Back to homepage

Privacy Policy

Last updated: April 17, 2026

1. Who we are

Zephyr is a free and open source mod manager developed by Prismo Studios. The desktop application is distributed under the GPL-3.0 license. The cloud sync service is operated by Prismo Studios and is provided as a convenience to users who choose to enable it.

For any question related to your data, you can contact us at contact@prismo-studios.dev or through our Discord server.

2. Local use of the application

When you use Zephyr without signing in, no personal data leaves your machine. Mod profiles, configuration files and preferences are stored locally on your device. Zephyr fetches public mod metadata from Thunderstore and CurseForge using anonymous HTTP requests. No identifier is sent with these requests.

3. Cloud sync (optional)

Cloud sync is an opt-in feature. It is only active when you explicitly sign in with Discord and enable the corresponding preference in the application.

3.1 Authentication via Discord

We use Discord OAuth 2.0 to identify you. We do not see your Discord password. After you authorize Zephyr on Discord, we receive and store the following information from your Discord profile:

  • Your Discord ID (a numeric identifier)
  • Your Discord username
  • Your Discord display name
  • Your Discord avatar URL, if you have one

We do not request access to your email address, your friends list, your guilds or any other Discord scope.

3.2 Profile data

When you push a mod profile to the cloud, the following is uploaded and stored on our servers:

  • The profile archive (a ZIP file containing the list of mods, their versions and any local configuration files you choose to include in the export)
  • The profile manifest (name, target game, mod list)
  • Timestamps of creation and last update
  • The Discord ID of the owner

Profile archives are stored on disk on our hosting provider in France. Metadata is stored in a MySQL database on the same provider.

3.3 Authentication tokens

We issue you a JWT access token (short lived) and a refresh token (longer lived) so that the application can stay signed in. These tokens are stored locally by the application and are sent with every authenticated request to our backend.

4. Why we collect this data

  • To identify you and let you access only your own profiles
  • To synchronize your mod profiles between your devices
  • To let you share profiles with friends through a code or link
  • To send realtime updates to your application when a profile changes

We do not use your data for advertising, profiling, behavioral analytics or any commercial purpose unrelated to the cloud sync feature.

5. Sharing with third parties

We do not sell your data. We do not share your data with third parties for marketing purposes. The only third party involved in cloud sync is Discord, used solely for authentication.

Our backend is hosted by Alwaysdata (France). Server access is restricted to maintainers of Prismo Studios.

6. Data retention

Your account and your profiles are kept as long as your account exists. When you delete a profile from the application with the cloud delete option, the corresponding archive and manifest are removed from our servers immediately.

If you want to delete your account entirely (including all your cloud profiles), contact us at contact@prismo-studios.dev and we will erase all your data within 30 days.

7. Your rights

Under the European General Data Protection Regulation (GDPR), you have the right to:

  • Access the data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Request a portable copy of your data
  • Object to the processing of your data
  • Lodge a complaint with a supervisory authority (the CNIL in France)

To exercise these rights, contact us at contact@prismo-studios.dev. We will respond within one month.

8. Cookies and tracking

The Zephyr desktop application does not use cookies. The Zephyr website does not use tracking cookies, analytics scripts or advertising trackers.

9. Security

Communications between the application and our backend use HTTPS. Passwords are not stored because authentication is delegated to Discord. Refresh tokens are hashed before being persisted in our database.

No system is perfectly secure. If you discover a vulnerability, please report it responsibly to contact@prismo-studios.dev.

10. Changes to this policy

We may update this policy when the application or the cloud service evolves. The date at the top of this page reflects the latest update. Significant changes will be announced on our Discord server and in release notes.