Privacy Policy

Last updated: 15 May 2026 · Effective: 15 May 2026

Plain-English summary. Guild Pro Bot is a Discord bot run by Operator^* as a non-commercial hobby project. We process the minimum data needed to make the bot work (Discord IDs, the in-game data you choose to bind, server-management settings). We don't sell your data, we don't run advertising, and you can request deletion at any time by emailing [email protected].

1. Who we are (Data Controller)

Guild Pro Bot (the "Bot" and the associated dashboard at guildprobot.com, collectively the "Service") is operated by Operator^*, a private individual based in Austria, as a non-commercial hobby project ("we", "us", "our"). No commercial trade (Gewerbe) is registered for this Service.

We are the controller of your personal data within the meaning of the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the Austrian Data Protection Act (Datenschutzgesetz, "DSG"). For all data-protection matters please use the email address below — we respond within the GDPR-mandated one-month window.

2. What data we process and why

2.1 Discord account data (via OAuth and bot presence)

Data	Purpose	Legal basis
Discord user ID, username, global display name, avatar URL	Identify you in the bot and dashboard, attribute commands and actions, display your name in alliance rosters	Art. 6(1)(b) — performance of the Service you requested by adding the bot / signing in
Discord guild (server) memberships and your roles in them	Determine which servers you can manage in the dashboard, enforce admin-only commands	Art. 6(1)(b) — performance of the Service
Email address (only if you sign in to the dashboard via Discord OAuth and grant the `email` scope)	Account-linking confirmation, security notifications	Art. 6(1)(a) — consent (granted via Discord OAuth scope choice; revocable)

2.2 In-game and alliance data (only if you choose to bind)

Data	Purpose	Legal basis
In-game player ID and player name (e.g., Call of Dragons, Rise of Kingdoms, Whiteout Survival, Infinity Kingdom)	Bind your Discord account to your in-game character so the bot can attribute stats and activity data	Art. 6(1)(a) — consent (you initiate binding via `/bind` or the dashboard)
Game statistics you submit (power, kill points, donations, etc.)	Show stats in alliance dashboards, generate game-specific calculators and migration plans	Art. 6(1)(a) — consent
Verification screenshots	Manual or assisted verification that the bound character belongs to the Discord user	Art. 6(1)(a) — consent. Screenshots are deleted after verification (or within 30 days, whichever is sooner) unless flagged for fraud.

2.3 Bot operational data

Data	Purpose	Legal basis
Per-guild configuration (channels, roles, feature toggles set by server admins)	Run the bot the way the server's admins configured it	Art. 6(1)(b) — performance of the Service
Command logs (timestamp, command name, user ID, guild ID, success/error)	Debugging, abuse detection, rate-limit enforcement	Art. 6(1)(f) — legitimate interest in keeping the Service running and free of abuse
Reverse-proxy and Cloudflare access logs (IP address, user-agent, URL, status code)	Security monitoring, DDoS mitigation	Art. 6(1)(f) — legitimate interest. IPs truncated after 30 days.

2.4 Donations

If you donate via Ko-fi (ko-fi.com/codguildpro), Ko-fi is the controller for your card details, billing address, and any account they require — we never see them. We receive only the donor's chosen public name (or "Anonymous"), the amount, and an optional message. Donations create no service obligation and don't unlock features (see Terms §5). If you don't donate, no donation data is shared.

3. How long we keep data (retention)

Active accounts — kept for as long as your Discord account is in a guild that uses the bot.
Inactive accounts — auto-anonymised after 24 months of no commands and no dashboard logins.
Verification screenshots — deleted after successful verification or within 30 days, whichever is sooner.
Server logs — 30 days, then IP-truncated.
Per-guild config — deleted within 30 days of the bot being removed from the guild.
Backups — encrypted, retained for 14 days on a rolling basis.

