Privacy Policy

DiscordBot. ("we", "our", "us") operates the DiscordBot. service, including the Discord bot and the web dashboard at discordbot.co.uk. We are the data controller for personal data collected through your use of the dashboard. Where the bot processes data about members of your Discord server, you (the guild owner or administrator) act as the data controller and we act as your data processor.

Contact: support@discordbot.co.uk

Dashboard account data. When you authenticate via Discord OAuth2 we receive your Discord user ID, username, avatar hash, and the list of Discord servers where you hold the "Manage Server" permission. We store this to authenticate you and to display your servers in the dashboard. We do not receive your Discord email address or password.

Server configuration data. We store the configurations you create: reaction role embeds, membership trigger settings, moderation rules, auto-mod rules, logger settings, and any associated channel, role, or message IDs from your Discord server.

Server activity data. To deliver the bot's features, we process and store the following data about events in your Discord server:

• Membership events - join, leave, kick, ban, unban, boost, and verification events, including the Discord user IDs and timestamps involved.
• Moderation cases - case type (warn, timeout, kick, ban, etc.), offending user ID and tag, moderating staff user ID and tag, reason text, duration, and timestamp.
• Server log events - event type, user IDs, channel/role/message IDs, and a short summary for up to 25 event types including message edits, deletions, voice activity, and role changes.
• Name change history - Discord username and server nickname changes for members of your server, stored as old value, new value, and timestamp.
• Member notes - text notes written by your server staff, with the author user ID and timestamps.
• Audit log attribution - where Discord provides it, we record which staff member carried out a moderated action.

Session data. We use two HttpOnly, SameSite=Lax cookies to keep you signed in: an access token (expires after 15 minutes) and a refresh token (expires after 7 days). These are signed JWTs that contain your Discord user ID, username, avatar, and managed server list. They are never accessible to JavaScript running on the page.

Payment data. Pro plan payments are handled entirely by Stripe. We store your Stripe customer ID and subscription status. We never see or store your full card number, CVV, or bank account details - those remain with Stripe.

Technical data. Our servers record standard access logs (IP address, request path, timestamp, HTTP status code) for security and debugging purposes.

We rely on the following lawful bases:

• Performance of a contract - processing your account data, configuration data, and session cookies is necessary to provide the service you have signed up for.
• Legitimate interests - processing server activity data on behalf of guild owners to enforce their server configurations; security monitoring; fraud and abuse prevention; service reliability and debugging. Our legitimate interests do not override your rights.
• Legal obligation - retaining payment and financial records as required by applicable law.

Where we act as a data processor for your Discord server members' data, we process it only on your documented instructions (your configuration settings).

• To authenticate you and display your servers, configurations, and activity data in the dashboard.
• To operate the Discord bot - reading your configurations and executing actions in your Discord server (sending messages, assigning roles, posting log embeds, applying moderation actions).
• To record moderation cases, membership events, and server logs as configured.
• To process Pro plan subscription payments via Stripe.
• To detect and prevent abuse of the platform.
• To diagnose errors and maintain service reliability.

We do not sell your personal data. We do not use it for advertising.

We share data only with the following parties:

Discord Inc. The bot operates via the Discord API. Data sent to or received from Discord is governed by Discord's Privacy Policy.

Stripe Inc. Payment processing for Pro subscriptions. Stripe is PCI-DSS Level 1 certified. See Stripe's Privacy Policy.

Infrastructure providers. Our hosting and database providers process data on our behalf under data processing agreements.

We may also disclose data where required to do so by law, court order, or to protect the rights, property, or safety of DiscordBot., our users, or others.

• Dashboard account data - retained while your account is active and for 90 days following a deletion request.
• Server configuration data - deleted immediately on your request, or within 30 days of the bot being removed from your server.
• Membership and moderation event data - retained for 12 months by default; guild owners can delete individual records or all data for their server at any time.
• Server log events - retained for 90 days.
• Member notes and name change history - retained until the guild owner deletes them, or when the bot is removed from the server.
• Payment and billing records - retained for 7 years as required for financial and legal compliance.
• Technical server logs - retained for a maximum of 30 days.
• Session tokens - expire automatically (access token: 15 minutes; refresh token: 7 days).

We are based in the United Kingdom. Discord Inc. and Stripe Inc. are based in the United States. Transfers of personal data to the United States are made subject to appropriate safeguards, including Standard Contractual Clauses approved by the UK Information Commissioner's Office where applicable.

Under the UK GDPR and EU GDPR you have the following rights in relation to your personal data:

• Right of access - to receive a copy of the personal data we hold about you.
• Right to rectification - to have inaccurate data corrected.
• Right to erasure - to request deletion of your data in certain circumstances.
• Right to restriction - to ask us to limit how we use your data in certain circumstances.
• Right to data portability - to receive your data in a structured, machine-readable format.
• Right to object - to processing based on our legitimate interests.

To exercise any of these rights, contact us at support@discordbot.co.uk. We will respond within one month. If you are unsatisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know - to request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to delete - to request deletion of your personal information, subject to certain exceptions.
• Right to opt out of sale - we do not sell personal information. You do not need to opt out.
• Right to non-discrimination - we will not discriminate against you for exercising your CCPA rights.

To submit a request, contact us at support@discordbot.co.uk with "CCPA Request" in the subject line. We will respond within 45 days.

We use only two cookies, both strictly necessary to keep you signed in to the dashboard:

• access_token - a short-lived signed JWT (15 minute expiry). HttpOnly, SameSite=Lax.
• refresh_token - a longer-lived signed JWT (7 day expiry). HttpOnly, SameSite=Lax.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. The landing page (this website) sets no cookies at all until you sign in.

DiscordBot. requires a Discord account to use. Discord's Terms of Service require users to be at least 13 years old (or the minimum age in their country). We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected data from a child under 13, please contact us at support@discordbot.co.uk and we will delete it promptly.

We implement reasonable technical and organisational measures to protect your data, including encrypted HTTPS transport for all data in transit, HttpOnly cookie storage for session tokens, signed JWTs with short expiry windows, and access controls between services. No system is perfectly secure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay.

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify registered users by email or via the dashboard. Your continued use of the service after the effective date of an updated policy constitutes acceptance of the changes.

For any questions, data access requests, or complaints regarding this policy, contact us at:

DiscordBot.
Email: support@discordbot.co.uk
Website: discordbot.co.uk