Privacy Policy

The controller within the meaning of Art. 4(7) GDPR and other applicable data protection laws is: Observtrace, owner Mattias Held, Rieneckstraße 15, 97947 Grünsfeld, Germany, incorporated as a Private Limited Company in Somalia (Karaan, Mogadishu). For all data protection matters and requests (access, rectification, erasure, restriction, portability, objection, complaints and other communications) please contact us at: [email protected]. Postal contact at the address above. A data protection officer has not been appointed because the conditions of Art. 37 GDPR and Section 38 BDSG are not met for the operation of Mrs. Maid (no large-scale systematic monitoring as a core activity, no processing of special categories as a core activity, fewer than 20 persons engaged in continuous personal-data processing). To the extent processing is carried out by the entity incorporated in Somalia beyond the German business address and Art. 3(2)(a) GDPR applies, we remain reachable for data protection requests from the Union at [email protected]; a separate designation of a representative under Art. 27 GDPR is not required where the German business address already ensures domestic reachability within the Union.

Every processing operation described in this Policy is based exclusively on Art. 6(1)(f) GDPR. Our legitimate interest comprises (1) the secure, stable and abuse-free operation of the bot and dashboard, (2) the technical delivery of the features actively requested by guild managers, (3) authentication and session security, (4) accountability for administrative actions, and (5) defence against attacks, spam and platform abuse. For each data category we have carried out a balancing test within the meaning of Recital 47 GDPR. That balancing test takes into account: strict purpose limitation, full data minimisation, the complete absence of advertising or profile-based monetisation, cryptographic protection of sensitive fields, the ability to delete data and to object at any time, and the reasonable expectation of data subjects that a Discord bot invited into a guild needs to process the technical metadata required to perform its task. No processing relies on consent (Art. 6(1)(a) GDPR); no contract within the meaning of Art. 6(1)(b) GDPR is established with the individual member by the mere use of the bot. Your right to object under Art. 21 GDPR remains fully preserved.

We obtain personal data partly directly from you (input through the dashboard, slash command arguments, configuration saved by the guild manager) and partly indirectly from Discord Inc. via the official Discord APIs (Discord identity data at OAuth sign-in, gateway events for public activity in a guild where the bot has been invited, and the guilds list required for permission checks). Collection via Discord APIs falls under Art. 14 GDPR; it is triggered by the bot being invited by an authorised guild manager and by the dashboard sign-in. We do not enrich data from external sources, do not research social networks and do not buy third-party datasets.

We process: your Discord user ID, username, global display name, avatar hash, locale preference and the activation status of Discord two-factor authentication; at dashboard sign-in we additionally cache the list of guilds where you currently hold the Discord 'Manage Server' permission. That permission is re-verified against Discord on every authenticated request, so losing it immediately locks you out of the editor. Purpose: authentication, authorisation and rendering of the guild context. Legitimate interest: secure access control and protection against unauthorised configuration changes. Balancing test: only the identity attributes that are strictly necessary for operation and that you have already disclosed to Discord; signing out wipes the identity from the cache; an objection under Art. 21 GDPR ends dashboard access. Retention: until sign-out or expiry of the session.

We process every configuration value saved through the dashboard or via slash command: channel IDs (mod-log, AI, welcome, tickets, level-up, counting, confession), role IDs, category IDs, feature toggles (auto-mod, welcome, level-up, behavior analysis) and numeric thresholds (confidence, casual probability, max chars). Stored as written and applied at the next event tick. Purpose: technical delivery of the features the guild manager has actively enabled. Legitimate interest: without these values the service cannot perform its intended function. Balancing test: purely administrative values actively entered by the guild manager, with no direct reference to individual members; editable and wipeable at any time through the dashboard.

Per-guild Mammouth keys uploaded by the guild manager are encrypted at rest with libsodium secret-box using a master key the dashboard never logs. Decryption only occurs inside the bot process at the moment of use, and the plaintext is wiped from memory afterwards. The dashboard surfaces only a short hint (last few characters), never the full secret, and never sends the secret back to your browser. Purpose: using the AI feature with the API access provided by the guild itself. Legitimate interest: confidential custody of a secret provided by the guild manager. Balancing test: state-of-the-art encryption, no dashboard-operator access, deletion and rotation possible at any time. Retention: until manual deletion or rotation by the guild manager.

