We take privacy seriously. However the very nature of our bot requires us to collect data about the files you upload and links you send in Discord channels that the bot is able to see. Please note that the Sorcerertech general privacy policy still applies to STAntiMalware, but this privacy notice does not apply to our other services.
When you upload a file, or send a link that appears to link directly to a file, we analyse it
for a filetype. If it matches one of the filetypes the server owner has configured to scan (by
default, that's exe dll dmg msi sh vbs bat zip gz tgz 7z rar docm doc xlsm xls pptm ppt
),
we will upload it to a cloud scanner. This scanner will then analyse it with numerous engines -
which ones it uses exactly differs based on the filetype, but it can include (but is not limited
to) Microsoft, Kaspersky, Symantec, Malwarebytes, McAfee, and others*. They may also share the
sample with the security community. In this case, the cloud scanner may** get guild ID, channel ID,
and message ID (but it will not get user ID, and so you can simply delete the message to anonymise
yourself), and it will definitely receive all of the contents of the file, including but not limited
to metadata. The engines will not necessarily get IDs, but they will definitely all of the contents
of the file.
If the server has link scanning enabled (which by default it is), when you send a link that does not appear to link directly to a file we will send the link to a cloud scanner. The scanner will analyse it with numerous engines, which includes (but is not limited to) urlscan.io, Phishtank, Kaspersky, Sucuri, Google Safebrowsing, and others*. The scanner will only receive the URL - no personally identifiable information will be included.
At this given time, Sorcerertech never stores your file - the download URL is passed directly to the scanner - but it may have access to metadata about your file.
Deletion of the report is possible, however you will need to contact us with a SHA-256 hash of the file, and a good reason (e.g. personal data leak, intellectual property conlict, etc.). These are mandated by our cloud scanner. In some cases, it might not be possible to remove either the report or the file, or both.
If you'd like to get in touch with us, please either
- join our Discord (recommended), or
- use the contact details at https://sorcerertech.co.uk/contact/
* For a more precise list, please contact us.
** We are actively working on a solution to remove any IDs from the upload.