Last updated on .

Privacy Policy

This document details all of the information collected by the Spectro#3767 (Discord User ID: 1310159012234264617) bot—hereon referred to as the "Bot"—about you (the "User"). For any concerns regarding the privacy policy, kindly create a new issue in the GitHub repository.

First and foremost, as the Bot is a Discord bot, usage of the Bot transitively implies the usage of the Discord platform. As such, Discord's Privacy Policy is a relevant document for other data usage that this document omits by implication. Although the Bot does not collect everything that the Discord platform does, this is still worth noting for completeness.

Logged Data

As far as first-party data collection is concerned, the Bot logs most of the data provided by the Discord platform whenever a command is invoked. Specifically, for each time that the Bot is authorized, the Discord platform pings the Bot about the installation information. This includes data (among others) such as:

  • The user who installed the Bot. This includes the user ID, the username, the user avatar URL, the user roles in the guild, and other fields (except the email-related ones).
  • The Discord guild (also colloquially known as the "Server") in which the Bot is now installed. This includes the guild ID, the guild name, the guild icon, the guild splash banner URL, and other fields.

Moreover, for each time that a user invokes the Bot's commands, the Discord platform pings the Bot about the invocation context. This includes data (among others) such as:

  • The user who invoked the Bot command. This includes the user ID, the username, the user avatar URL, the user roles in the guild, and other fields (except the email-related ones)
  • The guild ID of Server in which the Bot command was invoked.
  • The ID of the channel in which the Bot command was invoked.

Logs are only retained for up to 30 days—after which they are deleted. These logs are essential for monitoring the Bot's health and performance. Should any bugs arise, the logs also provide the pertinent context that is necessary for resolving them.

Persisted Data

As an "anonymous" confession bot for Discord, it must be clarified what is meant by the word "anonymous" in the Bot's context. To aid in server moderation, the Bot persists all user-generated confessions in a database that can only be viewed by server moderators and bot developers. With that said, anonymity is limited with respect to the visibility of regular members in a Server. That is to say, anonymity is preserved in so far that unauthorized and untrusted persons are kept out of the system.

Important: Anonymity is a convenience feature, not a security guarantee. Users should not submit content they would not want associated with their identity under any circumstances.

Concretely, each persisted confession (for the purposes of effective server moderation) includes the following data:

  • Time of submission.
  • User-generated text in the confession.
  • User-generated URLs to uploaded attachments via the Discord platform.
  • Discord user ID of the confessor.
  • Discord channel ID in which the confession was submitted.

Data Retention

  • Logs: Retained for up to 30 days, then automatically deleted.
  • Confessions: Retained indefinitely until (a) you request deletion, (b) the guild removes the Bot, or (c) the guild is deleted from Discord.
  • Guild data: Deleted when the Bot is removed from the guild.

Third Parties

The Bot relies on the following third-party service providers to operate. Each provider has their own privacy policy governing how they handle data.

Hosting and Database

  • Vercel — hosts the application and serves all web requests.
  • Neon — provides the serverless PostgreSQL database where all confession data is stored.

Orchestration and Observability

  • Inngest — manages background job orchestration for processing confessions asynchronously.
  • Logfire — provides application observability, logging, and performance monitoring.

Data Isolation

User-generated confession content is strictly isolated between the application (hosted on Vercel) and the database (hosted on Neon). External services used for orchestration (Inngest) and observability (Logfire) only receive internal identifiers and operational metadata (e.g., timestamps, channel IDs) for correlation and monitoring purposes. No confession text or user-submitted content is ever transmitted to these services.

International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction, including the United States (where Vercel, Neon, Inngest, and Logfire operate). These providers maintain their own data protection measures as described in their respective privacy policies linked above.

Legal Basis for Processing

We process your data under the following legal bases:

  • Legitimate interests: Operating and improving the Service, preventing abuse.
  • Consent: By using the Bot, you consent to this processing.
  • Legal obligation: Complying with applicable laws and valid legal requests.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data ("right to be forgotten").
  • Object to or restrict certain processing.
  • Data portability (receive your data in a structured format).
  • Lodge a complaint with your local data protection authority.

To exercise these rights, contact us via email with your Discord User ID and other pertinent details about your request.

Security

We implement appropriate technical measures to protect your data, including encryption in transit (TLS/HTTPS), access controls, and secure authentication. However, no system is completely secure, and we cannot guarantee absolute security.

Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users and relevant authorities as required by applicable law.

Children's Privacy

The Service is not intended for users under 13 years of age (or the minimum age required by Discord in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us for deletion.

Disclosure to Authorities

We may disclose your information if required by law, subpoena, court order, or other valid legal process, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Data Deletion

To request deletion of your data:

  1. Email 39114273+BastiDood@users.noreply.github.com with your Discord User ID.
  2. Alternatively, open a GitHub issue.

We will respond within 30 days. Note:

  • Server moderators retain their own moderation logs independently.
  • Some data may be retained as required by law or for legitimate dispute resolution.
  • Deletion of your confessions requires coordination with the relevant server moderators.

California Residents

We do not sell personal information as defined under the California Consumer Privacy Act (CCPA).