Skip to main content
ACOAPHROWUU ACO← Back

Privacy Policy

Last updated: February 25, 2026

1. Who We Are

Aphrowuu ACO (“we,” “us,” or “our”) operates the ACO Dashboard web application at aphrowuu.com and the ACO Dashboard iOS mobile application (collectively, the “Service”). This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

2. Information We Collect

a) Discord Account Data

When you log in via Discord OAuth, we receive and store:

  • Your Discord user ID, username, and avatar
  • Your Discord guild (server) membership and roles

We use the OAuth scopes identify, guilds, and guilds.members.read. We do not request access to your Discord messages, friends list, or ability to act on your behalf.

b) Checkout Data

Checkout records (product name, site, price, quantity, status, timestamp) are created by our automated checkout bots and associated with your Discord user ID. You do not manually submit this data.

c) Email Scraping Data

If you use the email scraper feature, you voluntarily provide IMAP credentials (email address, host, port, username, password) to connect to your own email account. We access your email solely to extract order confirmation data (order numbers, products, prices, shipping status) from supported retailers. We do not read, store, or process any other email content.

d) Contact & Profile Information

You may optionally provide: name, mailing address, phone number, and contact email through your profile settings. Phone numbers are used exclusively for opt-in product drop alerts via call and SMS.

e) Inventory & Invoice Data

Product inventory items, invoices, and related financial data (purchase cost, revenue, profit) that you create within the Service are stored and associated with your account.

f) Device & Usage Data

We collect your device timezone for date-accurate checkout display. We do not use third-party analytics SDKs or advertising trackers.

3. How We Use Your Information

  • Authenticate you and verify your membership status
  • Display your checkout history, inventory, invoices, and statistics
  • Connect to your email account (when you opt in) to import order data
  • Send phone alerts for product drops (when you opt in and provide a phone number)
  • Track package shipments via EasyPost (when enabled)
  • Calculate points, leaderboard rankings, and membership status
  • Allow admins to manage the service (member support, release management)

4. Data Storage & Security

Your data is stored in a PostgreSQL database hosted by Supabase with row-level security policies. Authentication tokens on the iOS app are stored in the iOS Keychain (secure enclave). IMAP credentials are stored server-side and are only used to authenticate with your email provider during a pull request you initiate.

We use HTTPS for all data transmission. JWT tokens for mobile authentication are signed with HS256 and expire after 7 days.

5. Third-Party Services

We share data with the following services only as necessary to operate the Service:

  • Discord API — Authentication and role verification
  • Supabase — Database hosting and real-time data delivery
  • Vercel — Web application hosting
  • EasyPost — Package tracking (tracking numbers and addresses)
  • Twilio — Phone call and SMS alerts (phone numbers of opted-in users only)

We do not sell, rent, or share your personal information with advertisers or data brokers.

6. Data Retention

We retain your data for as long as your account is active. Checkout records are retained indefinitely for historical tracking. If you leave the Discord server (losing your required role), your dashboard access is revoked, but your data remains unless you request deletion. IMAP credentials can be deleted at any time from your profile settings.

7. Your Rights

You may:

  • View and export your data (checkout CSV export, inventory data)
  • Delete your IMAP profiles and stored credentials at any time
  • Update or remove your phone number and contact information
  • Request a complete deletion of your account data by contacting an admin via Discord

8. Children's Privacy

The Service is not intended for users under the age of 13. We do not knowingly collect information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. Continued use of the Service after changes constitutes acceptance of the revised policy.

10. Contact

For questions about this Privacy Policy or to request data deletion, reach out to an admin in the Aphrowuu ACO Discord server.