Privacy Policy

1. Who We Are

Guardiobot is an automated moderation and community safety service for Discord and Roblox, operated as an individual project based in England. References to "we," "us," or "our" refer to the individual operator. Guardiobot is not a registered company.

For data protection purposes, we act as the data controller for personal data processed through the Service. For data protection enquiries, contact legal@guardiobot.org.

2. Data We Collect

2.1 Data collected automatically through the Service

• Discord user IDs and Roblox usernames — collected when the bot is active in a server or experience. These are platform-issued identifiers, not names or email addresses.
• Server and experience identifiers — the Discord guild ID and Roblox experience ID, used to apply per-server configuration.
• Message content and metadata — processed locally in real time for content detection. Message content is not stored persistently beyond the adaptive learning sample retention window (30 days). Messages that trigger a detection may have metadata (not full content) retained in moderation logs.
• Moderation and enforcement records — action type, target user ID, timestamp, reason hash, and reviewer identity. Reasons are hashed (SHA-256) at write time and are never stored in plaintext.
• User risk classification — a Class A/B/C/D rating derived from offence history across the network. Class D indicates a user who has exercised their right to erasure under UK GDPR Article 17.
• Anonymous report data — the reporter's Discord user ID is cryptographically hashed (SHA-256) before storage and is never retrievable in plaintext. Report content is stored only for as long as review requires.
• Join event data — timestamps and outcomes of member join events, used for anti-raid detection and cross-server enforcement checks.

2.2 Data collected through the volunteer dashboard

• Volunteer credentials (hashed passwords using scrypt with OWASP-minimum parameters), 6-digit volunteer IDs, team and role information, timezone, and session data
• Device fingerprint tokens used to skip two-factor authentication on known devices (30-day expiry)
• Clock-in and clock-out session records, used for HR and hour tracking
• Content clearance level and associated audit log (immutably retained for legal compliance)

2.3 Data collected through the server owner dashboard

• Discord OAuth2 identity data (user ID, username, avatar, guild list) — used only to authenticate and display your managed servers
• Server configuration settings, preferences, and feature toggles
• Stripe customer metadata, for subscription management — payment card details are processed exclusively by Stripe and never reach our systems
• Developer API keys (SHA-256 hash only — the raw key is shown once at creation and never stored)

2.4 Data we do not collect

• We do not collect email addresses from regular users (only from volunteers who create credentials)
• We do not collect IP addresses of Discord or Roblox users (these are not provided by the platform APIs)
• We do not use advertising trackers, third-party analytics platforms, or marketing cookies

3. How We Use Your Data

• Content detection and moderation — processing messages through the detection pipeline (keyword, regex, content fingerprint, and URL matching) to identify policy violations
• Spam and raid prevention — tracking join rates and message patterns to detect coordinated attacks
• Cross-server enforcement — checking active punishments on every server join and propagating bans across the network
• User risk classification — building and maintaining a risk profile based on accepted reports and moderation actions across the network
• Volunteer operations — managing credentials, sessions, report review queues, and access control
• Subscription management — processing and fulfilling subscriptions through Stripe
• Service improvement — using adaptive learning samples to reduce false positives in detection

We do not use your data for advertising, profiling for commercial purposes, or sale to third parties.

4. Lawful Basis for Processing

Under UK GDPR, our lawful bases for processing are:

• Legitimate interests — community safety, fraud prevention, and service provision (Article 6(1)(f)). We have conducted a legitimate interests assessment and are satisfied that our interests do not override the rights and freedoms of data subjects.
• Contract performance — providing the Service to server owners and subscribers (Article 6(1)(b))
• Consent — where volunteers explicitly confirm their age and agree to content clearance terms before being granted access to NSFW content categories

