📄 Legal
Privacy Policy
Last updated: May 2025
👋 Introduction
This Privacy Policy explains how CHIP ("the bot", "we", "us") collects, uses, and protects data when you use our Discord bot and web dashboard. By adding CHIP to your server or using the dashboard, you agree to this policy.
📥 What We Collect
We collect the minimum data necessary to operate the bot's features:
- Guild IDs, channel IDs, role IDs — to store your server configuration (mod channels, ticket settings, welcome config, etc.)
- User IDs — to associate moderation cases, warnings, tickets, and reviews with the correct user
- Moderator action records — who issued a warning or ban, when, and why
- Ticket content — messages sent inside ticket threads (stored for transcript purposes)
- Review text and ratings — submitted voluntarily via
/review
- Dashboard login events — IP address, timestamp, and success/failure (for security audit)
- Message metadata — edit/delete events logged for moderation purposes (content stored only when AutoMod is active)
- Voice state events — join/leave channel events (no audio is ever recorded)
🚫 What We Do NOT Collect
- Message content in regular channels (except when AutoMod triggers a filter)
- Direct messages (DMs) sent to or from users
- Passwords, payment information, or financial data of any kind
- Email addresses or phone numbers
- Voice audio — we never record voice channel audio
- Data from servers the bot is not a member of
⚙️ How We Use Your Data
- Delivering bot features: music playback, moderation, tickets, roles, polls, giveaways
- Displaying server statistics and member analytics on the dashboard
- Audit logs so server administrators can review moderation history
- Security: detecting login anomalies and protecting the dashboard from unauthorised access
- Improving bot reliability — error logs help us fix bugs faster
We do not sell, rent, or share your data with any third party for marketing purposes.
🗓️ Data Retention
- Server configuration data is retained while the bot is a member of your server
- After removing the bot, your data is automatically purged after 30 days
- Moderation case logs are retained for 90 days after removal, then deleted
- Auth/login logs are retained for 30 days for security audit purposes
- You may request immediate deletion — see "Your Rights" below
✋ Your Rights
You have the right to:
- Access the data we hold about your server by contacting us
- Delete all data by removing the bot from your server (automatic 30-day purge) or requesting immediate deletion
- Correct inaccurate data stored about your server
- Object to specific data processing by disabling optional features in the dashboard
To exercise any of these rights, contact us via the support server below.
🔗 Third-Party Services
- Discord API — all bot interactions go through Discord's platform, subject to Discord's Privacy Policy
- Lavalink — self-hosted audio server for music; no data leaves your server infrastructure
- Spotify / YouTube — used to resolve music queries; we only send search terms, not user data
- We do not use advertising networks, analytics SDKs, or data brokers
🔒 Security
We implement industry-standard security measures including encrypted HTTPS connections, secure session cookies, CSRF protection, rate limiting, and rotating log files. The bot dashboard is protected by Discord OAuth2 and requires Administrator permissions.
No system is perfectly secure. If you discover a vulnerability, please report it via our support server.