Privacy Policy

IronSight is a staff management and player support platform for game server communities. This policy explains what information we collect, why we collect it, and the controls we have in place to protect it.

IronSight operates as a multi-tenant platform. Each community (an "organization") manages its own staff and player data independently. Data belonging to one organization is never shared with or visible to another.

Account & identity

• Steam ID and public Steam profile information (display name) — used to identify players and staff members.
• Discord user ID and username — used for staff authentication and Discord server integration.
• Staff display name — how your name appears to players and colleagues in the panel.

Support & moderation data

• Ticket content — descriptions, evidence links, and messages submitted through the player portal or written by staff.
• Moderation records — bans, mutes, and their associated reasons, durations, and issuing staff member.
• Player sightings — records of when a Steam ID was observed on a server run by an organization using IronSight.
• Staff notes — internal notes attached to player profiles by authorized staff. These are never shown to players.

Discord data

• Discord user ID and username — collected at login via OAuth and stored as part of your staff account indefinitely.
• Discord messages — organizations may configure IronSight to monitor designated channels in their Discord server. When this integration is active, messages sent in those channels (including message content, author ID, username, timestamp, and any attachments) are recorded and stored as moderation data. Message content is automatically and permanently deleted after 30 days. Only channels explicitly configured by an organization owner are monitored. Direct messages and channels outside the configured scope are never read or stored.
• Discord server membership — whether a user is a member of a linked Discord server may be checked to verify staff eligibility or access level within an organization.
• Discord moderation actions — timeouts, voice mutes, kicks, and bans issued through the panel are logged in the organization's audit trail alongside the responsible staff member and reason. These records are retained indefinitely as part of the moderation history.

When you join a Discord server that has IronSight integration enabled, the IronSight bot will send you a direct message notifying you of this policy. By remaining in a server with the integration active, you acknowledge that messages sent in monitored channels may be recorded and used for moderation purposes by that server's staff team.

Technical & session data

• IP address — collected at login and on certain API requests for rate limiting and abuse prevention. Not stored long-term.
• Session token — an encrypted cookie that identifies your active session. Expires on logout or after a fixed idle period.
• Audit log entries — staff actions (ticket assignments, status changes, bans) are logged with a timestamp and staff identity.

• To operate the ticket system and allow players to submit and track support requests.
• To enforce server rules — issuing, tracking, and synchronizing bans and mutes across servers within an organization.
• To give staff the context they need to make fair moderation decisions (prior history, linked accounts, server activity).
• To authenticate users securely and prevent unauthorized access to the staff panel.
• To generate audit trails so organizations can review staff actions and maintain accountability.

We do not sell, rent, or share personal data with third parties for advertising or commercial purposes.

Access to player and moderation data is strictly role-based. Every staff account belongs to an organization and is assigned a rank. Access is enforced server-side on every request — it cannot be bypassed by the client.

Internal staff notes, restricted tickets, and certain moderation records are hidden from lower-ranked staff members. Visibility restrictions are enforced on the server — not just the UI.

Platform-level access (sysadmin) is limited to a single designated account used solely for infrastructure maintenance. Sysadmin access is identified and logged.

To provide certain features, IronSight queries external services on behalf of organizations:

• Steam — Player display names and profile data are fetched from the Steam Web API using a player's Steam ID.
• Player data providers — Organizations may enable integrations with third-party game server data services (configured per-organization) to enrich player lookups with game history and prior ban data. API keys are stored encrypted and are never shared between organizations.
• Discord — Used for staff authentication via OAuth and, where enabled by an organization, for message monitoring and server integration. When a Discord integration is active, IronSight reads messages from configured channels using a bot operating under Discord's API terms. Data received from Discord is processed and stored within IronSight's infrastructure; it is not re-shared with other third parties. IronSight does not send messages or take actions in Discord on behalf of users without explicit configuration by an organization owner.

We do not transmit ticket content, staff notes, or ban records to any external service unless a specific integration is explicitly enabled and configured by an organization owner.

Player data is stored permanently.

Tickets, moderation records, ban history, and Discord moderation actions (timeouts, kicks, bans) are retained indefinitely while the organization's account is active, as they form a continuous audit trail necessary for fair moderation.

Discord message content is retained for a maximum of 30 days and is then permanently and automatically deleted. This applies to all message content, author information, and attachments captured through the Discord channel monitoring integration.

Discord account identifiers (user ID, username) linked to a staff account are retained for as long as the staff account exists within an organization.

Session data is cleared on logout and automatically expires after a period of inactivity. IP addresses captured for rate limiting are not stored beyond the request cycle.

Evidence collected during moderation investigations — including video clips, screenshots, chat logs, and other materials submitted by reporters or gathered by staff — is treated as confidential moderation data.

We do not disclose evidence or any associated player information to external parties. This includes the subject of the investigation, third-party services, or other players. Evidence is accessible only to staff members with the appropriate rank within the organization that collected it.

Players who are the subject of a moderation action do not have an automatic right to inspect the evidence held against them. Staff teams are not obligated to reveal the source, nature, or contents of evidence as part of a ban or appeal process. This policy exists to protect reporters from retaliation and to preserve the integrity of the moderation process.

All communication between your browser and IronSight is encrypted in transit. Session tokens are stored in HttpOnly, Secure cookies and are not accessible to client-side scripts.

Sensitive credentials (such as third-party API keys configured by organizations) are stored encrypted.

Staff authentication requires both a Discord account and a Steam account to be linked. This two-factor identity requirement prevents a single compromised account from gaining panel access.