Arkanis runs moderation, identity verification, and game-server controls for Discord communities that take security seriously. This page explains exactly how the platform handles your data, your credentials, and your members.
This document is available in English only. The English version is legally binding. For questions, contact security@arkanis.gg
Every database query, cache read, and event handler is scoped by Discord guild_id. Two servers running Arkanis cannot see each other's strikes, cases, audit logs, settings, or member data, regardless of what role a user holds on either side.
Isolation is enforced at the data-access layer, not the UI. Removing a guild scope from a query is treated as a security regression in code review and is monitored by ongoing internal audits of the codebase.
RCON passwords, SFTP credentials, Pterodactyl / Pelican API keys, and any other server secret you connect to Arkanis are encrypted at rest using Fernet (AES-128-CBC with HMAC-SHA256 authentication).
Decryption keys are held only by the API service. They are not stored in the database alongside the encrypted values, and they are excluded from logs, error reports, and stack traces. We never log a decrypted secret.
Every state-changing action produces an audit-log entry: strikes, bans, warnings, mutes, ticket actions, role-panel changes, settings updates, identity links, and billing events. Each entry records who performed the action, what changed, when, and why.
The audit log is queryable from the dashboard and is never auto-purged. If your community needs to reconstruct a moderator decision six months later, the trail is still there.
Arkanis uses a granular capability system. Capability keys cover every staff action, from issuing a strike to viewing billing or rotating an RCON credential. Roles inherit only the capabilities they need.
Server owners assign capabilities to roles, not to commands. Renaming or replacing a feature does not silently re-grant access. A "view as role" preview lets admins see exactly what a staff role can and cannot do before they trust a person with it.
External integrations talk to Arkanis through the public REST API and the Model Context Protocol (MCP) server. Both surfaces share the same token model. Plaintexts are shown to the issuer exactly once at creation; the database stores an argon2id hash (OWASP 2023 parameters: 19 MB memory cost, 2 iterations) plus an indexed SHA-256 lookup digest. A leaked database cannot recover plaintexts. A leaked plaintext cannot be recovered server-side either, so if you lose one you revoke and re-mint.
Capability scope on a token is frozen at issuance. Gaining a capability later does not extend the token; losing one removes it from the token's effective access immediately. Each token can optionally be bound to one or more CIDR blocks. Calls from outside the allowlist are refused with a 403 at the resolve step, before the API processes the call. Tokens past 90 days show a soft rotation reminder in the dashboard; past 180 days, a non-dismissable banner appears alongside a Discord DM to the issuer. Tokens remain functional until their issuer chooses to rotate or revoke them.
Destructive actions (strikes, bans, long mutes, mass purges, raw RCON commands) require an active re-auth window before they will run. The window is approved in the dashboard, lasts 15 minutes, and is scoped to the token that requested it. A leaked token can read data and perform reversible writes, but it cannot strike or ban without the issuer approving a window first. Every token action is audit-logged with actor_source = token, the originating IP, and the canonical endpoint or tool name.
Full mechanics of the token lifecycle and the complete list of actions that require a re-auth window are documented in Developer Authentication and Destructive Actions.
Arkanis uses Discord's privileged Server Members and Message Content intents only for features that require them: verification gates, role sync, member join handling, AutoMod, ticket/modmail workflows, and configured moderation scanning.
Message content is processed only in moderation scope. AutoMod evaluates configured rules and keeps only the event data required by your retention settings; ticket and modmail messages are stored because users opened those support flows; ordinary server chat is not used for advertising, resale, or unrelated profiling.
If a privileged intent is unavailable, affected modules degrade gracefully instead of silently weakening permissions. Server owners can review required bot permissions and intent-dependent modules during setup.
Steam and Xbox identity links are verified through each platform's official OAuth flow, not by trusting user-supplied IDs. Each verification produces an audit entry recording the linked account, the verification method, and the timestamp.
We store the public identifier (Steam ID, Xbox gamertag) and a verification timestamp. We do not retain the OAuth refresh token long-term, and we never store the user's password.
Subscriptions are managed by Stripe. Card numbers, CVCs, and bank details are handled by Stripe and never touch Arkanis servers.
Arkanis stores only the Stripe customer ID, subscription state, and invoice history needed to render your billing page and provision Pro features for your guild.
Arkanis is operated from the United Kingdom. Personal data is processed in line with UK GDPR. You can export, correct, or delete data we hold about you on request, by emailing trust@arkanis.gg.
Full detail on what we collect, our legal basis, sub-processors, retention, international transfers, and complaint procedures lives in our Privacy Policy.
Arkanis is an independent service. We are not affiliated with, endorsed by, or partnered with Discord, Valve (Steam), Microsoft (Xbox), or Alderon Games (Path of Titans). When we name those platforms, we are describing integration points, not endorsements.
Status updates and incident reports for the bot, dashboard, and API are published on the official Arkanis Discord.
Some product directions exist that would be technically straightforward but that we have chosen not to build. Arkanis will not:
If you believe you have found a security issue in Arkanis, please email security@arkanis.gg. Please include reproduction steps and an estimate of the affected surface.
We aim to acknowledge within two business days and provide a remediation timeline within five. We do not pursue legal action against good-faith security research that follows responsible disclosure norms.