4. Recipients (who we share data with)

We do not sell, rent, or share your data with advertisers, brokers, or marketing networks. We use a short list of trusted sub-processors:

Sub-processor	Purpose	Location	Safeguard
Discord, Inc.	Bot host platform, OAuth identity provider	United States	EU Standard Contractual Clauses; required for the Service to function (you choose to interact with the bot)
Cloudflare, Inc.	CDN, DDoS protection, TLS termination for the dashboard	US (with EU edge)	EU Standard Contractual Clauses (SCCs); EU Data Processing Addendum
Hetzner Online GmbH	VPS hosting (bot runtime, PostgreSQL database)	Germany (EU)	EU-based, GDPR-compliant DPA
Ko-fi (Ko-fi Labs Ltd.)	Voluntary donations only; independent controller of donor payment data. We receive only public name, amount, optional message.	United Kingdom	UK GDPR adequacy decision (Decision (EU) 2021/1772). Only used if you choose to donate.

We will update this list before any new sub-processor is engaged and notify active users in the support Discord and on this page.

5. International transfers

Personal data we control is stored on servers physically located in the European Union (Hetzner, Germany). Transfers outside the EU happen via:

Discord (United States) — required for the bot to function. Transfer governed by Standard Contractual Clauses (Decision 2021/914).
Cloudflare (United States) — edge processing of dashboard traffic. SCC + Cloudflare's Customer Data Processing Addendum.
Ko-fi (United Kingdom) — only if you choose to donate. UK GDPR adequacy decision.

6. Your rights under the GDPR

You have the following rights, exercisable free of charge:

Access (Art. 15) — get a copy of the data we hold about you.
Rectification (Art. 16) — correct inaccurate data.
Erasure / "right to be forgotten" (Art. 17) — delete your account and all associated data on request.
Restriction (Art. 18) — pause processing while a complaint is investigated.
Portability (Art. 20) — receive your data in a machine-readable format (JSON export on request).
Objection (Art. 21) — object to processing based on legitimate interest.
Withdraw consent at any time, where consent is the legal basis. Withdrawal does not affect processing already carried out.

To exercise any right, email [email protected]. We will respond within 30 days. To verify your identity we will ask you to send the request from the email address tied to your account, or to confirm via a Discord DM from the account in question.

Right to lodge a complaint. If you believe we have violated your rights, you may complain to the Austrian Data Protection Authority (Österreichische Datenschutzbehörde, Barichgasse 40-42, 1030 Wien, Austria, www.dsb.gv.at), or to the supervisory authority of your EU country of residence.

7. Security

We use HTTPS for all dashboard traffic, encrypted database connections, password-less authentication (no password leaks possible), and least-privilege database roles. Backups are encrypted at rest. The server is patched on a regular cadence. No security is perfect — if we detect a personal-data breach likely to result in a risk to your rights, we will notify you and the DSB within 72 hours as required by Art. 33–34 GDPR.

8. Children

The Service is not directed at children under 16. Discord's own terms set a minimum age of 13 (or higher in some jurisdictions). If you are under 16 you may use the Service only with the consent of a parent or guardian (Art. 8 GDPR).

9. Cookies and similar technologies

The dashboard uses a single session cookie set after Discord OAuth login, strictly necessary to keep you signed in. No analytics cookies, no marketing cookies, no third-party trackers. Cloudflare may set short-lived security cookies (e.g. __cf_bm) to mitigate bot abuse — these are technical and do not require consent under TTDSG / ePrivacy.

10. Automated decision-making

We do not engage in automated decision-making with legal or similarly significant effects within the meaning of Art. 22 GDPR. Verification of in-game accounts may use rule-based checks but the final outcome is reviewed by a human.

11. Changes to this policy

We may update this policy as the Service evolves. The "Last updated" date at the top reflects the most recent change. Material changes (new sub-processors, new categories of data, new purposes) will be communicated in the support Discord and on this page at least 14 days before they take effect.

12. Contact

Email: [email protected]
Discord: Support Server

All data-protection requests are handled by email — we acknowledge within 7 days and resolve within the GDPR-mandated one-month window.

* Provider / operator information

The Service is operated by Dawid Szablewski, Kapfenberg, Austria. As the Service is offered free of charge as a non-commercial hobby project under MedienG §25(5), no commercial trade (Gewerbe) is registered and no postal business address is published. A postal contact address is available on request via [email protected].