KyoBot is a Discord bot and web dashboard service operated by an independent developer. For the purposes of the EU General Data Protection Regulation (GDPR), the data controller is:
KyoBot
Contact: stephanospapadopulos@gmail.com
This Privacy Policy applies to all users of the KyoBot Discord bot and the KyoBot web dashboard. It complies with the GDPR, the Greek data protection law (Law 4624/2019), and other applicable privacy regulations.
| Data | Why it's collected | Stored? |
|---|---|---|
| Discord User IDs | Identify users for XP tracking, moderation records, birthdays, giveaways, and role assignments | Yes — in database |
| Discord Display Names / Usernames | Stored alongside user IDs so leaderboards, moderation logs, tickets, and giveaway records remain readable if a user later changes their name or leaves | Yes — in database |
| Discord Avatar URL (hash) | Stored in dashboard audit log entries to show who performed an action | Yes — in database |
| Server (Guild) IDs | Store per-server configuration and settings | Yes — in database |
| Channel & Role IDs | Remember your server's configured channels and roles | Yes — in database |
| XP & Level Data | Run the leveling system, leaderboards, and role rewards | Yes — in database |
| Birthday (day & month only — no year) | Send birthday congratulation messages — only collected when you run /birthday set | Yes — in database |
| Moderation Records | Store warn/kick/ban/timeout cases: user ID, moderator ID, reason, and timestamp | Yes — in database |
| Ticket Conversations | Messages sent inside support ticket channels (author ID, display name, content, timestamp) are stored to power transcripts and the dashboard ticket viewer | Yes — stored while ticket exists |
| Reminder Text | The text of reminders set via /remind — deleted automatically once delivered. If the bot is removed from the server before the reminder fires, the record remains until you contact us for manual deletion. | Yes — deleted on delivery |
| Invite Tracking | Records which user's invite code was used when a new member joins, for invite leaderboard purposes | Yes — in database |
| Starboard Author IDs | Records the Discord user ID of authors whose messages reach the starboard threshold | Yes — in database |
| Twitch / Social Media URLs | Send stream live notifications or auto-posts — only stored if you configure these features | Yes — in database |
| Message Content (automod / auto-responder) | Processed in-memory only to check against word filters and auto-responder triggers. Never written to the database. | No — in-memory only |
| Anonymous Confessions | Posted to the configured Discord channel. No user identity is stored or logged anywhere by KyoBot. | No — truly anonymous |
| Data | Why it's collected | Stored? |
|---|---|---|
| IP Address | Standard web server logging by our hosting provider (Railway) | Hosting provider logs (~30 days) |
| Session Cookie (connect.sid) | Identifies your browser session so the dashboard knows you are logged in | Browser cookie — expires after 7 days of inactivity |
| Discord OAuth Data (User ID, username, avatar, server list) | Verify your identity and populate your server list in the dashboard. Stored server-side in our database inside an encrypted sessions collection, tied to your session cookie and automatically purged when the session expires (7 days). |
Yes — in sessions collection, auto-deleted after 7 days |
We do not collect: email addresses, real names, passwords, financial information, or any data beyond what is listed above.
We use the data we collect exclusively to:
We do not use your data for advertising, profiling, or any commercial purpose other than providing the Service.
Under the GDPR, we rely on the following lawful bases:
We do not sell, rent, or trade your personal data to any third party. We share data only with the following service providers strictly to operate the Service:
All third-party processors are contractually required to handle your data securely and only for the stated purpose.
| Data Type | Retained Until |
|---|---|
| Server configuration & settings | Permanently deleted 30 days after KyoBot is removed from the server (kept for 30 days to allow seamless re-add) |
| XP & level data, moderation records, warnings, tickets, birthdays, invite tracking, starboard entries, giveaways | Deleted immediately when KyoBot is removed from the server |
| Birthday data (if bot remains in server) | Until you run /birthday remove, or submit a deletion request |
| Reminder text | Deleted automatically after the reminder is delivered |
| Ticket conversations | Deleted when the ticket is permanently deleted by a server admin, or when the bot is removed |
Dashboard session data (Discord profile in sessions collection) |
Automatically purged after 7 days of inactivity by the session store |
| IP address logs | ~30 days (Railway hosting provider policy) |
Upon a valid personal data deletion request, we will delete your data within 30 days.
Under the GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, email us at stephanospapadopulos@gmail.com. We will respond within 30 days. We may ask you to verify your identity before fulfilling your request.
The KyoBot web dashboard uses a single essential cookie:
| Cookie | Purpose | Duration | Can be disabled? |
|---|---|---|---|
| Session cookie (connect.sid) | Keeps you authenticated during your dashboard session | 7 days | No — the dashboard will not function without it |
We do not use analytics cookies, advertising cookies, or any third-party tracking scripts.
The Service is not directed at children under 13. In accordance with Discord's Terms of Service, all users must be at least 13 years old. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us immediately and we will delete it.
We implement reasonable technical and organisational measures to protect your data, including:
No system is 100% secure. If you discover a security vulnerability, please report it to us privately before disclosing it publicly.
Our database and hosting providers may store and process data in data centres outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place (such as EU Standard Contractual Clauses) to protect your data in accordance with GDPR requirements.
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Significant changes will be communicated through a notice in our Discord support server or on the dashboard. Continued use of the Service after changes are posted constitutes your acceptance.
For any privacy-related questions, data requests, or concerns, contact us at:
Email: stephanospapadopulos@gmail.com
If you are located in the EU/EEA and believe your data protection rights have been violated, you have the right to lodge a complaint with your national supervisory authority. In Greece, this is the Hellenic Data Protection Authority (HDPA): www.dpa.gr
© 2026 KyoBot · Terms of Service · Privacy Policy