Privacy Policy

Datenschutzerklärung · Effective: April 8, 2026

1. Overview and Data Controller

TidyCord is a Discord bot application that provides automated server channel management, voice channel features, and AI-powered assistance to Discord communities.

Data Controller:
Eduard Röhrig
Iris-Runge-Platz 11, 30539 Hannover, Germany
Email: info@eduardroehrig.de
Phone: +49 151 561 37337

2. Important: What We Do NOT Collect

TidyCord does NOT read the content of messages in your Discord channels. We do not have Discord's Message Content Intent privilege. This means:

We cannot access or read the text of regular messages posted in channels
We do not perform content moderation or spam detection based on message content
We do not analyze conversations for sentiment or topic tracking
We do not build user engagement profiles based on message text

Data we collect is strictly limited to slash command interactions, button and modal interactions, voice channel events, and direct interactions with the bot.

3. Data We Collect

3.1 Discord Identifiers

We collect Discord User IDs, Guild IDs, and Channel IDs to identify your account, manage feature access, enforce usage limits, and provide bot functionality.
Legal basis: Contract performance (Art. 6(1)(b) GDPR)

3.2 Voice Channel Events

When users join, leave, or move between voice channels, we record the event type, timestamp, Channel ID, and User ID. This data is used for automatic voice channel creation/deletion and community activity analysis.
Legal basis: Contract performance (Art. 6(1)(b) GDPR)
Retention: 30 days

3.3 AI Chat Messages

Content submitted via /chat slash commands is stored in our database as a rolling conversation window (up to 50 messages for free tier, 150 for Premium). This enables coherent multi-turn AI conversations.
Important: These messages are transmitted to OpenAI Inc. (USA). See section 5 below.
Legal basis: Contract performance (Art. 6(1)(b) GDPR)

3.4 Usage Statistics

We track command usage counts (templates generated, roles created, chat messages sent) per user and guild to enforce free-tier limits and analyze feature adoption.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Retention: 90 days

3.5 Premium and Trial Status

We store whether a server has an active premium subscription, trial start/expiry dates, and subscription activation timestamps to determine feature availability.
Legal basis: Contract performance (Art. 6(1)(b) GDPR)
Retention: Until subscription ends or bot is removed

3.6 Server Configuration

Server administrators' configuration choices (channel categories, welcome channel, voice templates, permission settings) are stored per-guild to customize bot behavior.
Legal basis: Contract performance (Art. 6(1)(b) GDPR)
Retention: As long as the bot remains in the server

3.7 Analytics Events

Command usage events, button interactions, and voice events are sent asynchronously to Supabase for aggregated analytics. This data helps us understand how TidyCord is used and improve the service.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

4. Data Retention Summary

Data Type	Retention Period
AI Chat History (Free)	50 messages (rolling window)
AI Chat History (Premium)	150 messages (rolling window)
Usage Statistics	90 days
Voice Channel Events	30 days
Server Settings	Until bot is removed
Premium/Trial Status	Until subscription ends
Database Backups	Maximum 30 days

5. Third-Party Data Sharing

5.1 OpenAI Inc. (USA)

When you use /chat, template generation, role generation, or server refinement features, your message content is transmitted to OpenAI Inc. in the United States to generate AI responses.

Data shared: Message content, conversation context, User/Guild IDs
Purpose: Generate AI-powered responses and content
Recipient: OpenAI Inc., 3180 18th St, San Francisco, CA 94110, USA
Transfer basis: EU-US Data Privacy Framework + Standard Contractual Clauses
Retention: Per OpenAI's policy (typically deleted after 30 days for API requests)
OpenAI Privacy Policy: openai.com/policies/privacy-policy

5.2 Supabase (EU)

Aggregated analytics events are sent to Supabase hosted in the EU.

Data shared: Command events, button clicks, voice events, User/Guild IDs, timestamps
Purpose: Analytics, usage tracking, service improvement
Recipient: Supabase Inc. (EU-hosted instance)
Transfer basis: Data remains within EU

5.3 Discord Inc. (USA)

TidyCord operates on Discord's infrastructure. Discord processes your User IDs, Guild IDs, voice events, and subscription/entitlement data as part of the Discord platform. Payment processing for Premium subscriptions is handled entirely by Discord. We receive no payment or billing information.

Discord Privacy Policy: discord.com/privacy

6. International Data Transfers

Data is transferred outside the EU/EEA to OpenAI Inc. and Discord Inc. in the United States. These transfers are based on:

EU-US Data Privacy Framework (for certified recipients)
Standard Contractual Clauses (Art. 46(2)(c) GDPR)

These transfers are necessary to provide TidyCord's AI features and core functionality.

