1. Controller and contact
Pierre Lückenc/o Impressumservice Dein-Impressum
Stettiner Straße 41
35410 Hungen
Germany
Email: [email protected]
2. Scope and legal basis
Depending on the requested module, processing relies in particular on Article 6(1)(b), (c), (f) or, for voluntary public publication, (a) GDPR. Server operators must assess the legal basis for their own use.
3. Hosting and logs
The application is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Deutschland. The server is located in Falkenstein, Deutschland.
Proxy, operating system and container logs can process IP address, time, URL, status, referrer and user agent for delivery, security and diagnostics. Application logs may contain Discord IDs and technical metadata; known secret fields are redacted.
Nginx access and error logs are rotated daily, compressed and deleted after 14 daily rotations. Container logs are limited to five files of 10 MB per container; the oldest files are deleted during rotation.
5. Discord OAuth2
Sign-in requests only identify and guilds. Discord ID, username, global display name, avatar and manageable guild permissions are used. The profile and encrypted access/refresh tokens are stored; the guild list is cached briefly. Email access is not requested. Users can sign out, delete the local connection under Privacy & Account, and revoke access in Discord Authorized Apps.
6. Dashboard and guild configuration
Guild, channel, role, message and member IDs plus module settings are stored as needed. Every mutation rechecks current Discord permissions. Sessions store only a hashed token, an HMAC IP hash and a bounded user agent.
7. Tickets and transcripts
Tickets store creator, channel, category, status, assignee, members, answers, actions and timestamps. Transcripts can contain visible message text, names, avatars, replies, attachments, embeds and reactions. Access is restricted to authorized server administrators and configured support roles. Deleted tickets and transcripts are removed after 365 days.
7a. Commands, automation and community content
Custom commands and autoresponders process the user, guild, channel and role IDs plus arguments or message content needed for the configured response. Execution records contain outcome, error code, duration and, where used, a non-reversible input fingerprint. Automation runs can retain configured event input. Completed command, automation and scheduler records are deleted after 30 days.
Suggestions store author, content, attachments, votes, status and public response. Forms and applications store submitter, answers, status and processing data, including private notes or reviews visible only to authorized team members. Administrators set the purpose, privacy notice and a 1-to-3650-day form retention period. Expired drafts are removed after 30 minutes and submitted forms at the configured expiry when automatic deletion is enabled.
7b. Giveaways, reminders, feeds and Minecraft
Giveaways retain participant ID, join time, weight and eligibility snapshot. Winner history retains the selected ID and draw proof; erasure pseudonymizes necessary winner history. Reminders retain recipient, content, destination and due time until delivery, deletion or guild removal.
Feed deduplication metadata is retained for 180 days. Website checks retain status, duration, hash and bounded errors—not full pages—for 30 days. Feed services and monitored website operators technically receive the server IP. Minecraft can retain availability, player counts, Discord ID, Minecraft UUID/name and status events. Linking is voluntary and removable. Link codes are short-lived hashes. Plugin webhook replay records contain only client/event identifiers, timestamp and payload hash for 30 days; status events are removed after 180 days.
8. Moderation, automod, logs, security and verification
Moderation cases store guild, member and moderator IDs, action, reason, timestamps, status, optional evidence/notes and DM delivery result. Automod stores the rule, member, channel and message ID, matched value, action and time, but not a complete message history. Automod violations are removed after at most 180 days.
Internal Discord event retention is selected by the administrator from 1 to 365 days. Privacy mode omits message text, link targets and attachment names. Raid and anti-nuke events are removed after at most 180 days. Lockdown backups contain channel IDs and previous Allow, Deny or neutral permission states required for exact restoration.
Verification attempts store IDs, status, attempt count and timestamps. Captcha answers are never stored; only a secret-keyed check value is retained and removed after at most ten minutes. Role panels store role configuration and aggregate counters. Temporary role assignments retain member, role and expiry data until processed.
9. Level, text and voice activity
Profiles can store Discord ID, display data, text/voice/bonus XP, message count, voice duration, exclusions, opt-out, activity and join/leave information. The last normalized message needed for anti-spam comparison is overwritten by the next eligible message. Voice state and duration are processed, but conversations and audio are never recorded or transcribed.
10. Public leaderboards
Public leaderboards are disabled by default. If deliberately enabled by an administrator, server name/icon, member name/avatar and selected activity values can be public and indexable. Administrators control visible fields and members can opt out where permitted.
11. External recipients
Discord receives data required for OAuth and bot interactions. Optional requests may be sent to WeatherAPI, YouTube, Twitch, GitHub, configured RSS/Atom operators, monitored websites and administrator-configured outbound webhook recipients; those services technically receive the server IP and the specifically configured request data. Discord CDN serves user-provided images. The local Ollama service processes AI prompts and optional images within the operator's infrastructure. No external analytics service is used.
Email sent to [email protected] is processed by netcup GmbH, Emmy-Noether-Straße 10, 76131 Karlsruhe, Germany. The mail server is located in Nuremberg, Germany. See the netcup privacy policy.
12. Retention and deletion
Expired sessions, OAuth states and rate-limit records are cleaned automatically. Removed guild data is deleted after 30 days, old audit records after 365 days and completed jobs after 30 days. Departed level profiles default to 90 days. Active module data remains until deletion, reset or removal of the guild. No backups are currently created.
13. Data subject rights
Subject to GDPR requirements, individuals may request access, correction, erasure, restriction, portability, objection, withdrawal of consent and may complain to a supervisory authority. /daten export, /daten loeschen and public-profile opt-out provide authenticated self-service controls. Export includes the user's activity, community submissions, giveaway participation, reminders and Minecraft links for the guild; erasure pseudonymizes necessary historic winner records.
14. Security
Appropriate technical and organizational measures protect personal data. These include encrypted connections, access controls, protected sessions, authorization checks and safeguards against abusive access.
15. Version
Last updated: 17 July 2026. The detailed German privacy notice is the primary legal version.