AeroNexus Privacy Policy
Effective date: 10 July 2026
Last updated: 15 July 2026
AeroNexus provides websites, applications, dashboards, APIs, bots, community tools, and other related products, features, and services, including tools for operating Discord bot services and Discord- and Roblox-focused communities. This Privacy Policy explains how AeroNexus collects, uses, discloses, and retains personal data when you access or use those services (together, the “Service”).
For this Policy, “AeroNexus,” “we,” “us,” and “our” mean the provider of the Service. You can contact us at privacy@aero.nexus or gdpr@aero.nexus. General support is available at info@aero.nexus.
This Policy applies both to Dashboard Administrators, who sign in to configure or manage a community, and Modmail Users, who contact a community or its staff through an AeroNexus modmail bot. Together, they are called “Users.” Community staff and other people whose information appears in a ticket are also covered where AeroNexus processes their personal data.
1. Key points
- AeroNexus uses Discord sign-in and processes Discord and, where configured, Roblox community information to provide the Service.
- Community administrators can use AeroNexus to process modmail tickets, messages, transcripts, snippets, blacklists, group information, and aviation-related community content.
- Every modmail message successfully processed through AeroNexus is recorded in AeroNexus’s database so that the ticket can function and a complete transcript can be produced. Modmail is not an ephemeral or disappearing-message service.
- AeroNexus-controlled production application servers and databases, including database replicas and backups, are hosted in European Union member states and will remain within the European Union permanently. This commitment does not cover third-party analytics or independent processing by external providers.
- Closing or deleting an account does not automatically erase the text of messages already included in a ticket transcript. AeroNexus de-links or anonymizes account identifiers where appropriate, while transcript messages are retained under the rules in Section 11 and remain subject to applicable privacy rights.
- IP addresses are stored and used for fraud prevention, abuse prevention, account and platform security, rate limiting, investigation, and related legal protection—not to serve targeted advertising.
- AeroNexus does not sell personal data and does not use personal data to serve targeted advertisements.
- Every User, including every Dashboard Administrator and Modmail User, must be at least 18 years old and must meet any higher age of legal majority required by the law where they live.
- Optional measurement tools, including PostHog and Microsoft Clarity, are controlled through AeroNexus’s consent settings. You can refuse or withdraw measurement consent without losing the Service’s essential functions.
- Cloudflare Turnstile runs invisibly on certain forms and requests to distinguish people from bots and protect the Service.
- You may exercise applicable privacy rights by emailing privacy@aero.nexus or gdpr@aero.nexus.
2. Scope and privacy roles
This Policy applies to personal data processed by AeroNexus through the Service. It does not replace the privacy policies of Discord, Roblox, Microsoft, Cloudflare, PostHog, or any community that uses AeroNexus.
Users accept the AeroNexus Terms of Service by accessing or using the relevant Service, including by affirmatively accepting through the interface where AeroNexus presents an acceptance control. Users are asked to acknowledge that they have received this Privacy Policy. This Policy is a transparency notice, not a request for blanket consent to all processing. Accessing or using the Service does not constitute consent to optional processing. When AeroNexus relies on consent—such as for optional measurement—it asks for that consent separately.
2.1 AeroNexus as controller
AeroNexus generally acts as a controller when it determines why and how personal data is processed, including for account administration, security, surveys, service analytics, communications, and operation of the AeroNexus platform.
2.2 AeroNexus as processor for community content
When a Discord server owner, Roblox group owner, organization, or community administrator uses AeroNexus to manage community content—such as modmail messages, tickets, transcripts, roles, channel information, blacklists, or operational records—that administrator generally decides why the information is processed and who may access it. In that context, the administrator is ordinarily the controller and AeroNexus processes the information on the administrator’s behalf. AeroNexus remains a controller for its own Terms-acceptance records, security logs, fraud-prevention data, and platform-administration activities.
If your request concerns a ticket, server, group, or other community record, you may contact the relevant community administrator. You may also contact AeroNexus, and we will route or assist with the request where appropriate.
3. Personal data we process
The data processed depends on how you interact with AeroNexus and which features a community administrator enables.