7. Your Rights Under GDPR

As a data subject, you have the following rights under Articles 15–21 GDPR:

Right of Access (Art. 15): Request information about what data we hold
Right of Rectification (Art. 16): Request correction of inaccurate data
Right to Erasure (Art. 17): Request deletion of your data
Right to Restrict Processing (Art. 18): Request limitation of processing
Right to Data Portability (Art. 20): Receive your data in machine-readable format
Right to Object (Art. 21): Object to processing based on legitimate interests
Right to Lodge a Complaint (Art. 77): File a complaint with your national data protection authority

To exercise any right, contact: info@eduardroehrig.de
We will respond within 30 days.

Supervisory Authority (Germany): Die Landesbeauftragte für den Datenschutz Niedersachsen, Prinzenstraße 5, 30159 Hannover — lfd.niedersachsen.de

8. Data Security

We implement the following security measures:

Encrypted SQLite databases for chat history and user data
Access controls restricting data access to necessary functions
Regular automated database backups
Secure HTTPS connections for all data transmission
No sale or rental of personal data to third parties

No security system is 100% secure. We cannot guarantee absolute protection of your data.

9. Children's Privacy

TidyCord is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child under 13 has used TidyCord, please contact us immediately at info@eduardroehrig.de.

10. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. Material changes will be indicated by updating the date at the top of this page. Continued use of TidyCord after changes constitutes acceptance.

1. Verantwortlicher

Eduard Röhrig
Iris-Runge-Platz 11, 30539 Hannover, Deutschland
E-Mail: info@eduardroehrig.de
Telefon: +49 151 561 37337

2. Wichtig: Was wir NICHT erfassen

TidyCord liest KEINE Nachrichteninhalte aus Ihren Discord-Channels. Wir verfügen nicht über Discords Message Content Intent. Das bedeutet:

Wir können keine Nachrichten in Channels lesen oder analysieren
Wir führen keine inhaltsbasierte Moderation durch
Wir analysieren Konversationen nicht auf Sentiment
Wir verfolgen kein Nutzerengagement basierend auf Nachrichtentexten

3. Erfasste Daten

3.1 Discord-Identifikatoren

User IDs, Guild IDs, Channel IDs — zur Nutzeridentifikation, Zugriffsverwaltung und Limitdurchsetzung.
Rechtsgrundlage: Vertragserfüllung (Art. 6 Abs. 1 lit. b DSGVO)

3.2 Voice-Channel-Events

Join/Leave/Move-Events mit Zeitstempel, Channel-ID und User-ID.
Rechtsgrundlage: Vertragserfüllung (Art. 6 Abs. 1 lit. b DSGVO) · Speicherdauer: 30 Tage

3.3 AI-Chat-Nachrichten

Inhalte von /chat-Nachrichten werden als Rolling-Window gespeichert (50 Nachrichten Free, 150 Premium). Diese Nachrichten werden an OpenAI Inc. (USA) übertragen. Siehe Abschnitt 5.
Rechtsgrundlage: Vertragserfüllung (Art. 6 Abs. 1 lit. b DSGVO)

3.4 Nutzungsstatistiken

Command-Zähler für Limitdurchsetzung und Nutzungsanalyse.
Rechtsgrundlage: Berechtigte Interessen (Art. 6 Abs. 1 lit. f DSGVO) · Speicherdauer: 90 Tage

3.5 Premium/Trial-Status

Abonnement-Status, Trial-Zeitstempel, Ablaufdaten.
Rechtsgrundlage: Vertragserfüllung (Art. 6 Abs. 1 lit. b DSGVO)

3.6 Server-Konfiguration

Channel-Kategorien, Welcome-Channel, Berechtigungseinstellungen.
Rechtsgrundlage: Vertragserfüllung (Art. 6 Abs. 1 lit. b DSGVO)

4. Drittanbieter

4.1 OpenAI Inc. (USA)

Bei Nutzung von AI-Features werden Nachrichteninhalte an OpenAI Inc. (USA) übertragen. Übertragungsgrundlage: EU-US Data Privacy Framework + Standardvertragsklauseln.

4.2 Supabase (EU)

Analytics-Events werden an Supabase (EU-Hosting) übermittelt. Keine Übertragung außerhalb der EU.

4.3 Discord Inc. (USA)

TidyCord läuft auf Discord-Infrastruktur. Zahlungsabwicklung für Premium erfolgt ausschließlich über Discord. Wir erhalten keine Zahlungsdaten.

5. Ihre Rechte nach DSGVO

Auskunftsrecht (Art. 15 DSGVO)
Berichtigungsrecht (Art. 16 DSGVO)
Recht auf Löschung (Art. 17 DSGVO)
Recht auf Einschränkung (Art. 18 DSGVO)
Recht auf Datenportabilität (Art. 20 DSGVO)
Widerspruchsrecht (Art. 21 DSGVO)
Beschwerderecht bei Aufsichtsbehörde (Art. 77 DSGVO)

Anfragen an: info@eduardroehrig.de — Bearbeitungsfrist: 30 Tage
Zuständige Aufsichtsbehörde: Die Landesbeauftragte für den Datenschutz Niedersachsen, lfd.niedersachsen.de