Legal

Privacy Policy

Your privacy is very important to us.


Last updated at: 1/7/2026

This Privacy Policy explains what information FoodExpress collects when you use our website, dashboard, Discord login, support tools, notifications, and related bot services.

Information we collect

When you sign in with Discord, we request the Discord OAuth scopes identify and guilds. This lets us receive and store account information needed to run FoodExpress, including:

  • Discord user ID, username, display name, avatar, public flags, premium type, avatar decoration data, and server membership information returned by Discord.
  • FoodExpress profile data, ranks, perks, score, birthday if provided, staff status, permissions, teams, schedules, leave requests, application data, appeal data, warnings, moderation case data, votes, poll responses, support feedback, reports, and other dashboard actions you submit or that staff record as part of operating the service.
  • Session records, login timestamps, account settings, notification preferences, 2FA setup state, encrypted 2FA secrets when enabled, and account action requests such as data export, disable, or deletion requests.
  • Technical data needed for security and sessions, such as session identifiers, token hashes, user agent, IP address where captured for FoodExpress session records, browser push subscription endpoints, and notification subscription IDs.

The website exchanges Discord OAuth codes for access tokens during login. The codebase stores FoodExpress session cookies and hashed FoodExpress website session tokens; it does not store Discord access or refresh tokens as a listed account record.

How we use information

We use information to authenticate users, keep accounts secure, show the dashboard, manage orders and staff workflows, process applications and appeals, provide support, deliver notifications, generate reports, prevent abuse, enforce permissions, maintain audit logs, and improve FoodExpress.

Staff and administrators may access information where their permissions require it, such as moderation, recruitment, order management, cyber security review, account support, reports, and site administration.

Storage and security

FoodExpress stores application data in MongoDB databases used by the website and FoodExpress services. We use authentication cookies, server-side sessions, hashed session tokens, permission checks, audit logs, and encrypted 2FA secrets to help protect accounts.

No online service can guarantee perfect security, but we limit access to operational need and use technical controls appropriate for the dashboard features in this codebase.

Cookies and local storage

We use cookies for login, Discord OAuth state, redirect handling, FoodExpress API sessions, impersonation sessions for authorized administrators (which will be communicated to you via site notifications with appropriate reasoning), maintenance bypass, and temporary authentication error details.

Services we use

FoodExpress uses the following third-party and connected services in the website code:

  • Discord for OAuth login, user and guild information, invite widgets, avatar/CDN images, Discord server widgets, and bot/API messaging features.
  • FoodExpress API and bot services at api.foodexpressbot.com and related internal APIs for authentication, order, staff, recruitment, appeal, support, and dashboard workflows.
  • MongoDB for website and dashboard data storage.
  • Google Analytics / Google Tag Manager for website analytics.
  • Google Fonts to load the Raleway font.
  • FECare live chat for support conversations, including visitor name, session details, and chat messages.
  • OneSignal for browser push notifications, including OneSignal external IDs, subscription IDs, opt-in status, and notification delivery data.
  • Web Push providers through your browser's push subscription endpoint when browser push is enabled.
  • OpenRouter for AI-assisted features such as Benny chat, article suggestions, summaries, insights, translations, generated reports, and administrative helper tools.
  • Top.gg for the public vote page, links, and embedded bot widget.
  • YouTube where videos are embedded on public pages.

We do not sell personal information and the website code does not show third-party advertising.

AI features

Some FoodExpress tools send prompts and relevant context to OpenRouter so an AI model can respond. This may include text you write, staff notes, applications, appeals, reports, orders, task details, audit-log summaries, support questions, or other dashboard records needed for the requested feature.

Do not enter sensitive information into Benny or AI-assisted tools unless it is necessary for the FoodExpress workflow you are using.

Notifications

If you enable browser notifications, we store the push subscription data needed to send notifications to your browser. If OneSignal is available, we also store the OneSignal subscription ID, external ID, and opt-in status so notifications can be delivered through OneSignal.

You can change notification preferences in account settings or revoke notification permission in your browser.

Embedded content and external links

Public pages may include embedded or linked content from Discord, Top.gg, YouTube, Google, OneSignal, and Discord's CDN. These services may receive technical information such as your IP address, browser details, cookies, and interaction data when their content loads or you click their links.

FoodExpress is not responsible for the privacy practices of external websites. Review their policies before using those services.

Data requests, deletion, and account controls

You can request an account data export, account disablement, or account deletion from the account settings privacy area where available. You can also open a support ticket in our Discord server or contact us at [email protected].

We aim to respond to privacy requests within 30 days. Some records may be retained where needed for security, abuse prevention, audit logs, dispute handling, legal obligations, or legitimate operation of FoodExpress.

Children's data

We do not knowingly collect or solicit personal information from anyone under the age of 13 or knowingly allow such persons to use FoodExpress. If you are under 13, do not send information about yourself to us.

If we learn that we have collected personal information from a child under 13, we will delete it as quickly as possible. If you believe we may have information from or about a child under 13, contact us at [email protected].

Virtual Diner source code

FoodExpress is based on Virtual Diner's source code with permission. Virtual Diner's owner and leadership team do not have access to FoodExpress databases, internal systems, or private dashboard data.

Changes to this policy

We may update this Privacy Policy when FoodExpress changes, when services are added or removed, or when legal or operational requirements change. The "Last updated" date shows when this page was most recently revised.