Privacy Policy

This Privacy Policy describes how Gerald ("we", "us", "our") collects, uses, and protects your information when you use the Gerald Discord bot ("the Bot"), the website at geraldbot.me ("the Website"), or any related services (collectively, "the Service").

Discord Account Data

When you interact with the Bot or log in to the Website, we collect:

• Your Discord user ID, username, and avatar
• Server (guild) IDs and membership information where Gerald is present
• Guild permissions (to verify dashboard access)

This data is obtained via Discord's OAuth2 (scopes: identify, guilds) and the Discord Bot API.

Bot Feature Data

• Economy: Virtual currency balances, transaction history (bets, daily rewards, transfers)
• Moderation: Moderation cases (kicks, bans, timeouts, warnings) including the moderator, target user, reason, and timestamp
• Tickets: Messages sent within ticket channels are stored as transcripts when the ticket is closed. These include message content, author, and timestamp.
• Server configuration: Command prefix, modlog channel, welcome/goodbye settings, reaction roles, automod rules, starboard settings
• Command usage: Which commands are used, in which guild, success/failure, and response latency (for performance monitoring)
• Server analytics: Daily aggregated message counts, member join/leave counts, and command usage per guild

Payment Data

• We store your Stripe customer ID, subscription tier, billing interval, and subscription status
• We do not store your credit card number, CVV, or full card details. All payment information is handled and stored securely by Stripe.

Website Analytics

• A session cookie (gld_sid) to track page views and referral sources
• Hashed IP addresses (we do not store your raw IP address)
• User-agent string (browser and OS information)
• Pages visited, referrer URL, and UTM parameters
• Invite link and Discord server join attribution

• Provide the Service: Power bot features (economy, moderation, tickets), display your dashboard, and manage server settings
• Process payments: Manage your premium subscription and server slot assignments
• Improve the Service: Analyse command usage and performance to fix bugs and prioritise features
• Analytics: Understand how users find and use the Website to improve the experience
• Safety: Enforce our Terms of Service, prevent abuse, and maintain moderation logs for server safety

We do not sell your data to third parties. We do not use your data for advertising.

The Service uses the following third-party services that may process your data:

• Discord — OAuth authentication, bot API for delivering features. Discord Privacy Policy
• Stripe — Payment processing for premium subscriptions. Stripe Privacy Policy

The Bot also fetches data from external APIs (such as animal image APIs) to power specific commands. No user data is sent to these APIs.

The Website uses the following cookies:

• gld_sid — Analytics session cookie. HttpOnly, Secure, SameSite=Lax. Expires after 30 days.
• next-auth.session-token — Authentication session cookie managed by NextAuth.js. Required for dashboard access.

We do not use third-party tracking cookies or advertising cookies.

• Account data: Retained while you actively use the Service. If you request deletion, we will remove your data within 30 days.
• Economy data: Retained while your account is active.
• Moderation logs: Retained for the safety of the guilds where actions were taken. Guild administrators may request deletion of their server's moderation data.
• Ticket transcripts: Retained for guild administrators to review. Ticket creators can view their own transcripts.
• Payment data: Subscription records are retained as required for billing and tax purposes.
• Analytics data: Aggregated and anonymised over time. Raw analytics events may be retained for up to 12 months.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the data we hold about you
• Deletion: Request that we delete your personal data
• Correction: Request correction of inaccurate data
• Portability: Request your data in a machine-readable format
• Objection: Object to certain processing of your data

To exercise any of these rights, contact us through our Discord support server. We will respond to requests within 30 days.

For EU/EEA residents: our legal basis for processing is legitimate interest (providing the Service you signed up for) and contract performance (premium subscriptions).

We take reasonable measures to protect your data:

• All Website traffic is encrypted via HTTPS
• IP addresses are hashed before storage
• Cookies are set with HttpOnly and Secure flags
• Payment information is handled entirely by Stripe and never touches our servers
• Database access is restricted and credentials are not exposed to the client

No system is 100% secure. If we become aware of a data breach affecting your personal data, we will notify affected users as required by applicable law.

The Service is not directed at children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it.

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or want to exercise your data rights, contact us through our Discord support server.