For every guild member the bot interacts with in an invited guild we store: Discord ID, display name, join date for that guild, XP, level, message count (numeric counter, never the content), voice-channel minutes and infraction points. Purpose: leaderboards, level-up cards and moderation context inside the respective guild. Legitimate interest: orderly moderation, community gamification and abuse protection inside the respective guild. Balancing test: no content data, no cross-site linkage, no external data matching, no particular sensitivity of these metadata in the concrete bot context. Retention: until a guild wipe is triggered or the member leaves the guild and is removed in the next inactivity sweep.

Only when a guild manager enables behavior analysis for their guild, the bot produces, per analysed member, a short AI-generated summary of communication style, soft and explicitly non-determinative demographic guesses (region, age band), recurring interest tags, any social handles the member volunteered themselves, and a count of analyses. Original messages are read in flight to produce the summary and discarded immediately; only the summary persists. Technically, behavior profiles are keyed by Discord user ID, so a guild wipe does not remove the profile from other guilds. Purpose: community understanding and moderation context for the guild manager. Legitimate interest: curated community management by the respective guild manager. Since this constitutes profiling within the meaning of Art. 4(4) GDPR, the following safeguards apply: (1) every member may object at any time via the slash command '/behavior opt-out'; the profile is frozen and flagged as opted out, and no further analysis is performed; (2) no special categories of data within the meaning of Art. 9 GDPR are processed; (3) no automated decision in the individual case with legal effect under Art. 22 GDPR is taken; (4) no transfer to third parties for their own purposes takes place. Balancing test: opt-out is a single-step user action, all estimations are flagged as soft, and there is no advertising or commercial use of the data; the right to object is made practically effective by the low-threshold slash-command opt-out.

We process: mod-log events (timestamp, executing account, action, reason), admin command history (prompt and result for each admin slash command, capped at the last 100 entries per guild), dashboard audit trail (sign-ins, configuration changes, deletion requests) and application-level error and security logs. Purpose: accountability of administrative actions, evidence preservation and attack defence. Legitimate interest: integrity protection, anti-abuse and fulfilment of the accountability obligation under Art. 5(2) GDPR. Balancing test: purely administrative metadata, no logging of regular members' message content, hard volume caps and short retention periods (see Section 13).

Signing into the dashboard sets exactly one cookie: an HttpOnly, Secure, SameSite=Lax session ID cookie. Server-side the session record stores your user ID, the cached guild list, a User-Agent-derived identity fingerprint used to detect session hijacking, and the timestamps that drive a sliding 24-hour and absolute 30-day expiry. All session state is wiped on sign-out. Setting this cookie is strictly necessary to provide the dashboard sign-in that you have actively requested and is therefore exempt from consent pursuant to Section 25(2)(2) TDDDG (Germany) and the equivalent strictly-necessary exception in Art. 5(3) of Directive 2002/58/EC. Purpose: secure and traceable session. Legitimate interest: authentication and protection against session takeover. Balancing test: no tracking cookies, no third-party cookies, no marketing identifiers; every value is limited to what is technically required.

We do not store regular members' message content, direct messages, voice audio, payment details, marketing identifiers, comprehensive browser fingerprints (beyond the UA hash used to detect session hijacking) or any cross-site cookies. Behavior analysis reads messages in flight to produce a summary and discards the originals immediately. We do not train AI models on your data and do not enrich your data via external data brokers or advertising networks.

Only two external services touch your data during normal operation: (1) Discord Inc., 444 De Haro St., San Francisco, CA 94107, USA - operates the platform itself and processes OAuth2 and gateway data as an independent controller under its own privacy policy. The transfer to the United States is based on the European Commission adequacy decision on the EU-US Data Privacy Framework of 10 July 2023 (Implementing Decision (EU) 2023/1795) for as long as and to the extent that Discord is certified under that framework, and additionally on the Standard Contractual Clauses pursuant to Implementing Decision (EU) 2021/914. (2) Mammouth AI - only if the guild manager has configured an AI key. The API call is made in the guild's name using the guild's own key; content data is only forwarded to the extent of the specific request directed at the AI. We do not engage in any other data sharing or marketing activity. There are no further processors within the meaning of Art. 28 GDPR and no disclosure to authorities outside statutory obligations to provide information or to cooperate.