5. Data Retention

• Message samples (adaptive learning): deleted after 30 days
• Volunteer authentication logs: deleted after 90 days
• Audit logs and moderation action records: deleted after 90 days
• AI chatbot interaction logs: deleted after 90 days
• Content clearance log (volunteer system): retained indefinitely — this is an immutable legal compliance record and cannot be deleted
• Enforcement and ban records: retained for as long as the enforcement is active. After a ban expires or is lifted, only a hashed user identifier is retained where necessary for ongoing ban enforcement
• GDPR-deleted users (Class D): only a SHA-256 hash of Discord ID and Roblox ID, a Class D marker, and the deletion date are retained — the minimum necessary for ongoing ban enforcement under Article 6(1)(c)

6. Data Security

We implement appropriate technical and organisational measures to protect personal data:

• Password hashing: volunteer passwords are hashed using a strong, memory-hard algorithm meeting current OWASP recommendations. Legacy hashes are transparently upgraded on next login.
• Data hashing: sensitive identifiers including reporter IDs, moderation reasons, and IP addresses (where stored) are cryptographically hashed at write time and never stored in plaintext
• Encryption at rest: subscriber-provided AI provider API keys are stored using authenticated encryption and are never logged
• Transport security: all public-facing services are delivered over HTTPS via Cloudflare. No service component is directly internet-accessible.
• Session security: volunteer and server owner sessions use httpOnly, SameSite=Strict cookies with short expiry windows
• Database access: the database is accessible only from within the local system

No security measure is perfect. In the event of a data breach affecting your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay, as required by UK GDPR Article 33.

7. Third-Party Services

The Service integrates with the following third parties, each with their own privacy policies:

• Discord — platform API for bot operation and OAuth2 authentication
• Roblox — platform API for experience integration
• Stripe — payment processing for subscriptions and donations
• Rotector and TASE — external Roblox user safety scoring APIs. Responses are cached for 5 minutes and not shared beyond enforcement purposes
• ProxyCheck, IPHub, VPNAPI — VPN and proxy detection for anti-raid protection
• Google Safe Browsing — URL safety scanning
• AI providers — AI chatbot functionality for Community Manager and Developer subscribers, using subscriber-provided API keys only. Guardiobot holds no shared API key for this feature.

We share only the minimum data necessary with each third party to provide the relevant functionality.

8. International Transfers

Some of our third-party service providers are based outside the UK or EEA. Where personal data is transferred internationally, we rely on:

• Adequacy decisions made by the UK Secretary of State or the European Commission
• Standard contractual clauses approved under UK GDPR
• The provider's binding corporate rules, where applicable

Stripe and Google are subject to the EU-US and UK-US Data Privacy Frameworks. Discord and Roblox are US-based companies operating under their own privacy frameworks.

9. Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights:

• Right of access (Article 15): you may request a copy of the personal data we hold about you
• Right to rectification (Article 16): you may request correction of inaccurate personal data
• Right to erasure (Article 17): you may request deletion of your personal data. Exercise of this right results in Class D classification — only the minimum data needed for legal ban enforcement is retained
• Right to restrict processing (Article 18): you may request that we limit how we use your data in certain circumstances
• Right to data portability (Article 20): you may request a machine-readable export of data you have provided to us
• Right to object (Article 21): you may object to processing based on legitimate interests
• Rights related to automated decision-making (Article 22): where automated decisions have a significant effect on you, you may request human review by submitting an appeal through the dashboard or contacting us

To exercise any of these rights, contact legal@guardiobot.org. We will respond within one month. If you are dissatisfied with our response, you have the right to complain to the ICO at ico.org.uk or by calling 0303 123 1113.

10. Children

The Service requires users to be at least 13 years old, in line with Discord's and Roblox's minimum age requirements. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided data through the Service, please contact us at legal@guardiobot.org and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes we will update the "Last updated" date above and, where reasonably practicable, notify you through the Service or by email. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact

For privacy-related enquiries or to exercise your data rights:

You also have the right to complain to the Information Commissioner's Office at ico.org.uk or by calling 0303 123 1113.