We design for least privilege and transparent installs. Here's exactly how we handle permissions, tokens, and runtime security.
We request only what your features need—no admin by default.
Every permission is explicitly scoped. Before you install, you'll see each permission bit and a plain-English explanation of why we need it.
How Discord permissions work
Discord uses an integer-based permission system (OAuth2). Each permission is a bit in that integer. We calculate the minimum set for your bot's features and show you exactly what we're asking for.
Your bot token is encrypted, never logged, and only used to run your bot.
We follow best practices for secure storage: encrypted using strong encryption, keys are rotated regularly, and access is restricted to the runtime environment.
You stay in control
You can revoke or rotate your token anytime from the Discord Developer Portal. If you suspect compromise, regenerate your token and redeploy—takes 30 seconds.
Your bot gets its own isolated environment
With resource limits, auto-restart on failure, and basic health checks. If one bot crashes, it doesn't affect others.
Live progress you can read
Watch deploy updates in real-time. See exactly when your bot connects, loads commands, and starts listening. If something breaks, you'll know why.
Mass-DM blocked by design
We prevent bulk direct messages and enforce rate limits that align with Discord's API guidelines. This protects your server's reputation and keeps your bot compliant.
Built-in rate limiting
All API calls respect Discord's rate limits automatically. You won't accidentally hit 429s or get your bot flagged.
Some features require privileged intents
Features like reading message content (for moderation bots) require enabling 'Message Content Intent' in your Discord Developer Portal. For verified apps in 75+ servers, you'll need to apply for approval.
We'll tell you when you need it
If your bot requires a privileged intent, we'll show a clear prompt with a link to enable it. No surprises.
How to report misuse
If you see a bot built with VibeCord violating Discord's Terms of Service or Community Guidelines, email us at abuse@vibecord.dev with the bot's ID and evidence. We respond within 24 hours.
What we do
Confirmed violations result in immediate suspension, token revocation, and cooperation with Discord Trust & Safety if needed.
VibeCord is independent and not affiliated with Discord Inc. We follow Discord's brand guidelines and API terms of service.
View Discord's brand guidelinesDoes Vibecord have admin access to my Discord server?
No. We request only the specific permissions your bot features need—never admin by default. You can see exactly what permissions are requested before installation.
Where is my bot token stored?
Your bot token is encrypted using AES-256 encryption at rest. Access is restricted to the runtime environment only—no human access to plaintext tokens.
Can Vibecord read my server's messages?
Only if you enable features that require it (like moderation). By default, bots don't request Message Content Intent. If needed, we'll prompt you to enable it in Discord Developer Portal.
What happens if my bot crashes?
Each bot runs in an isolated container with automatic restart on failure. If your bot crashes, it restarts automatically without affecting other bots.
Can I rotate my bot token?
Yes. Regenerate your token in Discord Developer Portal and redeploy—takes about 30 seconds. We recommend token rotation if you suspect any compromise.
Is my data shared with third parties?
No. We don't sell or share your data. Your bot configurations and tokens are used solely to run your bot.
How do you prevent spam and abuse?
Mass-DM is blocked by design. All API calls respect Discord's rate limits automatically. Bots that violate Discord's Terms of Service are suspended immediately.
What if I see a malicious bot built with Vibecord?
Report it to abuse@vibecord.dev with the bot's ID and evidence. We respond within 24 hours and cooperate with Discord Trust & Safety.
Do you support SOC 2 or GDPR compliance?
We follow best practices for data security and privacy. For enterprise compliance requirements, contact us to discuss your specific needs.
Can I self-host my bot instead?
Currently we offer managed hosting only, which includes security updates, monitoring, and auto-restart. Self-hosting options may be available in future enterprise plans.