Information collected through Discord OAuth
When you choose to register or log in with Discord, this site requests the Discord OAuth scopes identify and email. Depending on what Discord returns for your account, the site may store your Discord user ID, Discord username, Discord display/global name, Discord avatar identifier, and email address. The Discord access token is used only to complete the login and fetch your Discord profile. The site is not designed to permanently store your Discord OAuth access token.
Information you provide directly
You may add or update an email address, upload a profile picture, join or manage group tests, create forum posts inside a group test, upload COA files if authorized, and provide notes related to participation, funding status, vial status, or testing records.
Information collected while browsing
Like most cPanel-hosted PHP websites, the hosting server may automatically log basic request information such as IP address, browser user agent, requested URL, referrer, timestamps, and error details. The site also uses a PHP session cookie to keep you logged in and may use browser local storage for preferences such as light or dark theme and hiding the floating Discord button.
How information is used
Information is used to authenticate users, manage role-based access, display your profile, connect users to group tests, provide private group test forums, maintain COA records, moderate the site, investigate errors or abuse, and improve site security and reliability.
Who can see information
Administrators can manage users, roles, group tests, FAQ content, COA records, and moderation. Group test leaders can manage participant information and the forum for tests they lead. Participants in a specific group test may see posts and information made available within that test area. Public COA or FAQ content may be visible according to the site permissions.
File uploads
Uploaded COA files and profile images are stored on the web hosting account. Authorized users may be able to view COA files depending on permissions and publication status. Do not upload private information that should not be available to staff or authorized members.
Data retention
Account, role, group test, FAQ, forum, and COA records may be kept for as long as needed to operate the portal, preserve testing history, resolve disputes, or maintain community records. You may contact site administrators to request correction or removal where reasonable and technically possible.
Security
The site uses role-based permissions and CSRF checks on forms. No website can guarantee absolute security. Users should use secure Discord accounts, avoid sharing sensitive personal information in posts, and report any account or permission concerns to administrators.
Research-use limitation
This site is for documentation and community coordination. It does not provide medical advice, legal advice, or a guarantee that any test result applies beyond the submitted sample or vial.