Built with security at its core

Files are stored on globally distributed object storage with automatic redundancy across multiple data centers. All data is encrypted at rest using AES-256.

Uploads: Files are uploaded directly from the client to storage using pre-signed URLs. File contents never transit through TierVault application servers. Downloads: Individual files are served directly from the CDN edge. We verify permissions, generate a time-limited signed URL, and redirect the user. Batch downloads: ZIP archives are assembled server-side in memory and streamed directly to the user. Files are not persisted during this process.

We maintain storage credentials necessary for file deletion and batch operations. We do not scan, index, or analyze file contents. Stored metadata is limited to filename, size, MIME type, and timestamps.

The bot operates with minimal OAuth2 scopes: • guilds.members.read — Verify user membership and roles • messages.send — Deliver download links via DM • applications.commands — Register slash commands The bot does not request message content, moderation, or administrative permissions.

The bot responds exclusively to the /download slash command. It verifies the requesting user's roles against your configured access rules, generates a unique token, and sends a private download link. No other server activity is monitored or logged.

Stored data: • Discord user ID and guild ID (account linking) • Role IDs (permission verification) • Username at time of download request (analytics) Not stored: Message content, direct messages, voice activity, or server events.

When a user requests access, we generate a cryptographically random token associated with their Discord identity and current role set. Tokens expire after a configurable period (default: 7 days). Role changes in Discord are reflected on the next token validation.

On first access, we capture a device fingerprint and bind the token to that device. Subsequent access attempts from different devices are blocked and flagged. This is transparent to legitimate users and requires no configuration.

Each download is attributed to a specific Discord user. Device mismatches, geographic anomalies, and access patterns are logged and surfaced in your dashboard. You have full visibility into which user's token was involved in any flagged event.

Account deletion triggers permanent removal of: • All files from object storage • All active download tokens • Discord integration data • Analytics and access logs This action is irreversible. Deleted data cannot be recovered.

No. We do not sell, rent, or share user data with third parties. We do not display advertising. TierVault is funded entirely through subscriptions.