Last updated: April 14, 2026
Discussite AB ("Discussite," "we," "us," and "our") is the controller of personal data covered by this Privacy Policy. This Privacy Policy describes how we collect, use, and protect personal data in connection with our website, apps, extensions, content, and related services (collectively, the "Service").
Where extensions are distributed through third-party platforms (such as app stores or extension marketplaces), those platforms' own terms and privacy policies (as applicable) also apply to the distribution, installation, and use of the extension.
This Privacy Policy forms part of, and is incorporated by reference into, the Terms of Service. In the event of any conflict between this Privacy Policy and the Terms of Service in relation to the processing of personal data, this Privacy Policy controls.
We collect the information needed to run the Service, such as account details (including age data and email addresses), authentication identifiers, profile information, posts, links, public and private content you submit, stars, connections, notifications, support or report messages, moderation records related to your account, waitlist data, limited device or browser information (including IP address, device and browser identifiers, and approximate location derived from IP address at country or city level only, not precise geolocation, used for security, fraud prevention, rate-limiting, and localisation), cookie and local storage identifiers, and service usage data related to how Discussite is working.
If you use Google sign-in, we receive identity data from Google and our auth provider. If you use our extensions, we access the URL of the page you are currently visiting in your browser when you activate the extension, solely to open the matching Site (as defined in the Terms of Service) on the Service. No other browsing data, page content, or browsing history is collected by us. The extension providers' privacy practices are governed by their own privacy policy.
If you choose to sign in using Google, we receive limited identity information from Google in order to authenticate your account. This may include your name, your email address, and your Google account identifier (subject ID). We use this information solely to create and authenticate your account to access the Service, associate your account with your Google identity, and maintain account security and prevent abuse.
We do not access, collect, or store your Google Drive, Gmail, contacts, or any other Google data beyond what is required for authentication. We do not use Google user data for advertising purposes, for profiling unrelated to the Service, or for training machine learning models. We do not sell or share Google user data with third parties, except as necessary to operate the Service (for example, authentication providers acting as processors on our behalf).
If we ever request additional Google data or change how we use it, we will clearly disclose this in this Privacy Policy and request your consent where required by law or platform policy. We retain Google-provided identity data only for as long as your account is active, and delete or anonymize it upon account closure in accordance with our data retention practices, except that we may retain such data for longer where necessary to comply with applicable law, enforce these Terms, prevent fraud or abuse, preserve moderation integrity, protect the safety of users or the public, or defend legal claims, in line with section 7 of this Privacy Policy and our obligations under the Digital Services Act.
We use cookies, localStorage, sessionStorage, and similar browser storage for a few different jobs. Some of this storage is necessary for the Service to work, and some of it is optional.
Necessary storage may be used to keep you signed in, secure the Service, prevent abuse, remember settings such as language or dismissed notices, and preserve short-lived in-tab state such as route or discussion context. If you block all browser storage, parts of the Service may not work correctly.
Optional analytics storage and related event collection help us understand which pages and flows are useful so we can improve the product. We currently use PostHog for that optional analytics. You can decline optional analytics and still use Discussite normally. We only enable that optional analytics after your choice in the consent banner. Where applicable law requires consent for optional analytics cookies or similar technologies, that opt-in is the legal basis for the storage and collection involved.
You can review or change your optional analytics choice below. You can also use browser controls to block or clear cookies and site data, although doing so may sign you out or reset saved settings.
We use personal data to provide the Service, operate accounts, display and moderate Sites and discussions, send service messages, improve the product, prevent abuse, protect users and Discussite, comply with law, and handle claims or disputes.
We rely on the following legal bases for the main processing purposes under the GDPR: account creation, authentication, and providing the core Service (performance of a contract, Art. 6(1)(b)); content moderation, safety, anti-abuse, fraud prevention, and security (legitimate interests, Art. 6(1)(f), and, where applicable, legal obligations under the Digital Services Act and other laws, Art. 6(1)(c)); service communications such as security alerts and account notices (performance of a contract or legitimate interests); optional product analytics, including PostHog (consent, Art. 6(1)(a)); responding to lawful requests and exercising or defending legal claims (legal obligations and legitimate interests); and product improvement and aggregated analysis (legitimate interests, balanced against your rights, or consent where required). Where we rely on legitimate interests, you have the right to object as described in section 9.
Discussite is built for public discussion. If you create an account or submit content, parts of your profile and activity may be public, including your username, public profile details, posts, stars, connections, and related timestamps or engagement.
Public content may be indexed, copied, cached, or archived by third parties outside our control. If you close your account, we may hide your profile, but some content may remain where needed for thread integrity, moderation, legal compliance, or dispute resolution.
We use third-party providers to run the Service. These providers act as data processors on our behalf under applicable data processing agreements. Our current providers may include Supabase for authentication, database, and realtime services; Cloudflare for hosting and security; Google for OAuth, URL safety checks, and extension distribution; Raycast for extension distribution (when you use the Discussite Raycast extension, Raycast may process metadata related to installation and usage; the Discussite extension itself only accesses the URL you provide to match it to a Discussite Site); OpenAI for content moderation (acting as a data processor; content sent for moderation is not used by OpenAI for its own training purposes); PostHog for optional product analytics if you opt in; GitHub for source code and operational workflows; Resend or similar email providers for transactional email; and Sentry for error monitoring.
We may update this list from time to time as our infrastructure evolves. The most current list of service providers is available upon request.