3.1 Account and identity data
When you sign in through Discord, we may receive or store:
- an internal account identifier;
- your name or display name, email address, email-verification status, profile image, Discord identifier, and Discord username;
- account role, administrator status, group and bot limits, ban status, and related account-management information; and
- information needed to connect your Discord account, such as provider account identifiers, authorization scopes, and OAuth access or refresh credentials.
We do not receive your Discord password.
3.2 Authentication, device, and security data
We may process session tokens, session expiry, IP address, user-agent and browser information, device and operating-system information, login and logout events, Terms and Policy version-acceptance records, impersonation or administrative-session information, rate-limit events, security challenge results, and diagnostic information. Cloudflare Turnstile may process technical signals described in Section 8.
We store and use IP addresses to prevent and investigate fraud, bots, spam, abuse, account compromise, unauthorized access, rate-limit evasion, and other threats; to protect Users and communities; and to establish, exercise, or defend legal claims. We do not use stored IP addresses to select targeted advertisements.
3.3 Discord and Roblox community data
Depending on the configuration, AeroNexus may process:
- Discord server, owner, member, role, channel, category, invitation, and bot identifiers;
- server names, icons, banners, approximate member counts, role and channel configuration, and cached platform metadata;
- Roblox group identifiers, names, status, owner information, and related public or API-provided group details;
- bot names, status, type, configuration, presence, direct-message recipient identifiers, whitelisted users and roles, support messages, and bot credentials; and
- configuration and operational information supplied by community administrators.
Bot and OAuth credentials are security-sensitive. They are used only to authenticate authorized integrations and operate the features requested by the relevant administrator.
3.4 Modmail, support, and community content
Community features may process:
- modmail ticket identifiers and status, opening and closing records, channel identifiers, participant and staff identifiers, usernames, display names, avatars, timestamps, and message metadata;
- every user and staff message successfully processed through an AeroNexus modmail flow, including message text, edits, attachments or linked media, replies, timestamps, delivery and author metadata, snippets, blacklist records, notes, and related ticket history;
- generated HTML-style or Markdown transcripts and associated ticket information;
- group names and descriptions; flight names and descriptions; fleet, aircraft, and airport information; and images or links supplied for those records; and
- content delivered from third-party locations, including Discord’s content-delivery network.
Messages and transcripts can contain whatever a user chooses to send. Every successfully processed modmail message is written to AeroNexus’s database to operate the ticket, preserve its history, support staff review, and generate a transcript. The message is not treated as ephemeral and may remain visible to authorized community staff after the author’s AeroNexus account or identity linkage is removed. Please do not submit special-category or highly sensitive personal data unless it is genuinely necessary and the relevant community has a lawful basis and appropriate safeguards for processing it.
3.5 Surveys, feedback, and communications
If you complete an AeroNexus survey or contact us, we may process your account or user identifier, group identifier, IP address, page URL or path, survey and feature identifiers, responses, free-text feedback, technical metadata, and the content of your communication.
3.6 Usage, analytics, and diagnostic data
Subject to the choices described in Section 7, AeroNexus may process page views, page exits, feature interactions, referral or page URLs, pseudonymous user and session identifiers, clicks, scrolling, mouse movement, page-rendering information, browser and device characteristics, error and performance events, and related analytics properties.
Microsoft Clarity creates a reconstruction of page interactions from captured page structure and user events; it is not a video recording from your camera. AeroNexus may associate analytics with a friendly account or session identifier when you are signed in.
3.7 Real-time connection data
When the real-time service is used, AeroNexus may process a connection’s remote network address, group or user identifier, connection time, heartbeat state, and message counts. This information is primarily held in memory for connection management, security, and operational monitoring.
3.8 Browser and device storage
AeroNexus uses cookies and browser storage for authentication, consent choices, security clearance, survey state, feature preferences, recently used emoji and interface preferences, and optional analytics. Section 7 provides more detail.
4. Where data comes from
We obtain personal data:
- from you, when you sign in, configure the Service, complete a survey, communicate with us, or submit content;
- from community administrators and users, when they configure bots, operate tickets, create records, or send messages through a community using AeroNexus;
- from Discord and Roblox, through sign-in, bot, and API functions authorized or requested by you or a community administrator; and
- automatically, from your browser, device, network connection, cookies, local storage, logs, security tools, and—if you consent—measurement tools.
5. Why we process data and our legal bases
Where the GDPR applies, AeroNexus relies on the following legal bases.
| Purpose | Typical data | GDPR legal basis |
|---|---|---|
| Create and administer accounts; authenticate users; provide the dashboard, API, bots, modmail, real-time, and community-management functions | Account, session, Discord/Roblox, configuration, community, and content data | Performance of a contract or steps requested before entering a contract (Article 6(1)(b)) |
| Protect accounts and the Service; prevent bots, abuse, fraud, unauthorized access, and platform misuse; enforce terms | Session, IP, device, security-event, Turnstile, access-control, and log data | Legitimate interests in security and service integrity (Article 6(1)(f)); legal obligation where applicable (Article 6(1)(c)) |
| Record Terms acceptance and Privacy Policy acknowledgement | User or account identifier, relevant document version, choice, and timestamp | Performance of a contract (Article 6(1)(b)); legitimate interests in documenting applicable rules and transparency (Article 6(1)(f)); legal obligation where applicable (Article 6(1)(c)) |
| Respond to questions, support requests, privacy requests, and service communications | Account, contact, communication, and relevant service data | Contract (Article 6(1)(b)); legitimate interests in supporting users and administering requests (Article 6(1)(f)); legal obligation where applicable (Article 6(1)(c)) |
| Run optional product measurement, including PostHog and Microsoft Clarity | Usage, device, page, interaction, and pseudonymous identifier data | Consent (Article 6(1)(a)) where required; limited cookieless audience measurement may rely on legitimate interests only where permitted by law |
| Collect optional surveys and feedback | Survey responses, identifiers, page context, and technical metadata | Consent (Article 6(1)(a)) or legitimate interests in improving the Service (Article 6(1)(f)), depending on the survey and local law |
| Establish, exercise, or defend legal claims; comply with lawful requests | Relevant account, content, log, and communication data | Legal obligation (Article 6(1)(c)) and legitimate interests in legal protection (Article 6(1)(f)) |
Where AeroNexus acts as a processor for community content, the relevant community administrator is responsible for identifying the applicable legal basis and giving required notices. AeroNexus processes that content under the administrator’s documented instructions and the data-processing terms in the AeroNexus Terms of Service.
If processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect processing already carried out lawfully before withdrawal.
6. When providing data is required
Discord account and authentication information is required to create an AeroNexus account. Required server, bot, and authorization details are necessary to connect and operate the selected features. If you do not provide required information, the relevant feature may not work.
Surveys, feedback, profile customization, Roblox group connection, and measurement consent are optional unless the interface clearly states otherwise. Refusing optional measurement does not prevent access to essential Service functions.
7. Cookies and similar technologies
You can use AeroNexus’s consent controls to accept or refuse optional functional and measurement technologies, choose each category separately, and change your decision later. Strictly necessary technologies operate because they are required to sign you in, remember privacy choices, protect the Service, or provide a feature you request.
| Technology | Category and purpose | Duration or control |
|---|---|---|
| Authentication cookies | Strictly necessary. Maintain your signed-in session and protect access to your account. | Until the session expires, you sign out, or the session is revoked. |
| Consent preference | Strictly necessary. Remembers whether you accepted or refused Functional and Measurement cookies. | Until you change the choice or clear site data, subject to the configured expiry. |
| Cloudflare Turnstile and security clearance | Strictly necessary. Distinguishes legitimate requests from bots and abuse. AeroNexus may cache a successful clearance briefly. | Turnstile tokens are short-lived; AeroNexus’s clearance is intended to last no more than approximately five minutes. |
| PostHog | Measurement. Measures page views, page exits, and product use. When measurement is refused, AeroNexus is configured to use PostHog’s cookieless-on-rejection mode, which does not store PostHog identifiers in browser storage and may count visits using a privacy-preserving server-side hash. | Identifiers are used only after the relevant choice; withdraw through consent settings. Provider-side retention follows the configured PostHog project settings. |
| Microsoft Clarity | Measurement. Uses pseudonymous identifiers to associate page views and reconstruct interactions such as clicks, scrolling, mouse movement, and page rendering. Microsoft cookies may include _clck, _clsk, CLID, ANONCHK, MR, MUID, and SM. | Activated only after the relevant measurement consent. Refusal or withdrawal causes supported Clarity cookies to be blocked or removed. Playback data is generally retained by Clarity for 30 days; click/heatmap data and labeled, favorited, or sampled sessions may be retained for up to nine months. |
| Local or session storage for survey state, feature flags, theme and emoji preferences, and notices | Functional. Remembers a requested feature or interface preference. | Used only when you accept Functional cookies. Session items end with the browser session; persistent items remain until cleared, reset, no longer needed, or you withdraw consent. Security-challenge storage is strictly necessary and remains available without Functional consent. |
Your browser may let you block or delete cookies and storage. Blocking strictly necessary items may prevent authentication or requested features from working.
8. Cloudflare Turnstile Invisible Mode
AeroNexus uses Cloudflare Turnstile in invisible mode on authentication, dashboard, survey, and other protected requests. The challenge may run in the background without displaying a visible widget.
Turnstile may process client-side signals such as IP address, TLS fingerprint, user-agent header, site key, and the associated website origin to distinguish human users from bots, prevent malicious activity, and improve bot detection. Cloudflare states that Turnstile signals are not collected to identify, profile, or target individuals.
As required for invisible mode, please read Cloudflare’s Turnstile Privacy Addendum, together with Cloudflare’s Privacy Policy.
9. How we disclose personal data
AeroNexus does not sell personal data. We do not use personal data to serve targeted advertisements. We disclose personal data only as described below.
9.1 Community administrators and authorized users
Ticket, transcript, bot, group, server, and community records are available to the administrators, staff, roles, and users authorized by the relevant community’s configuration. The community administrator controls those access permissions. A transcript downloaded or shared by an authorized user becomes a copy outside AeroNexus’s control.
9.2 Service providers and platforms
| Recipient | Reason and data involved | More information |
|---|---|---|
| Discord | Sign-in, account connection, guild and bot operations, messages, roles, channels, media links, and other requested Discord functions | Discord Privacy Policy |
| Roblox | Requested group lookups and community configuration, including group identifiers and public or API-provided group details | Roblox Privacy and Cookie Policy |
| Cloudflare | Invisible Turnstile security checks and related technical signals | Turnstile Privacy Addendum |
| PostHog | Optional product analytics and pseudonymous usage data; infrastructure location depends on the configured PostHog host | PostHog Privacy Policy |
| Microsoft Clarity | Optional page-interaction measurement, pseudonymous identifiers, device and usage information | Microsoft Privacy Statement and Clarity disclosure |
| Production hosting, database, cache, networking, and deployment providers | Store and transmit account, configuration, content, log, database, and real-time information as needed to operate AeroNexus | AeroNexus-controlled production application servers and databases, including database replicas and backups, are hosted in European Union member states and will remain within the European Union permanently. This commitment does not apply to third-party analytics or independent processing by Discord, Roblox, Cloudflare, PostHog, Microsoft, or their subprocessors. |
Discord and Roblox also process information under their own terms and privacy policies. Community administrators must comply with the platform rules that apply to their use of bots, APIs, and platform data.
9.3 Legal and safety disclosures
We may disclose information when reasonably necessary to comply with applicable law or a binding legal request; protect the rights, safety, or security of users, AeroNexus, or others; investigate fraud or abuse; enforce our Terms; or establish, exercise, or defend legal claims.
9.4 Organizational changes
If AeroNexus is reorganized, transferred, merged, or acquired, relevant information may be disclosed to professional advisers and a successor, subject to appropriate confidentiality and data-protection safeguards. We will provide notice where required by law.
10. International data transfers
AeroNexus-controlled production application servers and databases, including database replicas and backups, are hosted in European Union member states and will remain within the European Union permanently.
This commitment applies only to infrastructure controlled by AeroNexus. It does not mean that all processing occurs within the European Union. Discord, Cloudflare, Microsoft, PostHog, Roblox, and their subprocessors may process information in other countries under their own infrastructure and applicable terms. Those countries may have different data-protection laws.
When GDPR-protected personal data is transferred outside the European Economic Area, AeroNexus uses or requires an applicable lawful transfer mechanism, which may include an adequacy decision, the European Commission’s Standard Contractual Clauses, or another safeguard permitted by Chapter V of the GDPR. Microsoft states that European Clarity customers contract with Microsoft Ireland Operations Limited and that Standard Contractual Clauses support relevant transfers between Microsoft affiliates. You may contact us for more information about the safeguards relevant to your data.
11. Retention
We keep personal data only for as long as reasonably necessary for the purpose described in this Policy, taking into account account status, community instructions, feature needs, security, legal obligations, disputes, and the feasibility of deletion from backups. The following criteria apply.
| Data | Retention approach |
|---|---|
| Account and profile data | While the account is active and for the limited period needed to close the account, complete deletion, resolve disputes, prevent abuse, or meet legal obligations. |
| Sessions and security clearance | Until expiry, revocation, sign-out, or the end of the short security-clearance period. Security events may be retained longer where needed to investigate abuse. |
| Discord/Roblox configuration and bot data | While the integration, bot, group, or account remains connected, then until deletion is completed or retention is required for security, disputes, or law. Platform-derived data is refreshed or removed when no longer needed or when platform rules require it. |
| Modmail tickets, messages, snippets, blacklists, and community records | Every successfully processed modmail message is stored in the ticket database and ordinarily remains for the community’s documented ticket-retention period so that the ticket history and transcript remain complete. Closing or deleting a User’s account does not automatically delete the message body. AeroNexus will de-link or replace direct author identifiers with an anonymous or pseudonymous label where appropriate. Message text may still identify a person and therefore remains subject to applicable erasure, objection, restriction, and retention rules. Expired blacklist entries may cease to be enforced before they are purged. |
| Transcripts and linked media | AeroNexus-held source records follow the community-content rule above. A valid deletion request may require deletion or redaction of identifying content if there is no continuing lawful basis or applicable exception. Copies already exported by administrators or Users, and content retained independently by Discord or its CDN, cannot always be recalled or deleted by AeroNexus. |
| IP addresses and fraud/security logs | For the period reasonably necessary to prevent or investigate fraud, abuse, account compromise, unauthorized access, and rate-limit evasion; enforce the Terms; protect legal claims; and comply with law. Raw identifiers are deleted, truncated, or anonymized when they are no longer needed for those purposes. |
| Surveys and communications | Until the response is no longer needed for the survey, support, follow-up, product-improvement, dispute, or legal purpose. |
| Real-time connection metadata | Primarily until disconnection; limited operational or security events may persist in logs where necessary. |
| Microsoft Clarity | Playback data is generally retained for 30 days. Click and heatmap data and labeled, favorited, or sampled sessions may be retained for up to nine months under Microsoft’s current retention rules. |
| PostHog and operational logs | According to the configured project or logging retention and only while needed for measurement, diagnostics, security, or legal purposes. |
| Backups | Until overwritten or deleted through the normal backup-rotation process. Information isolated in a backup is not used for ordinary purposes and may be restored only for continuity or disaster recovery. |
When we no longer need personal data, we delete it, anonymize it, or isolate it until deletion is feasible. Account deletion normally removes or anonymizes account and author-linkage data, but it does not automatically remove the text of messages already forming part of a ticket transcript. A message body can itself contain personal data, so AeroNexus and the relevant community administrator assess requests concerning message content individually. Identifying content will be deleted, redacted, restricted, or retained according to the applicable legal basis, the community’s documented retention period, the rights of other ticket participants, and any lawful exception, including legal claims, security, compliance, or freedom of expression and information.
12. Security
AeroNexus uses technical and organizational measures intended to protect personal data, including access controls, authentication, role- and resource-based authorization, security headers, origin controls, rate limiting, bot detection, bounded message sizes, connection monitoring, and restricted operational endpoints. Access to non-public information is limited according to role and operational need.
Bot tokens are protected with AES-256-GCM at rest, and Discord traffic is protected with TLS in transit.
No online service can guarantee absolute security. You are responsible for protecting your Discord account, active sessions, bot tokens, API credentials, and devices. If you believe an AeroNexus account, token, or integration has been compromised, revoke the relevant credential where possible and contact info@aero.nexus promptly.
