Privacy policy
What you should know about Discord login and your data on CAM Hub.
What matters most
CAM Hub uses Discord's official OAuth2 flow (via Supabase Auth) for "Sign in with Discord." You log in on Discord directly and CAM Hub never sees your Discord password. It is the same flow used by many thousands of other websites, apps, and bots.
The only data CAM Hub stores from Discord is your user ID, username, and avatar. We do not store your Discord email, password, or any other credentials, because we simply do not have access to them.
Regarding recent concerns
Some users have raised questions about CAM Hub's privacy and Discord login. To be clear: CAM Hub was not hacked or compromised. The only thing that changed recently is the information we display here, and the OAuth scopes we request from Discord.
It is not possible for a third-party website using Discord OAuth to take over your Discord account. Discord OAuth never gives the third party your password, and a connected app cannot change your account, read your DMs, or post as you unless it asks for those specific scopes — CAM Hub does not.
If your Discord account was compromised, it happened through other means: phishing links, malware, reused passwords, or a malicious browser extension. Enable 2FA on Discord, and never paste tokens into unknown sites.
Discord OAuth — what we request
CAM Hub now requests only the Discord identify scope. That gives us your user ID, username, and avatar — nothing else. We no longer request the email scope, so the Discord authorization screen no longer asks you to share your email address with CAM Hub.
Older accounts created before this change may still have an email on file inside Supabase Auth from when the email scope was requested. A daily scheduled job clears those email addresses from auth storage where the platform allows it. CAM Hub never displays email anywhere in the product.
What we use in CAM Hub
For logged-in features (builds, votes, comments, profile, etc.), CAM Hub uses your Discord identity — display name and avatar — to attribute your actions and show them in the UI. That is the only profile data tied to your account.
Security & data handling
Supabase keeps authentication data in protected auth storage; it is not exposed through public database APIs. Application data in our Postgres database is protected by Row Level Security (RLS), so users can only read or modify what they are allowed to. Server-only secrets (service role keys, cron secrets) stay on the server and out of any public repo.
If a serious data incident ever affects users, CAM Hub will follow applicable laws (including notification timeframes where required), rotate credentials, assess impact, and publish a clear notice on this site.
SSL / connection warnings
If your browser ever shows an SSL certificate warning on catchamonsterhub.com (for example during a brief deployment or DNS change), that means the browser could not verify the encryption certificate at that moment — it does not mean the site was compromised or hacked. If you see one, refresh after a few minutes or report it via the contacts in the site footer.
Other processing
Normal browsing may generate logs or analytics like any website. CAM Hub does not sell personal data. Questions: use the contacts in the site footer.