Last Revised: March 5, 2022
The privacy of your data — and it is your data, not ours! — is a big deal to us. In this policy, we layout: what data we collect and why; how your data is handled; and your rights to your data. We promise we never sell your data: never have, never will.
- Visit our website at automoderator.app
- Use our Discord application(s) (a.k.a. “Discord Bot(s)” — AutoModerator, AMA, Modmail);
- Engage with us in other related ways ― including any sales, marketing, or events.
- “Website”, we are referring to any website of ours that references or links to this policy;
- “Bot” or “App”, we are referring to any Discord application of ours that references or links to this policy, including any listed above;
- “Services”, we are referring to our Website, Bot, and other related services, including any sales, marketing, or events;
- “Data”, we are referring to any data, content, and information (including personal information) owned, held, used or created by you (or on your behalf) that may be stored using, or processed by, our Services;
- “Discord”, we are referring to Discord Inc. and its related companies;
- “Discord End User”, we are referring to you, as someone who is using Discord-related services according to the Discord privacy policies and terms of service;
- “Discord End User Data”, we are referring to the data you provide to Discord through the Discord App;
- “Discord App”, we are referring to the client(s) (desktop, mobile, web, …) that Discord offers to their End User(s) to access their services;
- “Discord API” we are referring to the API (Application Programming Interfaces) Discord provides to developers, that enables us to access your Discord End User Data according to the Discord privacy policies and terms of service.
What Information Do We Collect?
In Short: We collect personal information that Discord provides to us via the Discord API, or that you deliberately provide to us.
We may collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and services when you participate in activities on the Services or otherwise when you contact us.
Simultaneously, through our Bot, we may collect personal information related to you that Discord provides to us through the use of the Discord API (in this case, we refer to Discord End User Data).
The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make and the products and features you use within our Service and within the Discord App.
The personal information we collect may include the following:
- Discord ID: Your Discord ID is your unique identifier in Discord, and in all of our Services, and the only way for us to identify you in regards to your Discord End User Data;
- Other Identifiers: By directly interacting with us, we may access your contact details, such as usernames, and other contact information;
- Other Discord End User Data: Through the Discord API, we may access other types of content you share with Discord, such as message attachments, information about your Discord profile, or your presence in a specific “Discord server”.
We may also collect other personal information outside of these categories instances where you interact with us in-person, online, or by mail in the context of:
- Receiving help through our customer support channels;
- Participation in customer surveys or contests.
How Do We Use Your Information?
In Short: We process your information for purposes based on legitimate business interests, the fulfillment of our contract with you, compliance with our legal obligations, and/or your consent.
We use personal information collected via our Services for a variety of business purposes described below. We process your personal information for these purposes in reliance on our legitimate business interests, in order to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations. We limit the amount of data we collect, and store, to what is directly relevant and necessary to accomplish the specified purposes of such data. We indicate the specific processing grounds we rely on next to each purpose listed below.
We use the information we collect or receive:
- To offer our Services to you. Our Service may need your data, specifically obtained through the Discord API (in that case, we’re referring to Discord End User Data) or voluntarily and directly provided to us.
- To post testimonials. We may post testimonials on our Services that may contain personal information. Prior to posting a testimonial, we will obtain your consent to use your username and the content of the testimonial. If you wish to update, or delete your testimonial, please contact us at [email protected] and be sure to include your username, testimonial location, and contact information.
- Request feedback. We may use your information to request feedback and to contact you about your use of our Services.
- To send administrative information to you. We may use your personal information to send you product, service and new feature information and/or information about changes to our terms, conditions, and policies.
- To protect our Services. We may use your information as part of our efforts to keep our Services safe and secure (for example, for fraud monitoring and prevention).
- To enforce our terms, conditions and policies for business purposes, to comply with legal and regulatory requirements or in connection with our contract.
- To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
The personal information we process may be used for the following purposes:
- Discord ID: We use your Discord ID to identify you among the different Services, and in relation to your “Discord End User Data”.
- Partial Discord Message Content: With partial Discord message content, we refer to the content of messages that let you directly interact with our Bot, such as when using commands. We use your partial Discord message content to provide you with the output of such commands.
- Full Discord Message Content: With full Discord message content, we refer to the full content of messages that you send using the Discord App, even when the message is not related to a direct interaction with our Bot. We use your full Discord message content to provide specific features that may be offered through our Bot to you, or to other users, such as Server Moderation, Question Submissions.
- Other Identifiers: We may collect other types of identifiers, or contact details, other than your Discord ID if you are directly interacting with us; these identifiers will only be used to process specific inquiries, and may be deleted after the inquiry is complete.
- Other Discord End User Data: We may collect, store, and process other types of content you share with Discord, and that is further provided to us through the Discord API, to provide specific features related to our Services.
Hereafter, we also provide some additional remarks on how we process your data in relation to some specific use cases:
- Discord User Profile: Your username, profile picture, and any data related to your Discord user profile is provided from the Discord API based on your Discord ID, only when needed;
- Server Activity Logging (Server Administration): Data related to the “Server Activity Logging” feature of the Bot is never stored locally;
- Statistics: When statistics are provided by our Services, we only keep aggregated and anonymized data into our database.
Will Your Information Be Shared With Anyone?
In Short: We only share information with your consent, to comply with laws, to provide you with Services, or to protect your rights.
In general, we have no business needs that justify, nor direct interests in, sharing your information with other entities.
We may process or share your data that we hold based on the following legal basis:
- Consent: We may process your data if you have given us specific consent to use your personal information for a specific purpose.
- Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.
- Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfill the terms of our contract.
- Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
- Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
In Short: No.
