Privacy Policy
This Privacy Policy describes exactly what data ControlArk ("we", "us", or "our") collects, why we collect it, how long we keep it, and your rights over it. By adding the ControlArk bot to your Discord server or using this website, you agree to this policy.
1. Who This Applies To
This policy applies to:
- Discord Server Administrators — who add ControlArk to their server and configure its features.
- Discord Users — who interact with the bot via commands or use the ingame shop.
- ARK Players — whose in-game data (names, platform IDs, presence, sessions) is collected from your server's game files on behalf of the server administrator.
- Website Visitors — who log in to the ControlArk dashboard via Discord OAuth2.
2. Data We Collect
2.1 Discord Data
- Discord Server ID — to associate all configuration and data with your server.
- Discord User ID — to associate credit balances, shop orders, and permissions with individual users.
- Discord Username & Avatar — collected at website login via Discord OAuth2 to display your profile on the dashboard.
- Discord Channel, Thread & Forum IDs — stored when you configure logging channels or server log forums.
- Discord Webhook URLs — stored when you configure tracking or log webhooks.
2.2 ARK Player Data
The following is collected automatically from your ARK server's game logs and save files, on behalf of the server administrator:
- Platform ID — Xbox XUID or equivalent identifier used to uniquely identify a player across sessions.
- ARK Internal ID — the player's internal ARK character identifier.
- In-game name / account name — the display name shown on the server.
- Character level — the level of the player's ARK character.
- Implant ID — the ARK character implant ID, used for shop order assignment.
- Tribe name and tribe ID — the tribe the player belongs to.
- In-game coordinates — 3D world position, converted to map latitude/longitude for the player list display.
- IP address — the player's IP address as recorded in ARK server logs, used for alt account detection.
- Session data — login time, logout time, and session duration.
- Explorer note count — tracked to detect unusual gains that may indicate game exploits.
2.3 ARK Creature Data
- Creature species, name, and level — for wild dino tracking rules.
- Base stats — health, stamina, damage, weight, etc., used to trigger tracking webhooks when configured thresholds are met.
- World coordinates and map position — tracked for wild creature sighting history.
- Sighting status — whether the creature is active or has despawned.
2.4 Nitrado Integration Data
- Nitrado API token — encrypted using AES-256-GCM before being stored.
- Nitrado account ID and username — stored alongside the token to identify and label the connection.
- Server ID, server name, and server status — fetched from Nitrado to power server management features.
- ARK save files — downloaded from Nitrado temporarily into memory to parse player and creature data. They are never stored on our servers beyond what Nitrado itself holds.
2.5 Shop & Credit Data
- Shop orders — Discord user ID, items ordered, credit cost, implant ID, assigned room, pin code, delivery status, and timestamps.
- Credit balances and transaction history — balance, amount adjusted, reason, who performed the adjustment, and timestamp.
- Delivery records — a log of each delivery cycle including which items were delivered and to whom.
- Discount code usage — which user used which code and how many credits were saved.
2.6 Website Session Data
- When you log in via Discord OAuth2, we receive and store your Discord user ID, username, and avatar URL.
- We store your list of Discord servers (filtered to servers where you have the Manage Server or Administrator permission) in your session to determine which dashboards you can access.
- Your Discord access token is stored in your server-side session so we can periodically re-verify your server permissions. It is deleted when your session expires (7 days) or when you log out.
- Session cookies are set with a 7-day expiry and are HTTP-only.
2.7 Internal Error Logs
Internal errors are logged with: source, severity, error message, stack trace, and optionally a server or guild reference. These are used solely for debugging and are automatically deleted after 7 days.
3. Why We Collect This Data
- Server administration — so administrators can manage their ARK servers from Discord and the web dashboard.
- Player list and presence — to power the live player list, session history, and tribe tracking features.
- Detection systems — alt account detection (via shared IP), admin command detection, illegal name detection, explorer note detection, and spoof detection are operated on behalf of server administrators.
- Ingame shop — to process orders, assign delivery rooms, inject items into the server save, and maintain credit balances.
- Tracking webhooks — to fire Discord notifications when tracking rules match (player join/leave, wild dino stats, server changes, tribe logs).
- Website dashboard — to authenticate you, determine your server access, and display your guild's data.
4. Data We Do Not Collect
- Your Discord email address.
- Any real-world payment information (credits are virtual with no monetary value).
- Browsing history or tracking cookies beyond your authenticated session.
- Any data from Discord servers where ControlArk is not installed.
5. Third-Party Services
- Discord — all bot and OAuth2 functionality is built on the Discord API. See Discord's Privacy Policy.
- Nitrado — server management features interact with the Nitrado game server API using tokens you provide. We do not share your data with Nitrado beyond what is necessary to operate the integration you configure. See Nitrado's Privacy Policy.
- OpenXBL (Xbox Live API) — when resolving Xbox platform IDs or gamertags, only the platform ID is transmitted. No other personal data is sent.
- Cloudflare R2 — used to store shop images and store banners uploaded by server administrators. No personal user data is stored in R2. See Cloudflare's Privacy Policy.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Player sessions | 30 days, then automatically deleted |
| Wild creature sightings (despawned) | 7 days after despawn, then automatically deleted |
| Alt detection alerts | 30 days, then automatically deleted |
| Detection cache | Auto-expires per entry, then automatically deleted |
| Internal error logs | 7 days, then automatically deleted |
| Player presence, IP addresses, platform IDs | Indefinitely, until guild data is deleted |
| Shop orders, credit balances, and transaction history | Indefinitely, retained as server operational records (see Section 8) |
| Guild configuration and settings | Indefinitely, until deletion is requested |
| Nitrado tokens (stored encrypted) | Until you remove the connection |
| ARK save file content | In memory only during processing — never stored on our servers |
| Website account (username, avatar) | Until you delete your account |
| Website session and Discord access token | 7 days from last login, or until logout |
7. Data Security
- Nitrado API tokens are encrypted at rest using AES-256-GCM.
- All database access is via authenticated connections.
- Website sessions use HTTP-only cookies.
- API keys and bot tokens are stored only in server environment variables and never in the database.
8. Your Rights & Data Deletion
Guild administrators can delete specific categories of data directly from the ControlArk dashboard (e.g., bans, session data, shop configuration).
You can delete your website account from the Account page. This removes your login credentials (Discord user ID, username, and avatar) from our system and destroys your session.
Shop orders, credit balances, and transaction history are retained as part of the server's operational records even after account deletion. This data belongs to the server's records and is managed by the server administrator. To request deletion of this data, contact the server administrator directly.
To request full deletion of your guild's data, contact us via the Discord server below. We will process requests within a reasonable timeframe.
9. Children's Privacy
ControlArk is not directed at children under 13. We do not knowingly collect data from users under 13. If you believe a child under 13 has provided us with data, please contact us immediately so we can remove it.
10. Changes to This Policy
We may update this policy from time to time. Changes are posted on this page with an updated date. Continued use of the bot or website after changes are posted constitutes acceptance of the updated policy.
11. Contact
For privacy questions, data requests, or deletion requests, contact us via email or our Discord server:
support@controlark.net
discord.gg/KxQfP98yDY