Privacy Policy for Voyager-1 Discord Bot

Last updated: January 19, 2026

1. Who We Are (Controller) and Scope

This Privacy Policy explains how the Voyager-1 Discord bot (the "Bot") processes information when operating in Discord servers ("Guilds"). The Bot is operated by the Bot owner/maintainer (the "Controller" for purposes of GDPR where applicable). Discord is an independent platform and typically acts as a separate controller for data it processes within Discord.

This Policy covers data processed by the Bot and its supporting infrastructure (database, cache, and logging/monitoring used to operate the Bot). It does not cover data processing performed by Discord itself or by third-party websites you visit via links shared through the Bot.

2. Data We Process

The Bot processes limited data made available through Discord and data submitted by users and server administrators as necessary to provide the Bot's functionality. Depending on server configuration and permissions granted to the Bot, we may process:

• Discord identifiers: guild/server ID, user ID, channel IDs (including voice channel IDs), message IDs where required for a feature, role IDs (e.g., for level roles), and similar technical identifiers.
• Basic Discord account/profile information: username and similar public-facing account information provided by Discord (for example, for displays, moderation logs, and diagnostics).
• Server and user settings: configuration stored to operate features. This may include ticket channel/category IDs, archive category IDs, log channel IDs, locale/settings, voice channel configuration, and feature toggles.
• Points/leveling (PTS) data: per-guild point totals, levels, total message counts, and voice participation tracking necessary to award/deduct points and calculate levels. The PTS system is based on Discord events (message create/delete and voice state updates). The Bot is not designed to store full message bodies for points calculations.
• Tickets: ticket metadata and user-submitted content provided through the Bot for ticket workflows (for example, ticket topics/descriptions and messages/inputs submitted through ticket interactions). Ticket configuration may also include lists such as users banned from the ticket system.
• Moderation and security records: warnings/punishments created by moderators, and anti-abuse records such as bot-trap offense counters per user per guild.
• D&D content (where enabled): character and session data submitted by users/servers through the D&D module.
• Link tree content (where enabled): link tree name/description, avatar URL, links list, theme color, update timestamps, moderation flags (reported/banned/NSFW), and related metadata.
• Operational, diagnostic, and security logs: to troubleshoot failures and improve reliability/security, the Bot stores structured error logs. Logs may include technical identifiers (such as guild/channel/user IDs and username), timestamps, the feature/command involved, error messages, and stack traces. Where relevant to diagnosing a problem, logs may include limited contextual data about the triggering event and user-provided input (for example, excerpts or metadata), but we aim to avoid collecting unnecessary content.

We do not intentionally process special category data (GDPR Art. 9). Please do not submit sensitive personal information via the Bot. The Bot is not intended for storing sensitive data.

3. Purposes and Legal Bases (GDPR Art. 6)

We process personal data only for specific, explicit and legitimate purposes, including to:

• Provide, operate, maintain and improve the Bot's features in Discord servers
• Store and apply settings and preferences configured by servers and users
• Operate points/leveling functionality (including awarding/deducting points based on activity events and presenting leaderboards where enabled)
• Enable moderation, safety and security workflows (warnings/punishments, tickets, and bot-trap abuse prevention)
• Store and display feature content submitted at the direction of users/servers (e.g., D&D module and link trees)
• Detect, prevent and investigate abuse and security incidents, and troubleshoot errors (including storing structured error logs)

Legal bases: we generally rely on (i) performance of a contract / provision of the service you request (GDPR Art. 6(1)(b)), (ii) legitimate interests in operating, securing and improving the Bot (GDPR Art. 6(1)(f)), and (where applicable) (iii) consent for specific optional processing. Where server administrators enable features that process user-related data, this is done at the server's direction and within Discord.

4. Storage, Security, and Retention

• Retention: we retain data only for as long as needed for the purposes described in this Policy. Typical retention periods are:
  • Server configuration/settings: kept while the Bot remains in the server; deleted within 30 days after removal (unless required for security/fraud prevention or legal obligations).
  • Points/leveling data: kept while enabled in the server; deleted within 30 days after the feature is disabled or the Bot is removed.
  • Tickets: ticket history may be retained for continuity and moderation workflows; deleted or anonymised within 180 days after closure where feasible, or sooner if server administrators delete the ticket/history (subject to technical constraints).
  • Moderation and security records (warnings, bot-trap counters): retained for safety and abuse prevention; typically kept up to 12 months after the last relevant event, unless server administrators remove them earlier.
  • D&D and link tree content: retained while the content exists/feature is enabled; deleted within 30 days after removal/disablement where feasible.
  • Diagnostic/error logs: retained for troubleshooting and security for a limited period, typically up to 30 days, unless a longer period is required to investigate abuse/security incidents.

5. International Transfers

Depending on where the Bot is hosted and where our service providers operate (including Discord, database/hosting providers, telemetry/logging providers, and image hosting providers used for link trees), personal data may be processed outside the EEA/UK/Switzerland. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) and implement additional measures as appropriate.

6. Sharing and Third-Party Services

We do not sell personal data. We disclose personal data only:

• to service providers acting on our behalf (processors) for hosting/operation/monitoring, subject to contractual obligations;
• where required by law; or
• where necessary to protect rights, safety and security.

The Bot depends on the following third-party services (availability depends on deployment and feature use):

• Discord API (to receive events and perform actions in Discord servers, including sending DMs related to subscriptions/entitlements)
• MongoDB (database technology / hosting depending on deployment)
• Redis (caching/temporary storage depending on deployment)
• Steam and Epic Games Store sources/APIs (to display free game information; this data typically does not relate to you directly)
• OpenTelemetry / OTLP log export endpoint and a log storage/monitoring provider (to receive operational logs). Operational logs may include error details and stack traces.
• Image hosting provider used by link tree features (e.g., ImgBB) when you choose to upload images through the Bot

Each third-party service processes data under its own policies and terms. We recommend reviewing Discord's privacy documentation.

7. Premium Features (Discord Entitlements)

For premium features, we may use Discord's entitlements system. When you purchase or hold a subscription through Discord:

• Discord may provide us with identifiers (such as your user ID and, where applicable, guild ID) and entitlement status
• We may process entitlement information to verify and enforce premium access for specific features
• We do not receive your payment card details; payments are handled by Discord and/or its payment providers

8. Your Rights (EEA/UK/Switzerland)

If you are in the EEA, United Kingdom, or Switzerland, you may have rights under applicable data protection laws (including the GDPR). Subject to legal conditions and exemptions, you may:

• Request access to personal data processed by the Bot
• Request rectification of inaccurate data
• Request deletion (erasure) of your data, where applicable
• Request restriction of processing or object to processing, where applicable (including objection to processing based on legitimate interests)
• Request portability of data you have provided to us, to the extent applicable
• Withdraw consent at any time where processing is based on consent (without affecting the lawfulness of processing before withdrawal)

You also have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or where an alleged infringement occurred.

9. How to Contact Us

To ask a privacy question or exercise your rights, please contact the Bot owner/maintainer through Discord (support server or direct message where available). We may need to verify your identity (for example, by confirming your Discord user ID and the relevant server) before fulfilling a request.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Where changes are material, we will provide notice through the Bot's support server or other reasonable channels. The "Last updated" date indicates when this Policy was last revised.