age-verification status): retained until you or a server administrator unlinks your account.
  • Guild member records: retained while the bot is active in the server. Servers may configure the bot to preserve data from members who have left, to facilitate re-verification upon return.
  • Activity logs: retained indefinitely per server unless deletion is requested by the server owner.
  • Session cookies: expire after 7 days of inactivity or upon logout.

Upon receiving a valid deletion request (see Section 9), we will remove your personal data within a reasonable timeframe.

5. Third-Party Services

EdenPass interacts with the following third-party services:

Discord

We use Discord's OAuth2 API for user authentication and Discord's REST and Gateway APIs to manage roles and respond to interactions. Your use of Discord is governed by Discord's Privacy Policy.

VRChat

We use the VRChat API to fetch your public profile information (User ID, display name, trust rank, and age-verification flag) at the time of linking. Your use of VRChat is governed by VRChat's Privacy Policy.

The Eden Apis

Age-verification checks are processed through The Eden Apis (theedenapis.com). Relevant user identifiers may be shared with this service solely for the purpose of verifying age-verification status. The Eden Apis is operated by the same team as EdenPass.

We do not share your data with any other third parties, advertisers, or data brokers.

6. Cookies & Sessions

EdenPass uses a minimal number of cookies strictly necessary to operate the Service:

CookiePurposeLifespan
oauth_stateCSRF protection nonce generated before the Discord OAuth2 redirect. Never stored on our servers beyond request validation.5 minutes
edenpass_sessionHTTP-only, signed JWT containing your internal user ID, Discord User ID, and your Discord OAuth2 access token. Used to authenticate your dashboard session.7 days

Both cookies are set as HTTP-only and SameSite=Lax. The session cookie is additionally marked Secure in production environments. We do not use any tracking, analytics, or advertising cookies.

7. Data Sharing

We do not sell, rent, or trade your personal data to any third party for commercial purposes. Data may be disclosed in the following limited circumstances:

  • To The Eden Apis — for age-verification processing, as described in Section 5, operated by the same team.
  • To Discord server administrators — activity logs relevant to their server are visible through the dashboard. These logs contain user IDs but not contact information.
  • As required by law — if we are legally compelled to disclose information, we will do so only to the extent required and will notify affected users where permitted.

8. Security

We implement reasonable technical and organisational measures to protect your data, including:

  • HTTPS encryption for all data in transit
  • HTTP-only and Secure session cookies to prevent client-side access
  • Signed JWT tokens (HS256) to prevent session tampering
  • Database access restricted to internal services only (not publicly exposed)

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Your Rights

Depending on your jurisdiction, you may have rights regarding your personal data, including the right to access, correct, or delete it. The appropriate action depends on the scope of the data you wish to remove:

Removing your VRChat link within a specific server

Your VRChat account link is stored on a per-server basis. If you want your VRChat link data removed from a particular Discord server, you must contact that server's administrator directly and ask them to unlink your account. Alternatively, if the server has enabled user-facing commands, you may be able to use the bot's /unlink command yourself to remove your VRChat link from that server. Note that this only removes your data from the records of that specific server — it does not affect your data in other servers or in EdenPass's central database.

Requesting full data deletion from EdenPass

To have all of your personal data permanently removed from EdenPass's database — across all servers — you must contact us directly. Please email lolmaxz@theedenapis.com with your Discord User ID and a clear deletion request. We will process your request within 30 days. Please note that full data deletion will remove your linking and verification history across all EdenPass-enabled servers and cannot be undone.

  • Opt out of cross-server verification — contact the administrator of the server where you are verified.

Please note that deletion of your data may limit or remove your access to features that require account linking or verification.

10. Minors

EdenPass is not directed at individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a minor has provided us with personal data, please contact us at lolmaxz@theedenapis.com and we will take steps to remove that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date and version at the top of this page. Continued use of the Service after any changes constitutes your acceptance of the updated policy.

Whenever this Privacy Policy is updated, all Discord server owners who have EdenPass installed will be notified. Notification will be delivered through one or more of the following channels:

  • A blocking notice on the EdenPass dashboard requiring acceptance before continued use
  • A Discord direct message sent to the server owner's Discord account by the EdenPass bot
  • A message in the server's system channel (with a ping to the owner) when DMs are unavailable

Acceptance is required via the dashboard before you may continue using EdenPass. We encourage all users to review this page periodically. If you have questions about any changes, you may reach us at lolmaxz@theedenapis.com.

12. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

The Eden Apis — EdenPass Team

Email: lolmaxz@theedenapis.com

Website: theedenapis.com

Also read our Terms of Use.

Last revised