Privacy Policy

Introduction

This Privacy Policy describes how Café Rika ("we," "us," or "the Bot") collects, uses, stores, and protects your information when you use our Discord bot and associated services. We are committed to protecting your privacy and handling your data in an open and transparent manner. By using the Bot, you consent to the data practices described in this policy.

1. Information We Collect

1.1 Information from Discord

When you use the Bot, we may collect the following information from Discord:

• User ID, username, and discriminator
• Avatar and profile information
• Server (guild) IDs, names, and configuration
• Channel IDs and names
• Role information
• Message content when interacting with the Bot
• Voice channel usage data (for music features)
• Server member lists and permissions

1.2 Configuration Data

We store configuration settings you provide, including:

• Welcome message settings and templates
• Moderation settings and preferences
• Music playback preferences
• Custom commands and automation rules
• Channel and role configurations

1.3 Usage and Log Data

We automatically collect certain information when you use the Bot:

• Command usage and interaction logs
• Error logs and diagnostic information
• Feature usage statistics
• Timestamps of interactions
• IP addresses (when accessing the dashboard)

1.4 Authentication Data

When you log into our dashboard using Discord OAuth, we receive and store authentication tokens and session information to maintain your login session. These tokens are stored securely and used only to verify your identity and access permissions.

2. How We Use Your Information

We use the collected information for the following purposes:

• To provide and maintain the Bot's functionality and features
• To process your commands and interactions
• To customize your experience and remember your preferences
• To authenticate and authorize access to the dashboard
• To monitor and analyze usage patterns and improve our services
• To detect, prevent, and address technical issues and bugs
• To enforce our Terms of Service and prevent abuse
• To communicate with you about the Bot (e.g., updates, security alerts)
• To comply with legal obligations and protect our rights

3. Data Storage and Security

3.1 Storage Location

Your data is stored securely in our database hosted on Supabase (PostgreSQL). We use industry-standard security measures to protect your information from unauthorized access, disclosure, alteration, or destruction.

3.2 Security Measures

We implement various security measures including:

• Encrypted data transmission (HTTPS/TLS)
• Secure database access controls and authentication
• Regular security audits and updates
• Limited access to data by authorized personnel only
• Secure token storage and session management

3.3 Data Retention

We retain your data for as long as necessary to provide our services and comply with legal obligations. When the Bot is removed from a server, we may retain certain data for a limited period for backup and legal purposes. You may request deletion of your data at any time (see Section 7).

3.4 No Absolute Security

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data. You use the Bot at your own risk.

4. Data Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, trade, or rent your personal information to third parties for marketing purposes.

4.2 Third-Party Services

We may share limited data with third-party services that help us operate the Bot:

• Discord: We interact with Discord's API to provide Bot functionality. Your use of Discord is subject to Discord's Privacy Policy and Terms of Service.
• Supabase: Our database and authentication provider. Data is stored in accordance with their security standards.
• Hosting Providers: We use hosting services to run the Bot infrastructure.

4.3 Legal Compliance

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders, etc.)
• Requests from law enforcement or government authorities
• Protection of our rights, property, or safety, or that of others
• Investigation of fraud, security issues, or violations of our Terms

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and the choices you may have regarding your information.

5. Cookies and Tracking Technologies

Our dashboard uses cookies and similar tracking technologies to:

• Maintain your login session
• Remember your preferences and settings
• Analyze usage patterns and improve functionality
• Ensure security and prevent fraud

You can control cookies through your browser settings, but disabling cookies may affect the functionality of the dashboard.

6. Children's Privacy

The Bot is intended for users who meet Discord's minimum age requirement (13 years or older in most jurisdictions, or older as required by local law). We do not knowingly collect personal information from children under the applicable age. If we become aware that we have collected data from a child without proper consent, we will take steps to delete that information. If you believe we have collected information from a child, please contact us immediately.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal data:

7.1 Access and Portability

You have the right to request a copy of the personal information we hold about you. We will provide this information in a structured, commonly used, and machine-readable format where technically feasible.

7.2 Correction

You can update most of your information through the dashboard. If you need assistance correcting your data, please contact us.

7.3 Deletion

You have the right to request deletion of your personal data. You can:

• Remove the Bot from your Discord server to stop new data collection
• Contact us to request complete deletion of your stored data
• Note that some data may be retained for legal or security purposes

7.4 Objection and Restriction

You may object to or request restriction of certain data processing activities. However, this may limit your ability to use the Bot's features.

7.5 Withdraw Consent

Where we rely on consent to process your data, you have the right to withdraw that consent at any time by removing the Bot from your server or contacting us.

7.6 Lodge a Complaint

If you believe we have violated your privacy rights, you have the right to lodge a complaint with your local data protection authority.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using the Bot, you consent to the transfer of your information to these countries. We take appropriate measures to ensure your data receives adequate protection wherever it is processed.

9. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users and relevant authorities as required by law. We will provide information about the breach, the data affected, and steps we are taking to address the situation.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy with a new "Last Updated" date. Your continued use of the Bot after changes are posted constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.

11. Third-Party Links

The Bot or dashboard may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party sites you visit.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through:

• Our Discord support server
• Our GitHub repository issues page

We will respond to your inquiry within a reasonable timeframe. For data subject requests, we will respond within the timeframe required by applicable law (typically 30 days).

13. Additional Rights for EU/EEA and California Residents

13.1 GDPR Rights (EU/EEA Residents)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including:

• The right to be informed about data collection and use
• The right to access your personal data
• The right to rectification of inaccurate data
• The right to erasure ("right to be forgotten")
• The right to restrict processing
• The right to data portability
• The right to object to processing
• Rights related to automated decision-making and profiling

13.2 CCPA Rights (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including:

• The right to know what personal information we collect, use, disclose, and sell
• The right to request deletion of your personal information
• The right to opt-out of the sale of personal information (we do not sell your data)
• The right to non-discrimination for exercising your CCPA rights

14. Legal Bases for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Consent: You have given explicit consent for processing your data for specific purposes
• Contract Performance: Processing is necessary to provide the Bot services you've requested
• Legal Obligation: Processing is necessary to comply with legal requirements
• Legitimate Interests: Processing is necessary for our legitimate interests (e.g., improving the Bot, preventing fraud) and does not override your fundamental rights