Terms of Service

These terms govern your use of blight, which consists of the public web entry point, an authenticated dashboard for building Discord-server automations, and a Discord bot that executes those automations on your behalf. By using any part of the service you agree to these terms.

You authenticate by linking a Discord account via OAuth through Clerk, our identity provider. You must have authority over the Discord account you link and over any Discord server in which you configure automations or invite the bot. You are responsible for everything that happens under your linked account, including actions performed by automations you create.

Configuring server-level automations or inviting the bot also requires the corresponding Discord guild permissions (typically MANAGE_GUILD or guild ownership). The dashboard checks these against the Discord API; if your permissions are revoked there, your access in our dashboard is revoked too.

Authentication is managed by Clerk. After you sign in with Discord, Clerk issues a signed session JWT stored as an HTTP-only cookie. In production the cookie is marked Secure with SameSite=None so the dashboard subdomain can read it. Session lifetime is managed by Clerk and is typically up to 30 days.

Session activity is associated with your Discord ID server-side. Your Discord ID may appear in operational logs if you have opted in from the Privacy Settings page; otherwise only a hashed session reference is recorded. See our Privacy Policy for full details.

You can view, revoke, and manage all active sessions and registered passkeys from the Account page in the dashboard. Passkeys (WebAuthn credentials) are managed natively by Clerk and can be added or removed at any time.

You can control whether your Discord account ID is included in operational logs from the Privacy Settings page in the dashboard. This setting is off by default. Changing it takes effect on your next request. See our Privacy Policy for the full description of what data is processed and on what legal basis.

• No unlawful or abusive use, and no attempts to bypass authentication, rate limiting, or other security controls.
• No misuse of OAuth tokens, session identifiers, passkey credentials, or automation features to gain unauthorised access to Discord accounts or servers.
• Automations you build run against the Discord API on your behalf. You must not configure them in ways that violate Discord's Terms of Service, Developer Policy, or Community Guidelines — for example, spam, mass DMs, harassment, or evading Discord moderation.
• We apply per-IP and per-user rate limits across login, passkey operations, and guild mutations to protect the service and the Discord API. Sustained attempts to circumvent them are themselves a violation of these terms.

The service is provided on an "as available" basis. We may change, suspend, or discontinue features at any time for maintenance, security, or product reasons, and we do not currently offer an uptime SLA.

To the extent permitted by law we are fully liable for intent and gross negligence, and for injury to life, body, or health. For ordinary negligence, our liability is limited to foreseeable, typical damage from a breach of essential contractual obligations (Kardinalpflichten), except where mandatory law provides otherwise.

We are not liable for damage caused by Discord platform outages or Discord API changes, for Clerk service outages affecting authentication, nor for the consequences of automations that you yourself configured (for example, a rule you set up that bans the wrong member).

You can stop using the service at any time by removing the bot from your Discord servers, managing your sessions and passkeys from the Account page, and disconnecting your Discord account from Clerk. We may suspend or terminate access for serious violations of these terms, of Discord's policies, or of legal requirements.

If you remove the bot from a server, we generally keep that server's automation data for up to 30 days so you can add the bot back without rebuilding everything from scratch. During that period, automations tied to the bot will not fire. If the server remains unused, we may delete the server-specific data after that 30-day period.

Where applicable law requires longer retention for specific records, we may keep the legally required subset for longer. Depending on the record type, German commercial and tax retention rules can require retention periods of 6, 8, or 10 years.

To the extent legally permissible, German law applies. Mandatory consumer protection rules of your country of residence remain unaffected.