1. Overview
This Privacy Policy explains how grokpot ("we," "us," or "our") collects, uses, discloses, and protects information when you visit grokpot.io, create an account, connect third-party identities, publish content, or interact with our Discord bot and related services.
grokpot is built and maintained by members of the Grok user community. We are an independent community site—not operated by SpaceX, SpaceXAI, xAI, X Corp., or Discord.
We are not affiliated with, endorsed by, or operated by:
- Space Exploration Technologies Corp. (SpaceX) or its SpaceXAI division (which absorbed the former standalone xAI company after SpaceX's February 2026 acquisition and Musk's May 2026 announcement that xAI would be dissolved as a separate company and folded into SpaceXAI);
- X Corp. (the X social platform at x.com, formerly Twitter)—a separate entity from xAI/SpaceXAI;
- Discord Inc.;
- Any cryptocurrency, token, or blockchain project
unless we say otherwise in writing. Grok, xAI, SpaceX, SpaceXAI, and X are trademarks and services of their respective owners.
We do not ask for or accept donations through the service, do not sell goods or services on grokpot, and do not issue or promote any coin, token, or other digital asset.
This policy applies to the grokpot website and APIs. It does not apply to third-party websites, user-hosted SPAs, or services operated by SpaceX, SpaceXAI, xAI, X Corp., Discord Inc., or other providers—those are governed by their own policies.
Throughout this policy, X refers to the social platform at x.com previously known as Twitter. Any reference to "Twitter" describes that platform under its former branding.
By using grokpot, you agree to this Privacy Policy. If you do not agree, please do not use the service.
2. Who We Are
The data controller for grokpot is the operator of the grokpot.io community service. grokpot is run by community members for people who build and share Grok skills and related content—not by SpaceX, SpaceXAI, the former xAI corporation, X Corp., Discord Inc., or any token project. For privacy requests, contact webmaster@grokpot.io.
3. Information We Collect
3.1 Information you provide
- Account and profile: username, display name, bio, optional birthdate (stored privately; only your age may be shown publicly), avatar image, role/permissions, and preferences such as whether to show your connected X username on your profile.
- User content: skills, SPAs (HTML/JS and related files), comments, uploaded images, upvotes/likes, reports, and feedback you submit.
- Communications: messages you send us via feedback forms or email.
3.2 Information from third-party sign-in (OAuth)
When you choose to sign in or connect accounts, we receive information from the provider according to the permissions you approve:
- X (formerly Twitter): profile identifiers and public profile information (such as X user ID, username, and profile image URL) as permitted by X's API and your authorization. We use this to authenticate you, populate your profile, and optionally display your X username.
- Discord: Discord user ID, username, global display name, avatar hash, and email address when the
identifyandemailscopes are granted. We use this to authenticate you, link your site account to Discord, and download/store a copy of your avatar on our servers when you select a Discord avatar.
We do not store your X or Discord passwords. OAuth access tokens are used transiently to complete sign-in or account linking and are not retained for long-term access to your social accounts unless we explicitly add a feature that requires it and disclose that here.
3.3 Discord bot and community data
If you participate in a Discord server where the grokpot bot is enabled, we may collect and store:
- Discord user ID, username, and profile metadata;
- Messages and attachments metadata from configured channels (message content, channel ID, timestamps, edit indicators);
- Semantic tags or classifications generated from message content using AI;
- XP/leveling and activity scores associated with your linked site account where applicable;
- Moderation and audit logs visible to administrators.
3.4 Automatically collected information
- Session data: we use HTTP cookies (session cookies) to keep you signed in and protect against cross-site request forgery during OAuth flows.
- Server logs: IP address, browser type, requested URLs, timestamps, and error logs generated by our web server for security and troubleshooting.
- Usage data: aggregated or pseudonymous analytics about how features are used (e.g., votes, uploads), where implemented.
3.5 Device identifiers (abuse prevention)
To enforce bans and reduce ban evasion, we collect device fingerprint signals generated in your browser (for example, hashed canvas/WebGL/audio/font metrics, screen and timezone characteristics, and storage availability). We combine these with a signed device cookie (gp_did) and store hashed identifiers, not raw canvas images. We use this data only for security, moderation, and fraud/abuse prevention—not for advertising. When an account is banned, associated device identifiers may be blocked from accessing the site and MCP connectors. Non-banned device records are retained for a limited period for linking and security purposes. You may contact webmaster@grokpot.io regarding access disputes.
3.6 AI processing (xAI / SpaceX / SpaceXAI)
When you use features that rely on Grok-related APIs—currently or historically branded as xAI (e.g. x.ai) and, following SpaceX's 2026 acquisition and restructuring, operated as part of SpaceX through the SpaceXAI division—we may send relevant prompts, code snippets, or message text to those providers (such as for image generation, automated security scanning of uploads, or Discord bot responses). That processing occurs under the provider's terms and privacy policies, not ours. Do not submit sensitive personal data you do not want processed by an AI provider.
grokpot does not use your personal information or User Content to train artificial intelligence or machine learning models, and we do not sell or license your data for model training.
4. How We Use Information
We use information to:
- Provide, operate, and improve grokpot;
- Authenticate users and link optional X and Discord accounts;
- Display profiles, skills, SPAs, comments, and community feeds;
- Moderate content, enforce our Terms, respond to reports, and protect security;
- Run automated security scans and AI-assisted features you request;
- Operate Discord bot features, including XP and community administration tools;
- Communicate with you about the service or respond to support requests;
- Comply with legal obligations and protect our rights.