Guild configuration: until changed by the guild manager or until a guild wipe. Per-member runtime data: until a guild wipe or until the member leaves the guild and is removed in the next inactivity sweep. Behavior profiles: until the member opts out (subsequently frozen as opt-out, no further analysis) or until the corresponding guild data is deleted. AI keys: until manual deletion or rotation by the guild manager. Discord OAuth access tokens: revoked immediately after the guild list is fetched. Sessions: sliding 24-hour and absolute 30-day cap. Mod-log and dashboard audit trail: 12 months for evidence preservation and anti-abuse; admin command history capped at 100 entries per guild; error logs at most 30 days. When a guild wipe is triggered, configuration, member profiles, self-roles, admin history and audit entries are deleted in one operation.

We apply state-of-the-art measures within the meaning of Art. 32 GDPR: HTTPS with a current TLS configuration, HttpOnly and Secure cookies with SameSite=Lax, libsodium secret-box encryption of sensitive fields (notably AI keys), strict Content Security Policy and security headers (HSTS, X-Content-Type-Options, Referrer-Policy), server-side rate limiting, least-privilege database access, session hijack detection via UA hash and bind fingerprint, and structured logs that never contain plaintext secrets. Database access is restricted to the bot process and the dashboard; no direct end-user access exists. Backup, restore and incident-response procedures are documented.

No solely automated decision in the individual case producing legal effects or significantly affecting you within the meaning of Art. 22(1) GDPR is taken. Automated moderation actions (e.g. warning, deletion, time-out) are performed solely on the basis of rules and thresholds set by the guild manager and are logged in the mod-log; every action can be manually reviewed and reversed. Behavior analysis is profiling within the meaning of Art. 4(4) GDPR but is purely descriptive: it does not trigger automated sanctions, status changes or permission changes. Members may object to the profiling at any time under Art. 21(1) GDPR (slash command '/behavior opt-out').

You have, at any time, the right to: (a) access to the personal data we process about you and the related processing information (Art. 15), (b) rectification of inaccurate or incomplete data (Art. 16), (c) erasure (Art. 17) - through the Data deletion page you can wipe an entire guild's data in one operation, members can withdraw from behavior analysis via '/behavior opt-out', and signing out immediately deletes the session identity (the OAuth token is already revoked at sign-in), (d) restriction of processing (Art. 18), (e) data portability where Art. 20 applies (export in a structured, commonly used, machine-readable format on request), and (f) objection under Art. 21 (see the separate Section 17). Requests are accepted without the need to state reasons; we will only request proof of identity where reasonable doubts about the identity of the requester exist within the meaning of Art. 12(6) GDPR. The handling period is one month from receipt pursuant to Art. 12(3) GDPR and may be extended by a further two months where complexity or the number of requests so requires; we will inform you of any such extension and the reasons for it within the first month.

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you that is based on Art. 6(1)(f) GDPR. As this Policy bases all processing operations on legitimate interest, the right to object applies to every processing operation described herein. If you object, we will no longer process the data concerned unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or where the processing serves the establishment, exercise or defence of legal claims. Practical and low-threshold ways to object: (1) use the Data deletion page (wipes a guild's data in one operation), (2) issue the slash command '/behavior opt-out' for behavior analysis, (3) sign out of the dashboard (deletes session and identity cache), (4) send an informal objection by email to the controller named in Section 1. Lodging an objection is free of charge and not subject to any formal requirement.

Without prejudice to any other administrative or judicial remedy, you have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. In Germany, the competent authorities are the state data protection authorities; an overview is provided by the Federal Commissioner for Data Protection and Freedom of Information at https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_node.html. For other EU Member States see https://edpb.europa.eu/about-edpb/about-edpb/members_en.

We may update this Privacy Policy if the underlying processing, the processors involved, the legal bases or applicable law change. Material changes will be flagged inside the dashboard before they take effect and become binding from the 'Last updated' date shown at the top of this page. Continued use of the service or leaving the bot in your guild does not constitute consent to any new legal basis; where a future change requires consent, consent will be obtained separately.

For all data protection matters (access, rectification, erasure, restriction, portability, objection, complaint, other questions about this Policy) please contact the controller at the postal address and email address stated in Section 1. In addition, you can trigger a fast wipe of your guild's data through the Data deletion page linked below, or open a ticket from your guild for a written reply. A written response will be provided without undue delay and within the period set by Art. 12(3) GDPR at the latest.

Data deletion →