Last updated: May 31, 2026

Rakshak Security Policy

Security principles for Rakshak data handling, privileged features, public repositories, and private reporting.

Security Overview

Rakshak helps server owners protect communities through security, anti-nuke, moderation, automod, logging, ticket, voice/J2C, utility, premium, AI, music, and server management features.

Least Privilege

Rakshak is designed to request only the Discord permissions, data, and gateway intents required for enabled features.

Privileged Intents

Rakshak may use privileged Discord gateway intents only when needed for enabled features such as server security, anti-nuke protection, moderation, automod, member event handling, join and leave logging, role update detection, prefix command handling, AI/chatbot channels, autoresponders, status-related features, and abuse prevention.

Access Control

Access to Rakshak systems and stored data is limited to authorized maintainers. Sensitive commands, configuration panels, logs, tickets, voice controls, security controls, and moderation tools are intended for users with appropriate Discord permissions or server authorization.

Server Data Visibility

Server-specific information is intended to be shown only to authorized users, such as server owners or authorized moderators.

Credential Protection

Rakshak bot tokens, API keys, database credentials, private configuration values, and private credentials are not intentionally published. Rakshak will never ask users to share Discord tokens, passwords, API keys, or private credentials.

Data Handling

Rakshak uses data only for bot functionality, including security, moderation, automod, logging, tickets, voice controls, configuration, AI/chatbot features where enabled, support, service operation, and abuse prevention. Rakshak does not sell data or use server data for advertising or profiling.

Public Repository Safety

Public documentation repositories must not contain bot tokens, API keys, .env files, database files, source secrets, production credentials, private configs, or private service keys.

Reporting Security Issues

Security issues should be reported privately so they can be reviewed and handled responsibly. Please do not publicly disclose vulnerabilities or abuse methods before the Rakshak team has had a reasonable opportunity to respond.