Privacy Policy

The controller responsible for data processing is:

• Boltjes IT Solutions GmbH
• Triftstraße 95-97, 47533 Kleve, Germany
• Represented by: Eric Boltjes
• Email: eric [at] boltjes-it [dot] com
• Phone: 028213982040

These contact details match the legal notice. No separate data protection officer is currently designated.

• Providing the hosting service and performing the contract (Art. 6(1)(b) GDPR).
• Billing, fraud prevention and payment processing (Art. 6(1)(b) and (f) GDPR).
• Operational security, troubleshooting, abuse prevention and platform hardening (Art. 6(1)(f) GDPR).
• Compliance with legal retention and documentation obligations (Art. 6(1)(c) GDPR).

• Account data: email address, display/Discord name, Discord ID, locale.
• Contract data: plan, term, status, bot limits, booking timestamps.
• Payment data: payment status, amounts, payment and subscription references (no full card data stored on our platform).
• Bot configuration data: name, prefix, owner Discord ID, timezone, enabled cogs, optional profile settings.
• Operational data: bot status, health data, technical log excerpts, audit events.
• Deletion and export data: GDPR export history, deletion requests and processing states.

We use specialized service providers to operate the platform. Where required, data processing agreements are in place.

• Supabase (EU region) for authentication and database operations.
• Stripe for payment processing and subscription management.
• Vercel for hosting and delivery of the web application.
• Discord for OAuth login and technical bot integration.
• BotID to protect sensitive API actions against automated abuse.

Some providers may process data in countries outside the EU/EEA. Where applicable, we rely on appropriate safeguards (for example, EU standard contractual clauses).

• Account and contract data: retained for the duration of the customer relationship and until account deletion.
• Billing-relevant records: retained in accordance with commercial and tax law obligations (typically up to 10 years).
• Bot configuration and technical operational data: retained until bot/account deletion or until no longer required for the relevant purpose.
• Deletion requests and audit events: retained for accountability and security documentation.

• Discord bot tokens are stored encrypted and only decrypted for operational purposes.
• Customer data access is limited through row-level security and role separation.
• Security-relevant actions are logged to support abuse prevention and incident analysis.

We only use technically necessary cookies and session data, especially for login and secure session management.

No active marketing or analytics trackers are currently enabled. Any future analytics rollout will be announced transparently and implemented in a privacy-compliant way.

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection to certain processing (Art. 21 GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

In the settings area, you can request a JSON export of your data and submit deletion requests for your account and related data.

Technically, export and deletion operations are logged, and active bot instances are marked for deprovisioning to ensure an orderly shutdown of processing.

We may update this privacy policy if legal requirements, technical features, or service providers change. The version published on this page applies.