The short version
The data involved depends on how you use AuthenticateMe and which verification method is used. Web verification processes Discord account, email, network, cookie, browser, device, and fraud-detection signals. Dashboard, premium, website, community, and support interactions involve additional data described below. Discord-only button and instant verification do not run browser-based verification checks. We never ask for your Discord password, authentication code, or backup code.
When we collect data
AuthenticateMe may collect or process information when you:
- start or complete verification for a participating Discord server;
- interact with the AuthenticateMe Discord application;
- authorize AuthenticateMe through Discord OAuth;
- sign in to the server dashboard;
- subscribe to or use Premium, or vote through top.gg;
- visit our website or verification page; or
- contact us about support, privacy, or another service matter.
The exact information depends on the interaction. Starting a verification session does not necessarily involve the same data as completing web verification.
Information may come directly from you or your browser, from Discord and participating-server interactions, from services you choose to use such as Patreon or top.gg, and from providers that support network and fraud analysis.
Categories of data
Discord user ID, username, avatar, account age or creation date, and Discord OAuth authorization data. During web verification, we check whether multi-factor authentication is enabled when that check applies, but we do not store it as a separate account-data field. Web verification stores the refresh token issued by Discord and stores the email address in encrypted form.
Server and user IDs, session identifiers, verification method, configured bypasses, outcome, timestamps, the check that produced the outcome, moderation actions, and relevant linked-account references.
IP address, approximate country, and signals indicating a VPN, proxy, hosting network, or mobile data connection during web verification.
Browser and operating-system information, platform or device characteristics, an identifier cookie, fingerprint identifiers, and security signals used to detect alternative accounts, automation, replay attempts, tampering, and fraud.
Your Discord identity and the IDs, names, and icons of servers you own or can manage. The dashboard stores an authentication token in browser local storage, while corresponding session data is cached server-side for one hour and renewed after successful validation.
Standard request and error information such as IP address, browser or user-agent details, page URL and query parameters, referrer, interactions, date, time, and technical errors. Analytics, advertising, translation, and related browser technologies are described in our Cookies Policy.
For Premium, we process Patreon membership status, entitled tier, linked Discord account, and next charge or expiration information, and store the Discord user ID, server ID, tier, and expiration needed to assign Premium. Patreon processes the payment details, and AuthenticateMe does not receive your full payment-card number. When you vote through top.gg, we process your Discord user ID and vote count until the end of the current month to provide the associated role or giveaway entry.
The contact details, account identifiers, request details, and message content you provide when asking for support, exercising a privacy right, reporting a problem, or otherwise contacting us.
How the verification method changes collection
Web verification
Completing verification on our website uses Discord OAuth with the identify and email permissions. The web flow processes the account, email, network, browser, cookie, baseline fingerprint, session, and outcome data described above. OverpoweredJS provides baseline browser-security signals for web verification. Additional FingerprintJS signals are processed only where the applicable Premium features are available.
Button and instant verification
Discord-only button and instant verification use information available through Discord, such as the user and server IDs, username, avatar or account age where checked, session details, verification outcome, and actions selected by server staff. These flows do not collect the web browser's IP address, identifier cookie, or browser fingerprint as part of that verification.
Server settings
Each participating server chooses which available checks affect its verification outcome and which moderation action follows a failed check. Those settings do not determine every item of baseline security data processed when the web-verification method is used.
Why we collect it
We process the information described on this page to:
- create and manage verification sessions;
- confirm the Discord account completing verification;
- perform the checks configured by a participating server;
- detect alternative accounts, ban evasion, automation, replay attempts, and other misuse;
- record verification outcomes and apply the server's selected role or moderation action;
- operate authenticated dashboard features;
- manage Premium access, community rewards, support, and privacy requests;
- understand website usage and display or measure advertising on ad-supported pages where permitted; and
- secure, troubleshoot, maintain, and improve the service.
Who can receive or access it
Access is limited according to purpose:
- authorized AuthenticateMe staff may access records where necessary to operate, secure, support, or administer the service;
- participating server staff may receive the verification outcome, detection label or reason, relevant linked Discord-account references, and moderation action, but not the raw IP address, identifier cookie, device fingerprint, or email address;
- service providers may process information on our behalf for hosting, storage, network analysis, email validation, fraud detection, support, or similar service functions;
- independent services you interact with, such as Discord, Patreon, and top.gg, process information under their own terms and privacy policies;
- analytics, advertising, and translation providers may collect website information directly through scripts, cookies, or similar technologies; and
- courts, regulators, or law-enforcement authorities may receive information where permitted or required by applicable law.
We do not sell personal information in exchange for money or intentionally provide stored verification outcomes, email addresses, or fingerprint records to advertisers. Website analytics and advertising providers may collect the online information described above directly from your browser, and applicable law may classify some advertising-related disclosures as a "sale" or "sharing." See the Privacy Policy and Cookies Policy for more information.
Your choices and privacy rights
You may choose not to provide information, but that may prevent AuthenticateMe from completing verification or providing an authenticated feature. Individual servers remain responsible for deciding whether another way to access their server is available.
You can manage browser cookies and local storage through your browser settings. See our Cookies Policy for how those choices may affect site features.
You may request access to or deletion of personal data held by AuthenticateMe. See our Privacy Policy and Data Deletion page.
For questions about data collection or your privacy rights, join our Support Server and open a private support ticket.