Privacy Policy

Last updated: May 11, 2026

1. What we are

AsianMasc Community ("we", "us") operates the Healthy AM peer support program on behalf of the AsianMasc community. We are not a medical provider, therapy service, or crisis line. This policy describes what data we collect and how we handle it.

2. What we collect

Account

  • Discord ID, username, and avatar (via OAuth)
  • Email address (from Discord)
  • Your Discord guild roles in the main AsianMasc server
  • Optional profile fields you provide: pronouns, timezone, bio

Peer support content

  • Intake answers you submit
  • Group membership, attendance, and session notes (mentor-authored)
  • Private mentor notes about a member — visible only to leaders and the assigned mentor, never to the member
  • Training reflections — the text is private to you and the leadership group. Admin pages only show whether you’ve submitted a reflection (a checkmark), not the content. The content sits in the database and can be read by anyone with direct database access if needed for a documented investigation.

Operational logs

  • Role change audit log (every Discord role add/remove)
  • Server-side request logs (IP, user agent, path) — kept briefly for security

3. How we use it

  • To run the peer support service: triage intakes, assign mentors, schedule groups
  • To sync your Discord roles so the app shows you the right things
  • To maintain an audit trail for accountability
  • To improve the platform (aggregate, never individual)

We do not sell your data. We do not run ads. We do not share intake content outside the leadership group + assigned mentor.

4. Discord integration

We use Discord OAuth to sign you in and the Discord API (via the AsianMasc bot) to read and modify your roles in the main AsianMasc guild. Role writes only happen when a Healthy AM lead explicitly approves you for training or graduation. Every write is logged.

5. Your rights

  • Access: ask us for a copy of your data
  • Delete: ask us to delete your account and intake history
  • Correct: update profile fields any time in settings
  • Withdraw: leave the program; we'll remove peer-support roles and close active threads

To exercise these, reach out via the AsianMasc Discord — DM a Healthy AM lead.

6. Cookies & sessions

When you sign in we set a small set of session cookies so we know it’s still you on the next page load. The session cookies are next-auth.session-token and a CSRF helper (next-auth.csrf-token). They’re first-party only — not shared with any third party — and clear themselves on sign-out or after roughly 30 days of inactivity.

Cloudflare sits in front of the site and sets a transient __cf_bm cookie to fight bots. We don’t run ads, analytics, or third-party trackers on the site.

7. Data retention & deletion

We retain your account and Healthy AM content while your account is active. When you ask us to delete your account, we remove your user record and cascade the deletion to your intake answers, applications, group memberships, training reflections, and mentor-authored notes about you within 30 days. The role-change audit log keeps a redacted entry (action + role + timestamp, with your user id removed) so accountability isn’t erasable.

To request deletion, DM a Healthy AM lead in the AsianMasc Discord. We’ll confirm receipt within 7 days and complete within 30.

8. Security

  • HTTPS everywhere (Let's Encrypt via Traefik)
  • Database access scoped to the app container
  • Bot-API endpoints gated by shared secret with timing-safe comparison
  • Sessions are database-backed and expire

9. Changes

We'll post material changes here and announce in the AsianMasc Discord. Continued use after a change means you accept it.

10. Contact

Questions? Reach us in the AsianMasc Discord.