Cookie Policy
1. What Are Cookies
Cookies are small text files placed on your device when you visit a website or use a web application. They allow a site to recognise your device across requests and sessions. Under UK GDPR and the Privacy and Electronic Communications Regulations (PECR), we are required to tell you what cookies we use and why.
This policy covers cookies set by guardiobot.org, dashboard.guardiobot.org (the server owner dashboard), and api.guardiobot.org (the volunteer dashboard). The Discord bot itself does not set cookies — it operates through the Discord API.
2. Cookies We Use
We use only strictly necessary cookies. These cannot be disabled without breaking the Service.
Session authentication (volunteer dashboard)
Name: gb_session — an httpOnly, SameSite=Strict, Secure JWT cookie issued after successful volunteer login (Volunteer ID + password + 2FA). Expires after 8 hours. Used to maintain your authenticated session across requests to the volunteer dashboard API.
Session authentication (server owner dashboard)
Name: gb_owner_session — an httpOnly, SameSite=Strict, Secure JWT cookie issued after Discord OAuth2 authentication. Expires after 8 hours. Used to maintain your authenticated session as a Discord server owner.
Known device token (volunteer 2FA)
Name: gb_device — a device fingerprint token stored as a cookie after successful 2FA verification. Allows volunteers to skip the email 2FA step on trusted devices. Expires after 30 days. Stored httpOnly and Secure.
All session cookies are scoped to the guardiobot.org registered domain using SameSite=Strict, preventing cross-site transmission.
3. What We Do Not Use
We do not use advertising cookies, tracking cookies, analytics cookies (e.g. Google Analytics), social media pixels, or any cookies for marketing or profiling purposes. Guardiobot products are ad-free and we do not sell or share user data with advertisers.
4. Third-Party Cookies
Stripe may set cookies when you visit the subscription checkout or customer portal pages. These cookies are set by Stripe's domain, not ours, and are subject to Stripe's Privacy Policy. Stripe uses these cookies for fraud prevention and to maintain session state during checkout — not for advertising.
No other third-party cookies are set on Guardiobot pages.
5. Managing Cookies
Because we use only strictly necessary cookies, disabling them will prevent the dashboard from functioning — you will not be able to stay logged in. If you wish to delete existing cookies, you can do so through your browser settings.
Most browsers allow you to view, delete, and block cookies. Refer to your browser's help documentation for instructions. Note that clearing cookies will log you out of any active Guardiobot dashboard sessions.
6. Changes to This Policy
We may update this Cookie Policy from time to time. When we make changes we will update the "Last updated" date above. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
7. Contact
For any questions about this Cookie Policy: