Skip to content

Instantly share code, notes, and snippets.

@wavedevgit

wavedevgit/privacy_policy.md

Created May 3, 2026 17:06
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save wavedevgit/a218ad555c6ed3f2b59bae7c5ebbc0ff to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save wavedevgit/a218ad555c6ed3f2b59bae7c5ebbc0ff to your computer and use it in GitHub Desktop.
Download ZIP
wavetools - privacy policy
Raw
privacy_policy.md

Privacy Policy

Last updated: 2026-05-03T17:04:39.637Z

1. Introduction

This Privacy Policy describes how the WaveTools Discord bot ("the Bot") collects, uses, and handles data when you interact with it. The Bot is a utility tool designed for security reconnaissance, network analysis, and developer utilities. It does not store personal data or user information.

2. Data Collection

2.1 Input Data

The Bot only processes data you explicitly provide through Discord slash commands. This includes:

Command Data Collected
/subdomains Domain name (string)
/opsub Domain name (string)
/whois Domain name or IP address (string)
/raccoon Domain name(s) — single string or uploaded text file (max 50 domains)
/iprep IP address (string), optional days parameter (integer)
/build Build hash (string)
/ipconvert IP address (string)
/wayback URL or domain (string)
/build_override URL, encoded string, or uploaded text file
/launchsignature UUID string
/release Version number and git branch (owner-only)

2.2 What We Do NOT Collect

  • No message history — The Bot only sees the specific command input you send it. It does not read, store, or process any other messages in channels.
  • No user profiling — The Bot does not track, log, or profile user behavior or command usage patterns.
  • No persistent storage — The Bot does not maintain a database, log file, or any persistent record of queries, users, or results.
  • No analytics or tracking — The Bot does not use cookies, analytics services, or tracking mechanisms.

3. Data Usage

3.1 How Input Data Is Used

All input data is used exclusively to fulfill the command you requested. For example:

  • A domain provided to /subdomains is used to query subdomain enumeration APIs.
  • An IP provided to /iprep is sent to the AbuseIPDB API to retrieve reputation data.
  • A domain provided to /raccoon is used to make HTTP requests to that domain to inspect its headers and authentication configuration.

3.2 Temporary Processing

Some commands create temporary files during execution to format results for download:

  • /subdomains, /opsub, and /wayback write temporary .txt files to the OS temp directory. These files are immediately deleted after being sent as Discord attachments.
  • Other commands process data in memory only and never write to disk.

No temporary data persists beyond the lifetime of a single command execution.

4. External Services

The Bot queries the following third-party services using the data you provide:

Service Used By Data Sent Privacy Policy
crt.sh /subdomains, /opsub Domain name https://crt.sh/
SecurityTrails /subdomains, /opsub Domain name https://securitytrails.com/privacy
C99 Subdomain Finder /subdomains, /opsub Domain name http://subdomainfinder.c99.nl
Wayback Machine (CDX API) /opsub, /wayback Domain/wildcard URL pattern https://archive.org/about/terms.php
AbuseIPDB /iprep IP address https://www.abuseipdb.com/privacy.html
WHOIS Servers (various) /whois Domain name or IP address Varies by registry
GitHub API /release Version and branch name https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement
Discord CDN /build_override, /raccoon File attachment URL (provided by Discord) https://discord.com/privacy

The Bot does not share your data with any service beyond what is necessary to execute the command. Each third-party service has its own privacy policy and terms of service.

5. Data Retention

  • Zero retention. All input data is discarded immediately after the command completes.
  • No logs. The Bot does not maintain query logs, access logs, or audit trails of user activity.
  • Discord message history — Command requests and responses exist only within Discord's infrastructure and are subject to Discord's Privacy Policy. The Bot itself stores nothing.

6. Security

  • API keys and credentials (AbuseIPDB, SecurityTrails, GitHub token) are stored server-side in environment variables and are never exposed to users.
  • Timeouts are enforced on all external requests to prevent hanging connections.

7. User Rights

Because the Bot does not store any personal data:

  • There is no data to access, export, modify, or delete.
  • You may delete your command messages through Discord's native message deletion features.
  • If you have concerns about data handled by third-party services listed in Section 4, please refer to their respective privacy policies.

8. Children's Privacy

The Bot is not directed at individuals under the age of 13. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected in the "Last updated" date at the top of this document. You'll recieve a notification about privacy policy updates through a dm from the bot or a message when using wavetools.

10. Contact

For questions or concerns about this Privacy Policy, please contact @wavedev.js through Discord.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment