Accord Privacy Policy
Updated: 24 April 2026
1. Introduction
This Privacy Policy explains how we collect, use, share, and protect personal data when you use Accord software and services (the "Service"). The Service is provided by Accord Data Pty Ltd (ACN 691 164 584; ABN 60 691 164 584), a company incorporated in Australia, whose registered office is at Suite 3, 99 Musgrave Road, Red Hill QLD 4059 ("Accord", "we", "us", or "our").
Accord was initially developed under our former business, Layer Labs Pty Ltd. Since the transition to Accord Data Pty Ltd, Accord Data Pty Ltd is the single operating entity for the Accord platform. References in earlier versions of this policy to Layer Labs Pty Ltd and Layer Licensing Limited should be read as referring to Accord Data Pty Ltd.
We are committed to ensuring the fair and appropriate handling of your personal data. By using the Service, you agree to the collection and use of information in accordance with this policy.
Accord applies the data protection laws of the jurisdictions in which we operate, including the EU General Data Protection Regulation ("GDPR"), the UK GDPR and Data Protection Act 2018, and the Australian Privacy Act 1988. We use the term "Privacy Notice" as used in the UK GDPR interchangeably with the term "Privacy Policy" as used in the Australian Privacy Act 1988.
2. About Accord
Accord is a product that helps teams understand their Discord communities. Accord uses the Discord API to access, read, collate, and organise messages and data from designated Discord servers.
For the purposes of data protection law, we act as the "data controller" for the information you provide when registering for and using our Service ("Platform Data"), and as a "data processor" for the Discord server data we process on your instruction ("Discord Server Data"). Our contact details are at the end of this policy.
3. Information We Collect
3.1 Information you provide to us (Platform Data)
When you register for or use the Accord platform, we collect:
Name: your full name or the name of your organisation.
Contact information: email address and other contact details you provide.
Account information: username, password, and other details related to your Accord account.
Order and transaction history: for paid services, details of subscriptions or purchases.
Communications: any communications you send to us (for support or feedback).
Usage data and telemetry: information about how you use our Service.
3.2 Information we process on your behalf (Discord Server Data)
When you instruct Accord to analyse specific Discord servers, we use the Discord API to view and collect messages and other information posted by users in public channels within those designated Discord servers. This data is processed at your instruction and for the purpose of providing you with insights and analytics about those communities. Discord Server Data includes:
Messages and content: the textual content of messages users have shared in public Discord channels.
Associated identifiers: the unique 18-digit Discord User ID and the Discord username at the time of collection.
Metadata: timestamps, server IDs, channel IDs, and similar.
We access only data made available on Discord in public channels designated by you. Discord's Privacy Policy (https://discord.com/privacy) explains how Discord shares data with third-party developers. We do not require the installation of a Discord bot on a server for this purpose; access is view-only for publicly available information as facilitated by the Discord API and your designation.
We do not directly interact with members of the Discord communities you designate in their capacity as community members.
4. How We Use Your Information
4.1 To provide and manage the Service
Set up and maintain your Accord account.
Enable use of the Service, including designating Discord servers for analysis and receiving insights.
Process subscriptions or transactions.
Provide customer support.
4.2 To improve the Service
Understand how users interact with the Service and identify areas for improvement.
Monitor performance and stability.
Use genuinely anonymised and aggregated data for internal analytics, research, and service enhancement.
4.3 To communicate with you
Send service-related announcements, updates, security alerts, and administrative messages.
Send marketing communications where you have consented or where otherwise permitted by law (you can opt out at any time).
4.4 For legal and security reasons
Comply with legal obligations.
Enforce our Terms of Service and protect our and others' rights.
Detect and prevent fraud, security breaches, and other harmful activities.
5. Legal Basis for Processing Personal Data
We process personal data on the following legal bases under the GDPR and UK GDPR:
Performance of a contract (Article 6(1)(b)): to register you for and provide the Service.
Legitimate interests (Article 6(1)(f)): for analytics about our users, to improve the Service, to monitor compliance with our Terms of Service, and to protect our business. For Discord Server Data processed on your behalf, you are responsible for ensuring you have a lawful basis for instructing us to process that data; our legal basis for processing is to fulfil our contract with you and act on your instructions.
Consent (Article 6(1)(a)): for direct marketing emails and for certain non-essential cookies. You can withdraw consent at any time.
Legal obligation (Article 6(1)(c)): where necessary to comply with a legal or regulatory obligation.
6. Sharing and Disclosure of Information
6.1 Our Customers
When you use the Service to analyse designated Discord servers, Accord processes Discord Server Data and provides insights and analytics back to you. You are the data controller; Accord acts as a data processor on your behalf. Accord does not control how you subsequently use or disclose the insights or data provided through the Service.