We do not use your information for unrelated advertising profiles, for training our own or third-party AI models, or for any cryptocurrency or token-related purpose.
Where required by law, we rely on appropriate legal bases such as contract (providing the service you request), legitimate interests (security, fraud prevention, improvement), and consent (where you connect OAuth accounts or opt into optional features).
6. Grok, xAI, SpaceX, and SpaceXAI — Specific Disclosures
grokpot is a community site for Grok users; we are not part of SpaceX, SpaceXAI, or the former xAI corporation. When you use features that call Grok-related APIs:
- We may transmit prompts, code, images, or message text to xAI-branded API endpoints and/or successor services operated by SpaceX through its SpaceXAI division (following SpaceX's acquisition of xAI in February 2026 and the announced dissolution of xAI as a separate company in May 2026);
- That data is processed by those providers under their terms and privacy policies—we do not control their retention, training, or security practices;
- We do not use your grokpot data to train AI models, and we do not sell your data to AI providers;
- Provider branding may still say "xAI" (e.g. x.ai) even as corporate ownership sits under SpaceX/SpaceXAI.
For the providers' own practices, refer to their published policies (for example, materials at x.ai and SpaceX/SpaceXAI disclosures as updated by those companies).
7. X (formerly Twitter) API — Specific Disclosures
If you connect your X account (the platform formerly known as Twitter), grokpot accesses X information only as needed to provide authentication and profile features you request. Consistent with X's Developer Agreement and Policy:
- We use X data to sign you in, display your connected username (if you enable it), and sync profile/avatar information you choose;
- We do not sell X data or use it for unrelated advertising profiles;
- We do not use X data—or any grokpot data—to train artificial intelligence or machine-learning models;
- You can disconnect X from your grokpot profile settings (where available) or revoke grokpot's access in your X account security settings;
- If you ask us to delete your grokpot account, we will delete associated X linkage data stored on our systems within a reasonable period, subject to legal retention requirements.
For X's own practices, see X Privacy Policy and X Developer Agreement.
8. Discord — Specific Disclosures
Discord data is used to authenticate you, link community participation to your site profile, operate bot features, and administer servers configured by grokpot operators. Message content may be analyzed by automated systems for tagging, moderation, or bot responses.
You can leave Discord servers that use our bot and revoke OAuth access in your Discord user settings. See Discord Privacy Policy.
10. Data Retention and Deletion
We retain information for as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce agreements—while your account is active or as required for security and moderation.
When you delete content or your account (including while banned), we do not store or preserve that deleted data for ongoing use. Deletion is intended to be permanent on our systems, subject only to brief technical remnants during routine maintenance that are not kept for recovery or reuse.
- Active accounts: profile, content, and activity data are kept until you delete them or your account is removed;
- Discord messages: retained according to administrator configuration and operational needs until deleted through moderation tools or server configuration;
- Server logs: typically rotated within a limited period unless needed for security investigations;
- Device fingerprints (abuse prevention): retained as described in Section 3.5 while relevant to enforcement.
See also Section 6 for how data sent to Grok/xAI/SpaceXAI APIs is handled by those providers.
11. Security
We implement reasonable administrative, technical, and organizational measures to protect information, including HTTPS, access controls for admin functions, and hashed or restricted storage of secrets (such as API keys). No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
12. International Transfers
grokpot may be operated from the United States. If you access the service from other regions, your information may be transferred to and processed in the U.S. or other countries where our providers operate, which may have different data-protection laws than your home jurisdiction.
13. Your Rights, Choices, and Responsibilities
You are responsible for your own data on grokpot: what you upload, publish, connect via OAuth or the Grok connector, and what you choose to make public. Keep your own backups of anything important. We are not a long-term archive service.
Depending on your location, you may have rights to access, correct, delete, or export personal information, or to object to or restrict certain processing.
- Profile: edit display name, bio, and connected account preferences in your profile settings where available;
- OAuth: revoke grokpot access via X or Discord account settings;
- Deletion: delete your account or content through in-product tools where available, or request account deletion by emailing webmaster@grokpot.io with enough information for us to verify your identity—including if you are banned and need to remove your data without regaining access;
- Banned accounts: you may delete your data and/or account while banned but cannot otherwise use grokpot until a ban is lifted, if ever;
- Timed-out accounts: during a timeout you cannot upload new content or use the Grok connector to upload or publish through grokpot until the restriction ends or staff restore access.
We will respond to verified requests within the timeframe required by applicable law. We may deny requests where an exception applies (for example, legal retention or free-speech considerations for public posts).
14. California Privacy Rights (CCPA/CPRA)
California residents may have the right to know categories of personal information collected, request deletion or correction, and opt out of "sale" or "sharing" as defined by California law. grokpot does not sell personal information for monetary consideration, does not operate a paid storefront on the site, and does not use personal information to train AI models.
To exercise rights, contact webmaster@grokpot.io. We will not discriminate against you for exercising privacy rights.
15. European Economic Area, UK, and Switzerland
If you are in the EEA, UK, or Switzerland, you may lodge a complaint with your local supervisory authority. Our legal bases for processing are described in Section 4. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
16. Children's Privacy
grokpot is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact webmaster@grokpot.io and we will take steps to delete it.
17. Changes to This Policy
We may update this Privacy Policy from time to time. The "Effective date" at the top will change when we do. Material changes may also be announced on the site. Continued use after updates constitutes acceptance of the revised policy.
18. Contact Us
Privacy questions or requests: webmaster@grokpot.io
Terms of Service: https://grokpot.io/terms