Privacy Policy
Last Updated: July 2026
Pensira is committed to transparency about how your data is handled.
1. Local-First Scanning, Two Minimal Online Lookups
The vast majority of scanning happens entirely on Pensira's own server โ your file, image, and text content is never sent to a third-party service (no VirusTotal, no OpenAI, no Google, no external API of any kind). All content detection (malware signatures, phishing/adult-site blocklists, PII/secrets scanning, image classification, QR code decoding, etc.) happens locally using signature matching, statistical heuristics, and machine learning models that run directly on the bot's own hardware.
Deep Check (not Quick Scan) additionally sends the bare domain name โ never the full URL, message content, or any file โ of links you scan to two free, no-account-required threat-reputation services, to check if the domain is already known-malicious:
- Cloudflare's malware-blocking DNS resolver, to check if the domain is a known malware host.
- SinkingYachts, a community-maintained database of Discord-specific phishing/scam domains.
Both services only ever receive a domain name (e.g. example.com), never your message content, files, or full URLs with query parameters.
2. Message Parsing & Zero-Download Architecture
To protect communities from hyperlink masking and hidden threats, the bot requires permission to access the specific message you invoke it on.
User App Privacy Win: Because Pensira is a User-Installable App, it physically does not have the ability to read or monitor chat messages in the background (no Auto-Mod). It can only read a message when you explicitly right-click it and select Apps โ Quick Scan / Deep Check, or when you use a slash command.
Zero-Logging Guarantee: The bot does not log, store, or archive any user conversations.
Scope of Scanning: The bot extracts and analyzes URLs, text, and attachments purely in-memory. No files or images are ever written to the server's hard drive. Once a scan completes, all message and attachment data is immediately discarded from memory.
3. Data We Store
The only data Pensira stores in its own database:
| Data | Purpose | Stored As |
|---|---|---|
| Discord User ID | XP, badges, referral tracking | Plain integer |
| Scan timestamps | Rate limiting, cooldowns | Unix timestamps |
| Cyber XP & Badges | Gamification | Plain integers/JSON |
| Referral links | Referral tracking | User ID pairs |
We never store: message content, usernames, server IDs, file content, or link URLs beyond what is briefly needed in-memory to perform the scan.
Note: Pensira previously supported donating personal API keys to a community pool for legacy third-party integrations. That feature has been discontinued โ no external API keys are collected, transmitted, or stored going forward.
4. Data Deletion
You may delete all your stored data (profile, XP, badges, and referral history) at any time via /settings โ Erase My Data. This action is immediate and permanent.
5. About This Dashboard
The stats shown on this dashboard are aggregate, anonymous totals only (total scans, community-wide XP, threat-category counts). No individual user data, Discord IDs, or message content is ever displayed here. Feedback submitted via the Feedback form is forwarded to a private Discord channel and is not linked to your Discord account.