Aegis protects servers by watching behavior, not by hoarding conversations. Messages are scanned in memory as they arrive, then let go — what you write is never stored. This page lists exactly what is kept, for how long, and how to get it deleted.
Three small things, all keyed by Discord IDs — never names, never text. This is the complete list; there is no analytics pipeline, no third-party sharing, and no tracking on this website.
| Data | What it contains | Kept for |
|---|---|---|
| Member baselines | Per member, per server: first/last message timestamps, total message count, count of messages containing links, and up to 50 channel IDs they've posted in. This is what lets Aegis tell a hijacked regular apart from a throwaway account. | While Aegis is in your server |
| Quarantine snapshots | The role IDs a member had when quarantined, so /aegis release can restore them. | 7 days |
| Server config | Your thresholds, mod-log channel, quarantine role, and per-server domain block/allow lists. | While Aegis is in your server |
Not in a database, not in logs, not anywhere.
Message content. The text of what anyone writes is never written to disk. The bot's own logs record signal names and scores, never message text.
Attachments, media, and DMs. Aegis doesn't read direct messages at all — the only DM it ever touches is the recovery notice it sends to a quarantined member.
Personal details. No usernames, display names, avatars, or emails are kept. Everything above is keyed by numeric Discord user, channel, and server IDs.
Detection has to read messages to work — the difference is what happens next.
Each message is scanned in memory for scam lures, links, invites, and mass mentions, then discarded. What survives for about 5 minutes (in memory only, never on disk) is a one-way fingerprint: a cryptographic hash of the normalized text, its length, mention counts, and any link domains. The hash lets Aegis spot the same spam pasted across channels, but it cannot be reversed back into what was written.
When a link trips detection, the flagged domain (e.g. discord-give.com) appears in the alert posted to your own mod-log channel — that's your server's data, in your server.
Honest fine print, including the part we're still improving.
Retention today: baselines and config persist for as long as Aegis is in your server. Right now they are not automatically erased when the bot is removed — automatic cleanup on server removal is planned, and this page will be updated when it ships.
Deletion on request: want your server's or your own data gone now? Ask in the support server or email privacy@aegisbot.gg and it will be deleted.
Ask in the support server for a fast answer, or email us for anything formal — deletion requests included.