We may share personal data with service providers, with other users where the Service is public by design, and where necessary for legal, safety, security, or business reasons. We do not sell or rent personal data, and we do not share personal data for another party's own targeted advertising.
Because we serve a global audience, personal data may be processed outside your country, including outside the EU/EEA. Where required, we rely on one or more of the following transfer safeguards: (a) adequacy decisions by the European Commission (including the EU-US Data Privacy Framework for US providers certified under it); (b) Standard Contractual Clauses (SCCs) approved by the European Commission; or (c) other transfer mechanisms permitted by applicable law.
We keep personal data for as long as reasonably necessary to operate the Service, protect users and Discussite, comply with law, enforce our rules, and resolve disputes. Account data is retained at least for as long as your account is active. Server and access logs, moderation records, and other operational data are retained for as long as needed for their purpose or as required by applicable law, including obligations under the Digital Services Act.
After account closure, we retain: (a) anonymised or aggregated records for general fraud-prevention analytics and moderation integrity; (b) where we have reasonable grounds to believe an account was involved in fraud, abuse, safety violations, ban evasion, or other serious breaches of these Terms or the Protocol, identifiable signals (such as email address, hashed device or network identifiers, authentication identifiers, and related moderation evidence) for as long as necessary to detect and prevent recurrence; (c) moderation case evidence (which may include personally identifiable information) for active cases, recently closed cases, and patterns of repeated or serious abuse, and for as long as required by applicable law (including the Digital Services Act); (d) audit logs for legal compliance and security; and (e) aggregated or de-identified data that does not identify you.
We rely on our legitimate interests in platform safety, integrity, and fraud prevention, and, where applicable, legal obligations, as the legal basis for these retention activities. We periodically review retained data and delete it when the retention purpose has been fulfilled.
We use automated tools, including AI-based content classification services provided by third parties, alongside human review for moderation, anti-abuse, fraud prevention, security, analytics, and site-safety purposes. Automated moderation may flag content for human review, delay publication, or prevent publication if a potential policy violation is detected. We also use automated risk scoring based on hashed technical signals and behavioral patterns to detect suspicious account activity, including potential ban evasion and bot behavior.
We do not intend to rely solely on automated decisions that have legal or similarly significant effects on you without the safeguards required by applicable law, including human review of significant automated decisions.
Depending on where you live, you may have rights to request access, correction, deletion, restriction, objection, portability, and review of certain processing decisions. You may also withdraw consent where processing is based on consent, including optional analytics consent.
Through the Service, you can already access or update parts of your account, request an export of your data, and close your account. For other privacy requests, contact us at hello@discussite.com. We may ask you to verify your identity before we act. Where applicable law requires it, we aim to respond within one month.
You may also lodge a complaint with your local data protection authority. If you are in Sweden, that authority is IMY (Integritetsskyddsmyndigheten).
Official sign-in emails come from discussite.com. We never ask you to send us your password by email. If you receive a suspicious message, forward it to hello@discussite.com.
We use reasonable technical and organizational measures to protect personal data, but no system is perfectly secure. The Service is not intended for minors (persons under 18). We do not knowingly collect personal data from minors, and if we learn that we have collected personal data from a minor we will take steps to delete it.
We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version here and update the date above. The updated Privacy Policy becomes effective when posted or on the later effective date stated in it. By continuing to use the Service after that date, you acknowledge and accept the updated Privacy Policy as part of your ongoing use of the Service. Where applicable law requires a separate consent choice for a specific processing activity, we will ask for that choice separately.
If you use our extensions (currently available on the Chrome Web Store and Raycast), those extensions operate according to the following privacy practices:
Our extensions are designed to collect minimal data. When you activate an extension, it accesses only the URL of the current page you are viewing. This URL is sent to our servers solely to find and open the matching Discussite Site. We do not collect your browsing history, page content, metadata beyond the URL, or any other browsing data.
The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements. Specifically, Discussite extensions do not transmit, nor utilize any personal information for purposes other than: (a) the single purpose of enabling or improving the extension functionality as user-directed, and (b) ensuring security and preventing abuse. Extension data is not used for advertising, is not sold to third parties, and is not transferred for purposes unrelated to the extension's core functionality.
When you first use the Discussite extension from Chrome Web Store, a disclosure explains what data is accessed and how it is used. The extension does not transmit any data until you have acknowledged this disclosure.
URL data accessed by the extension is used in real time to navigate to the corresponding Discussite Site or to prefill the site submission form. The extension does not persistently store this URL. If you choose to submit that site to Discussite, the URL is stored as part of the resulting Discussite Site so the discussion can be shown and linked. We may retain basic, non-identifying usage metrics (such as the number of times the extension is activated) for analytics and improvement purposes. All data transmitted by the extension is sent over HTTPS.
For the Discussite Raycast extension, authentication (if applicable) is handled through Raycast's OAuth implementation using secure authorization flows (such as PKCE). Tokens are stored securely by Raycast and are not exposed to the extension in a way that would allow misuse. The extension itself only accesses the minimal data required to perform its function, consistent with the practices described above.
For privacy questions, rights requests, or complaints, contact us at hello@discussite.com.
No actions available.
Arrows to navigate; enter runs, esc closes.
To continue, please review and accept our policies.
To continue, please enter your date of birth. You must be at least 18 years old.
Scan this QR code with your authenticator app (Proton Authenticator, Google Authenticator, etc.).
Or enter this code manually:
Chrome