Privacy Policy

Last updated: May 2026

Our position on privacy

Madrigal Labs takes privacy seriously. We collect what we need to run the site and nothing more, we don't sell your data, we don't run third-party tracking pixels or analytics scripts on the chat surface, and we keep staff out of anything that should be private. This page explains what we collect, why, who sees it, and how to remove it.

What we collect

Account info from your OAuth provider: when you sign in with Discord we receive your Discord user id, display name / handle, avatar URL and email address. The email is stored against your Madrigal Labs account so you can also sign in directly with email + password (using a password you set yourself); we never share or sell it and we don't use it for marketing.

Stuff you post: messages, marketplace listings, reviews, profile fields, uploaded files, voice call signalling state. All traffic between your browser and our server is encrypted in transit with HTTPS / WSS, and voice calls go peer-to-peer with WebRTC's built-in DTLS-SRTP encryption (we never see the audio stream). Independently of how the bytes move on the wire, staff cannot access your private content - direct messages, group chats, private server channels, personal file storage and voice calls are off-limits to moderators. There is no staff-side tool that reads any of those, and the chat surface is built so that audience-of-one and audience-of-few content stays inside its intended audience.

Operational logs: sign-in IP + user agent (kept for as long as the session is alive, typically rolling for the session window), per-feature audit entries (who did what + when, e.g. role changes, bans, marketplace orders), and per-IP rate-limit counters. We hash IPs with a server- side secret before storing them in the multi-account / anti-abuse tables, so the raw IP isn't sitting in our DB.

Robot Pang: when you chat with Robot Pang we store the conversation against your account so you can re-open it later. By default conversations are public to other Madrigal Labs members (the Community tab on the bot page); Premium accounts can mark a conversation private with a toggle, in which case it's only visible to you and staff with the bot-logs permission.

What we do NOT collect: we don't run third-party analytics on the site, we don't have ad-tech tracking pixels, we don't fingerprint your browser, and we don't read your email or social-graph beyond the bare Discord identity.

Who can see what

We design every feature so the audience is the smallest one that makes sense:

  • Direct messages and group chats are private. Only the participants of a DM / group can read it. Staff cannot read your DMs. There is no staff-side "view DMs" tool.
  • Private server channels are private. Channels gated behind a server's role permissions are visible only to members of that server who hold the relevant permission. Staff cannot read those channels - they would have to be a member of that specific server with that specific permission, same as everyone else.
  • Your file storage is yours. Files you upload (chat attachments, marketplace images, profile avatars) are linked to your account. Staff cannot browse your storage. They only see a file if a moderation report points at a specific message that contains it.
  • Public server channels, marketplace listings + reviews, profile pages, and announcements are public to other signed-in members - that's their whole purpose.
  • Reported content is visible to staff with the relevant report-handling permission. The report carries only the information needed to act on it.

Cookies + local storage

We use a small number of strictly-functional cookies:

  • The session cookie (httpOnly), so you stay signed in.
  • A double-submit CSRF cookie (readable by our own JS only, not third parties), which protects every state-changing request against cross-site forgery.
  • Browser localStorage for UI state - your last-opened DM, draft messages, theme + appearance preferences. This data lives on your machine and is never sent to us.

We don't use advertising or tracking cookies.

External services

OAuth (Discord) for sign-in. Discord receives only what it needs to authenticate you; we receive only your Discord identity.

Anti-abuse IP intelligence: on giveaway entry and on Robot Pang chat we look up your IP against third-party VPN / proxy / Tor lookup services to keep the free tier fair. The IP is hashed before being cached against the lookup result.

Embed scraping: when you paste a link in chat, our server fetches the page once (server-side) to build a small Open-Graph preview card. The page you linked sees a request from our IP, not yours.

Robot Pang AI: the bot is powered by an external AI provider. Your prompts + history get sent to that provider so it can generate the reply. We don't share anything with the AI provider beyond the conversation itself.

Your controls

From the settings page you can:

  • Block other users (no DM + no friend invite + no calls).
  • See and revoke active sessions.
  • Delete your account, which wipes your messages, attachments, marketplace listings, profile data, friendships and roles. Some moderation logs persist in anonymised form (we have to keep the audit trail for safety reasons), but they no longer reference your identity.

Anything else you'd like removed: contact us via the help menu's Report / Contact entry.

Children

Madrigal Labs is not directed at children under 13 and we don't knowingly collect personal data from anyone under 13. If you believe a minor is using the site, please report it.

Changes

If we change anything material in this Privacy Policy (especially anything that broadens what we collect or who sees it), we'll post a notice in the site-wide announcements. Minor edits (typos, clarifications) just update the date at the top of this page.

Contact

Privacy questions or data-removal requests: use the "Report / Contact" entry in the help menu (the "?" button), or email support@madrigal-labs.com.