6.2 Sub-processors
Accord uses third-party service providers (Sub-processors) to provide essential functions on our behalf. Contractual arrangements with each Sub-processor include strict obligations on privacy, security, confidentiality, and data-breach reporting. The current Sub-processors are:
Sub-processor | Country / Region | Purpose |
|---|---|---|
Google LLC | EU region | AI Features, Cloud Data Storage and Processing |
Vercel Inc. | USA | Application hosting, AI Features and web analytics |
Upstash Inc. | USA | Application caching |
Resend, Inc. | USA | Email processing |
PostHog Inc. | EU region | Product analytics and monitoring |
Knock Labs, Inc. | USA | Notification processing |
6.3 Other sharing and disclosures
Accord does not sell your personal data. We do not otherwise share personal data with other third parties, such as advertisers or unrelated data brokers, unless: (a) we have your explicit consent (for example, if you request an integration with another service); or (b) we have a lawful or legal requirement to do so (for example, to comply with a court order, subpoena, or other lawful request, or to protect our legal rights or the safety of others).
6.4 Website analytics and marketing
We use analytics tools on our own website (where you learn about and sign up for Accord) to understand website traffic and improve our marketing. If we use retargeting tools, this will be based on your interaction with our website and any consents you provide for cookies or similar technologies.
7. International Data Transfers
Accord operates from Australia. Personal data we collect is primarily stored and processed in the European Economic Area (specifically, the Republic of Ireland via Google Cloud Platform). Accord personnel and certain Sub-processors may access or process personal data from locations outside the EEA and the United Kingdom, including Australia and the United States.
When we transfer personal data outside the EEA or the United Kingdom, or allow access from such locations, we implement appropriate safeguards, including:
The European Commission's adequacy decisions (including the EU–U.S. Data Privacy Framework of 10 July 2023) where applicable.
The 2021 EU Standard Contractual Clauses and, where required, the UK International Data Transfer Addendum.
A documented Transfer Impact Assessment (available to Customers on request) and supplementary technical, organisational, and contractual measures.
8. Data Retention and Deletion
We retain personal data only for as long as necessary:
Platform Data: retained for up to six years from account termination to comply with legal and tax obligations. Account deletion requests are actioned within 30 days, subject to overriding legal requirements.
Discord Server Data: retained while your Accord account is active. Verified deletion requests from Discord end-users are typically actioned within 30 days. On account termination, customer-specific Discord Server Data is deleted from active systems within 30 days.
Anonymised and aggregated data: may be retained indefinitely as non-personal data.
9. Your Data Protection Rights
You have the rights of access, rectification, erasure, restriction of processing, data portability, and objection. To exercise these rights, contact privacy@accord.gg.
If you are a Discord end-user and believe Accord has processed your public messages from a Discord server as part of Discord Server Data processed on behalf of one of our Customers, please include the following in your request so we can locate the data:
Your unique 18-digit Discord User ID.
The specific Discord Server ID(s) where your messages were posted.
Approximate date range(s) of the messages you are concerned about.
Without sufficient verifiable information, we may be unable to locate your data. We respond to validated requests within 30 days, subject to applicable legal requirements.
10. Data Security
We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, encryption at rest, role-based access, logging of privileged access, regular access reviews, multi-factor authentication, and a documented incident-response process. No internet-based service can be 100% secure; we cannot guarantee absolute security.
11. Third-Party Services and Our Relationship with Discord
Our Service interacts with Discord via its API. This Privacy Policy does not cover the privacy practices of Discord or any other third-party services. We encourage you to review Discord's Privacy Policy and the privacy policies of other third-party services you interact with.
Discord's Developer Terms of Service characterise Accord as an independent data controller in respect of data obtained through the Discord API for the purposes of Accord's contractual relationship with Discord. This does not change our role as a data processor for our Customers under our Data Processing Agreement: where a Customer designates a Discord server for analysis, the Customer remains the controller of that Discord Server Data as between us, and we process it on the Customer's instructions. Under the Discord Developer Terms of Service, Discord reserves the right to require us to delete or cease using data obtained through the Discord API; where Discord exercises that right, we will act accordingly and notify the affected Customer to the extent legally permitted.
12. Children's Privacy
Our Service is not intended for individuals under the age of 16 (or a higher age where stipulated by local law for consent to process personal data). We do not knowingly collect personal data from children. If we become aware we have inadvertently collected personal data from a child without verifiable parental consent, we will delete it.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post updates on our website and indicate the "Effective Date". Material changes will be notified through appropriate means before they take effect.
14. Contact Us
Questions about this Privacy Policy, your data protection rights, or our privacy practices: privacy@accord.gg.
14.1 EU Representative
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following region:
European Union (EU)
Prighter gives you an easy way to exercise your privacy-related rights (for example, requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit the following website: https://app.prighter.com/portal/16232110925.
14.2 Supervisory Authorities
You have the right to lodge a complaint with a supervisory authority:
UK residents: the Information Commissioner's Office (ICO).
EEA residents: the data protection authority in your country of residence (for Sweden, Integritetsskyddsmyndigheten — IMY).
Australian residents: the Office of the Australian Information Commissioner (OAIC).