13. Your privacy rights
Depending on your location and the circumstances, you may have the right to:
- obtain confirmation of whether AeroNexus processes your personal data and access a copy;
- correct inaccurate or incomplete personal data;
- request deletion of personal data;
- restrict processing;
- receive data you provided in a structured, commonly used, machine-readable format and transmit it to another controller where the portability right applies;
- object to processing based on legitimate interests;
- withdraw consent at any time;
- object to certain direct marketing, if any is sent; and
- lodge a complaint with a competent supervisory authority.
To exercise a right, email privacy@aero.nexus or gdpr@aero.nexus. Please describe the account, community, ticket, message, or data concerned. We may request information reasonably necessary to verify your identity and protect others from unauthorized disclosure.
If you request account deletion, we will remove or anonymize the account and its direct linkage to ticket records where appropriate. Message bodies are not automatically deleted merely because the account is removed. If a message body itself identifies you, you may ask for that content to be reviewed. We or the relevant community administrator will erase or redact it when required by law and may retain it only where a continuing lawful basis or a limited legal exception applies. We will explain the result of the request.
We ordinarily respond within one month when the GDPR applies. That period may be extended by up to two additional months for a complex or numerous request, in which case we will explain the extension. Rights are not absolute, and we will explain any lawful limitation or refusal.
If AeroNexus processes content solely for a community administrator, we may direct the request to that administrator or assist the administrator in responding.
You may lodge a complaint with a supervisory authority competent for your habitual residence, workplace, or the alleged infringement.
14. Age eligibility and minors
The Service is intended only for Users who are at least 18 years old and who have reached any higher age of legal majority required by the law where they live. This requirement applies to every Dashboard Administrator and Modmail User. AeroNexus does not knowingly permit a person who does not meet this requirement to create or control a dashboard account, open or participate in a modmail ticket, send a modmail message, or otherwise use the Service. A parent’s or legal guardian’s permission does not make an underage person eligible to use the Service.
Personal data about a minor may still appear in community content—for example, if an eligible User mentions a minor or if an underage person accesses the Service contrary to the Terms. Community administrators must prevent ineligible community members from using AeroNexus, provide appropriate notices, choose a lawful basis, limit access, and comply with applicable protections for minors. Microsoft Clarity is used on the AeroNexus web interface, not inside the Discord modmail conversation itself.
If you believe an ineligible person has used the Service or a minor’s data has been processed improperly, contact the relevant community administrator and privacy@aero.nexus.
15. Automated security checks
Turnstile and AeroNexus security systems automatically assess technical signals to identify bots, abuse, and suspicious requests. A failed check may delay or deny a request or require another attempt. AeroNexus does not use this process to make decisions that produce legal or similarly significant effects about you. If you believe a security control made an error, contact info@aero.nexus.
16. No sale or targeted advertising
AeroNexus does not sell personal data, rent mailing lists, or use personal data to select targeted advertisements. Microsoft Clarity and PostHog are used for product measurement, not for AeroNexus advertising. Those providers process information under their own terms and privacy documentation.
In a jurisdiction that defines a transfer to an analytics provider as a “sale,” “sharing,” or targeted-advertising activity, you can refuse measurement in AeroNexus’s consent controls. You may also contact us to exercise a specific opt-out right provided by applicable law.
17. Changes to this Policy
We may update this Policy to reflect changes to the Service, providers, data practices, or law. For a routine, clarifying, or administrative change, we will post the revised Policy and give at least three days’ advance notice through the dashboard for Dashboard Administrators and through the modmail flow, a bot notice, or another reasonably available channel for Modmail Users.
For a substantial change—such as a new processing purpose, new category of recipient, significant international transfer, or material reduction in a User’s choices—we will give notice well enough in advance for affected Users to understand the change and exercise their rights. Where a change materially and negatively affects a consumer’s use of the Service, we will ordinarily give at least 30 days’ notice through a durable or directly addressed channel and preserve any mandatory termination or objection right.
A Privacy Policy is a notice and is not accepted by silence. If the changed processing requires consent, AeroNexus will obtain a new, separate affirmative consent before that processing begins. Continuing to use the Service cannot substitute for consent where consent is legally required.
18. Contact
- Privacy and GDPR requests: privacy@aero.nexus, gdpr@aero.nexus
- Legal: legal@aero.nexus
- General support: info@aero.nexus