Is Your Information Transferred Internationally?
In Short: We may transfer, store, and process your information in countries other than your own.
Our infrastructure is located in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information, and in other countries.
How Long Do We Keep Your Information?
For data related to the Forms module, submissions are saved for 12 months before being deleted from our database.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
How Do We Keep Your Information Safe?
In Short: We aim to protect your personal information through a system of organizational and technical security measures.
We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.
Hereafter, you’ll find an exemplary and not exhaustive list of measures we implemented to keep your data safe:
- User Identification and Discord End User Data Processing: Wherever possible, the only identification key related to you that is stored on our system is your “Discord ID”. Your “Discord ID” is a number provided by the Discord API and linked to your Discord End User Data. Your username, message content, data you provide to Discord, etc. is accessed by requesting such data through the Discord API using your Discord ID, while a minimal amount of data is stored in our Services.
- Encryption at Rest: Data stored by our Services is encrypted at rest (when saved in our database, or any data storage media we may be using) using best-in-class algorithms (e.g. AES-256-GCM) and following the most diffuse security guidelines. In some cases, data may be encrypted through multiple levels of encryption using different encryption keys; this approach is applied to all and any custom input we receive from the Discord API related to your Discord message content.
- Encryption in Transit: Data processed by our Services, or transferred between different components of our infrastructure, is encrypted using best-in-class algorithms (e.g. TLS 1.2+ with Mutual Authentication) and following the most diffuse security guidelines.
- Authentication, Authorization, Auditing: Our Services implement security measures that only allow authorized users to access any stored data.
- Infrastructure Security: Data is segregated into different components of the infrastructure that provides our Services. Technical and organizational security measures are in place to minimize the chance of an intruder having access to our infrastructure.
What Are Your Privacy Rights?
In Short: By choosing GDPR as our privacy framework, you have rights that allow you greater access to and control over your personal information.
Multiple privacy frameworks may be applied when storing and processing your data. We chose to align with the European General Data Protection Regulation (GDPR), extending those rights to you independently of where you are.
In “GDPR terminology”, as referred to in Article 4, we often refer to the following concept:
- Data Subject: any identifiable natural person whose personal data may be accessed, stored, and processed (in other words, you);
- Data Controller: determines the purposes for which and the means by which personal data is processed;
- Data Processor: processes personal data only on behalf of the controller;
We are a Data Controller of the information you provide to us, and a Data Processor of the Discord End User Data we are provided by the Discord API.
According to the GDPR, in certain circumstances (Chapter 3), you may have the following data protection rights:
- The right to access, update or to delete the information we have on you.
- The right of rectification.
- The right to object.
- The right of restriction.
- The right to data portability.
- The right to withdraw consent.
In circumstances where these rights may apply, you may request the application of such rights. To make such a request, you may email us at [email protected] detailing your inquiry. We will consider and act upon any request in accordance with applicable data protection laws.
If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
Upon receiving your request, we may need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts may require us to ask you to provide information so that we can match it with information you have previously provided us.
In such cases, we will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. If, however, we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity, and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.
How Can You Opt-Out Of Providing Your Data?
In Short: Our Services may offer the ability to self opt-out of providing your data. When this option is not available, you may contact us to have your situation examined.
Under certain circumstances, you may decide to opt-out of providing your data to us or, in other words, request us to have your personal information deleted from our Services. Depending on the personal information we collect, store, and process, and the specific Service we are offering to you, you may be able to self opt-out of providing some, or all, data.
In relation to the data that we collect, store, and process, you may have the following options regarding the ability to opt-out, or have your data deleted:
- Discord ID: Opting out of providing your Discord ID may not be possible in all circumstances. Your Discord ID is, in a general way, not a specific personal information unless it’s matched with other personal information that is collected, stored, and processed by Discord. You may refer to the Discord privacy policies and terms of service to know how to opt-out of providing your Discord ID.
- Partial Discord Message Content: In regard to the content of messages that let you directly interact with our Bot, such as when using commands, you may self opt-out of all occasions where you provided us with any custom input by disabling, or properly reconfiguring, such features that were configured using custom inputs.
- Full Discord Message Content: In regard to the content of messages that you send using the Discord App, even when the message is not related to a direct interaction with our Bot, you may (or may not) have the ability to self opt-out of providing your data depending on the technical implementation of such features that access your full message content. You may refer to the technical documentation of our Services for more information about whether this ability is provided.
- Other Identifiers: When directly interacting with us, you may request your personal information to be deleted at any time during our interaction. In case where such request is made, we may not be able to provide you with the information, or Service, you are requesting from us.
- Other Discord End User Data: In regard to other types of content we may obtain through the Discord API, you may refer to the Discord privacy policies and terms of service to know how to opt-out of providing such data.
In all cases where self opt-out is not an option, you may email us at [email protected] detailing your inquiry. We will consider and act upon any request in accordance with applicable data protection laws.
Do We Make Updates To This Policy?
In Short: Yes, we will update this policy as necessary to stay compliant with relevant laws.
To What Extent Does This Policy Apply? (a.k.a. Third-Party Privacy Policies)
In Short: While we do our best to keep our providers under observation, you are advised to refer to their respective privacy policies for further details.
Our Services are based on both self-developed and self-managed assets, and assets that are provided to us by external third-party providers.
In choosing our providers, we assess their technical and organizational policies and choose those that preserve your privacy according to valid policies.
Here’s a list of external third-party providers we rely upon:
- Email Services:
- Cloudflare Email Redirection
- Application Development Services:
How Can You Contact Us About This Policy?
If you have questions or comments about this policy, you may email us at [email protected].