NitsuBot’s Privacy Policy

At NitsuBot, the privacy of our users is one of our main priorities. This Privacy Policy describes what information is collected by NitsuBot, how it is used, and what rights you have over your data.

This Privacy Policy applies to all services provided by NitsuBot, including the Discord bot, the Web Dashboard (bot.nitsu.xyz), and the DAPI service, as well as any other services provided by NitsuBot.

1. Data Controller

The data controller is the Owner, the individual operating nitsu.xyz, NitsuBot and their associated services. The "Contact Us" section provides its contact details.

2. Legal Basis for Processing

NitsuBot processes personal data on the following legal bases under Article 6 of the GDPR:

• Performance of a contract: Processing of Discord IDs (server, channel, user) and configuration data necessary to provide the core functionalities of the App.
• Legitimate interests: Processing of in-house usage analytics (command usage, message counters, button clicks) for service improvement purposes, where such interests are not overridden by User rights. Users may object to this processing at any time.
• Consent: Processing of IP addresses via the Multiple Account Protection feature, Tupper images, and Tupper messages. This consent is collected at the point of feature activation and can be withdrawn at any time by disabling the relevant feature or contacting us. For the Web Dashboard, analytics consent is collected via the cookie consent banner in accordance with the ePrivacy Directive.

3. Information We Collect

3.a. Data collected by the Discord bot

• Discord IDs (server, channel, user, message, role, interaction, etc.) and their associated metadata (names, avatars, etc.) as provided by the Discord API at the time of interaction.
• Custom settings and personalisation data set by users or server administrators / moderators
• Usage data including command usage logs, message counters, and button click counts (in-house analytics)
• IP addresses when using the Multiple Account Protection feature
• Images and messages content sent via the Tupper feature

3.b. Why We need this information

Discord IDs and associated data are necessary to provide the core functionalities of the App. It is always explicit when the bot stores information of this kind, and users are informed before it does so. These features can always be enabled or disabled, through in-app Discord commands or through the Web Dashboard.

In-house usage analytics (command usage, message counters, button clicks) are collected to improve the quality and reliability of our services and to understand how users interact with the bot. This data is processed on the basis of our legitimate interest (Art. 6.1.f GDPR) and retained for up to 3 years to fulfil this purpose, subject to users' right to object, after which it is deleted or anonymised.

All messages sent in servers where NitsuBot is active are processed in real time by the bot's Auto-Moderation system for the purposes of detecting spam, mass mentions, profanity, unauthorised advertising, and other conduct violations enabled by the Discord server administrators / moderators.
Message content is not stored as a result of this processing, except as described in Section 3c for the Tupper feature.

Birthday dates, where voluntarily provided by users via the /birthday command, used solely to send automated birthday messages within the relevant server.

3.c. Additional details on specific features

Multiple Account Protection

When a server enables this feature, new members are directed to a first-party verification page hosted by NitsuBot. This page collects the user's IP address and analyses it using the third-party service proxycheck.io to detect the use of a VPN or proxy. The IP address is used solely for this verification purpose and is automatically deleted when the user leaves the server that triggered the verification. It is never shared with any third party other than proxycheck.io.

Tupper

Images sent via the Tupper feature are stored directly on NitsuBot’s own secure infrastructure (bot.nitsu.xyz). Images are retained until deletion is requested by the user.
All messages sent through the Tupper feature are saved in our database for a maximum period of 6 months to prevent anonymous cyberbullying, after which they are automatically deleted.

Audio recordings

Audio recordings made via the /record command are stored temporarily during the recording session only (maximum 5 minutes) and are automatically deleted immediately after the audio file is transmitted to the requesting user. No audio data is retained beyond this point.

3.d. Web Dashboard Analytics

The Web Dashboard uses Google Analytics to collect anonymised usage data about how visitors interact with the Dashboard. This processing is subject to your consent, which is collected via the cookie consent banner displayed on the site. Google Analytics uses cookies and may transfer data to Google's servers, including outside the European Union. You may withdraw your consent at any time via the cookie settings in the Dashboard's footer. Google's privacy policy is available at https://policies.google.com/privacy.

