Skip to content
RestoreBase logo
RestoreBase Docs
Reference

Data Storage And Privacy

A technical breakdown of how RestoreBase verification, recovery, and workspace data works.

RestoreBase is built around a narrow data model: store the Discord and workspace records needed to verify members, keep authorization healthy, run restores, and show operators what happened.

This page explains what is stored, what is not stored, and how that data moves through the product.

Short Version

RestoreBase stores verified member records, encrypted Discord OAuth tokens, workspace settings, encrypted custom bot credentials, audit events, and operational history.

RestoreBase does not store Discord passwords, private DMs, message history, full server content, raw card numbers, or unencrypted bot/member tokens.

How Verification Works

  1. An admin connects a Discord application and bot in the RestoreBase workspace.
  2. The admin attaches a Discord server and chooses the verification channel, verified role, and member-facing copy.
  3. A member opens the published verification link or Discord verification button.
  4. RestoreBase creates a short-lived OAuth state for that verification attempt.
  5. The member authorizes through Discord OAuth.
  6. Discord returns an OAuth code to RestoreBase.
  7. RestoreBase exchanges the code for Discord access and refresh tokens.
  8. RestoreBase reads the member's Discord profile, applies the configured verification policy, and adds the member to the server or role when Discord permissions allow it.
  9. RestoreBase stores the verified member record and encrypted tokens so the member can be restored later if needed.

What RestoreBase Stores

Workspace And Server Settings

RestoreBase stores the settings needed to run each managed Discord server:

  • Discord server ID and server name
  • workspace owner ID
  • selected verification channel ID
  • selected verified role ID
  • verification link version
  • verification log settings
  • minimum account age and security policy settings
  • verification page copy, button labels, branding, logo URL, accent color, and support links
  • custom domain value, when configured
  • selected bot ID for the server

These records tell RestoreBase which server to operate on and how the member-facing verification flow should behave.

Custom Bot Credentials

When a workspace uses its own Discord bot identity, RestoreBase stores:

  • bot display name
  • Discord application client ID
  • Discord client secret
  • Discord bot token
  • OAuth redirect URI
  • bot Discord user ID
  • bot avatar/banner/presence settings

Discord client secrets and bot tokens are encrypted before they are written to the database. RestoreBase decrypts them server-side only when it needs to call Discord APIs, exchange OAuth codes, refresh tokens, or run the bot gateway connection.

Verified Member Records

For each verified member, RestoreBase stores:

  • Discord server ID
  • Discord user ID
  • username
  • display name
  • avatar URL
  • encrypted Discord access token
  • encrypted Discord refresh token
  • token expiration timestamp
  • verification timestamp
  • last refresh timestamp
  • authorization health status
  • last authorization check timestamp
  • authorization error code/message, when Discord reports a problem
  • revocation timestamp, when re-verification is required
  • last restore timestamp and result
  • verification IP address, when captured by the verification flow

The encrypted OAuth tokens are what allow RestoreBase to later restore a verified member through Discord's OAuth member-add flow, subject to Discord permissions, token validity, and the member's continued authorization.

OAuth State

RestoreBase stores short-lived OAuth state records while a member is in the middle of verification:

  • random state token
  • server ID
  • bot ID
  • creation timestamp
  • expiration timestamp

These records protect the OAuth callback and expire quickly. They are consumed during the callback flow.

Verification Audit Events

RestoreBase stores verification audit events so operators can understand verification outcomes and security decisions:

  • server ID
  • user ID, username, display name, and avatar URL
  • event type, such as verified or denied
  • verified IP address, when available
  • account age summary and account age in days
  • IP-derived location/provider/connection details
  • VPN, proxy, and hosting signals
  • browser and operating system labels
  • reason text for policy decisions
  • password-gate access level/hint, when used
  • event timestamp

Audit events are used for dashboard history, reports, troubleshooting, and security review.

Firewall And Verification Policy

If verification firewall rules are configured, RestoreBase stores:

  • server ID
  • rule order
  • action: allow, deny, or password
  • target type, such as user, IP, IP range, country, continent, ASN, or domain
  • target value
  • operator note
  • creation and update timestamps

These rules are evaluated during verification to decide whether a member should pass, be denied, or be asked for an access password.

Activity Logs

RestoreBase stores operational activity logs:

  • server ID
  • action name
  • actor label
  • target user ID, when relevant
  • structured details JSON
  • timestamp

These records power dashboard activity, incident review, and operator visibility.

Billing And Account Records

When billing is enabled, RestoreBase stores billing metadata needed to connect a workspace to Stripe:

  • workspace owner ID
  • server ID, when a subscription is tied to a server
  • Stripe customer ID
  • Stripe subscription ID
  • Stripe price and checkout session IDs
  • customer email
  • plan ID and subscription status
  • billing interval, currency, and amount
  • current billing period timestamps
  • latest invoice identifiers, status, hosted invoice URL, and PDF URL
  • Stripe webhook event IDs used for idempotency

RestoreBase does not store raw payment card numbers. Card collection and payment processing are handled by Stripe.

Optional Feature Data

If optional modules are enabled, RestoreBase may store additional workspace records such as:

  • social alert feed settings and last-seen event metadata
  • command/module settings
  • ticket, moderation, reminder, role, giveaway, and profile records
  • workspace team member invitations or access records

These records exist only for the features a workspace uses.

What RestoreBase Does Not Store

RestoreBase does not store:

  • Discord account passwords
  • Discord private DMs
  • Discord message history as part of the verification and member restore flow
  • full server content
  • full member device fingerprints
  • raw payment card numbers
  • unencrypted Discord bot tokens
  • unencrypted Discord client secrets
  • unencrypted member OAuth access or refresh tokens

RestoreBase also does not sell user data.

How Stored Data Is Used

RestoreBase uses stored data to:

  • run Discord OAuth verification
  • assign verified roles
  • add authorized members back to a server during restore workflows
  • refresh member authorization before tokens expire
  • show authorization health in the dashboard
  • publish verification and operational Discord messages
  • apply security checks such as account age, VPN/proxy/hosting signals, and firewall rules
  • generate reports and activity history for workspace operators
  • support exports and account-level support requests
  • process billing status when paid billing is enabled

How Secrets Are Protected

Discord client secrets, bot tokens, and member OAuth tokens are encrypted before database storage.

They are decrypted only inside server-side runtime code when RestoreBase needs to communicate with Discord or refresh stored authorization. They are not exposed to the browser as plaintext.

Sensitive fields are also treated as secrets in structured logging so token-like values are not intentionally emitted into normal application logs.

Removal And Retention

Workspace owners can remove stored member records from the Members area and can remove managed server records from workspace settings.

Deleting a managed server record removes related server-scoped records where database relationships are configured to cascade. Some account, billing, support, or idempotency records may need to remain for legal, security, fraud-prevention, or payment reconciliation reasons.

For account-level export or deletion requests, contact RestoreBase support from the email address associated with the workspace.

Setup Order

Follow the recommended RestoreBase module setup order for a clean launch.

Workspace Requirements

What a RestoreBase admin actually needs before setup, without internal infrastructure details.

On this page

Short VersionHow Verification WorksWhat RestoreBase StoresWorkspace And Server SettingsCustom Bot CredentialsVerified Member RecordsOAuth StateVerification Audit EventsFirewall And Verification PolicyActivity LogsBilling And Account RecordsOptional Feature DataWhat RestoreBase Does Not StoreHow Stored Data Is UsedHow Secrets Are ProtectedRemoval And Retention