4. Data Retention

NitsuBot retains personal data only for as long as necessary to fulfil the purposes for which it was collected, in accordance with Article 5(1)(e) of the GDPR. The retention periods are outlined below:

• Discord IDs, associated data, custom settings and personalisation data: Retained for as long as the server uses NitsuBot. This data is deleted immediately when the Discord bot is removed from the server.
• Discord user data (per server): Retained for as long as the user remains on the server. This data is deleted immediately when the user leaves the server.
• IP addresses (Multiple Account Protection): Retained until the user leaves the server that triggered the verification.
• Tuppers (names, prefixes and avatars): Retained until deletion is requested by the user.
• Tupper messages: Retained for a maximum of 6 months from the date of collection.
• Usage data (command usage, message counters, button clicks): Retained for up to 3 years from the date of collection.
• Audio recordings: Retained temporarily (maximum 5 minutes) and automatically deleted immediately after the audio file is transmitted to the requesting user.
• Dashboard analytics (Google Analytics): Retained as per Google Analytics' privacy policy. Controlled by the user via the cookie consent banner.

All of the above data categories may also be deleted earlier upon a valid user request.

5. Third-Party Services and Data Transfers

NitsuBot does not sell or share personal data with third parties, except as described below or when required by competent authorities.
The following third-party services are used by NitsuBot and may process personal data on our behalf:

• Proxycheck.io: IP address analysis service used for the Multiple Account Protection feature. It processes IP addresses and may store data outside the European Union.
• Google Analytics: Web analytics service used for the Dashboard.

For transfers outside the European Union, such transfers are carried out on the basis of the standard contractual clauses adopted by the European Commission, or on the basis of the user's explicit consent where applicable.

NitsuBot uses TMDB and the TMDB APIs but is not endorsed, certified, or otherwise approved by TMDB. NitsuBot uses other third-party APIs and services but is not endorsed, certified, or otherwise approved by these third parties. Users are encouraged to consult the respective privacy policies of these services.

6. Your GDPR Rights

Under the General Data Protection Regulation, every user is entitled to the following rights:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may request correction of any inaccurate or incomplete data.
• Right to erasure: You may request deletion of your personal data, subject to applicable legal obligations.
• Right to restriction of processing: You may request that we limit the processing of your data in certain circumstances.
• Right to object: You may object to processing based on legitimate interests (including in-house analytics). We will cease processing unless we can demonstrate compelling legitimate grounds.
• Right to data portability: You may request that your data be provided to you in a structured, commonly used, machine-readable format (JSON or CSV).
• Right to withdraw consent: You may withdraw your consent at any time.

To exercise these rights, please see the "Contact Us" section below.
We strive to respond to all legitimate requests within 30 days of receipt. This period may be extended for complex or numerous requests, in which case we will inform you of the extension and the reasons for it.

7. Children's Privacy

NitsuBot does not knowingly collect personal data from children under the age of 13. Users under 13 are not permitted to use the App (see NitsuBot Terms of Service).
We encourage parents and guardians to monitor and guide the online activities of minors. If you believe that a child under 13 has provided personal data through NitsuBot, please contact us immediately and we will take prompt steps to delete such information from our records.

8. Data Security

NitsuBot implements appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, alteration, or disclosure. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of users, we will notify the relevant supervisory authority within 72 hours of becoming aware, in accordance with Article 33 of the GDPR. Affected users will be notified without undue delay where required.

9. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. When we do, we will revise the "Last Updated" date at the top of this document. For substantial changes affecting user rights or data processing purposes, we will provide advance notice via the NitsuBot Discord bot profile and, where possible, via the Web Dashboard.
Continued use of NitsuBot's services after any changes become effective constitutes acceptance of the updated Privacy Policy.

10. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:
NitsuBot Discord Server
[email protected]
Contact Form