Legal

Laws

The policies that govern how audacity is operated, what information we handle and the rules for using the service.

Last updated: May 2026

Overview

audacity is a Discord bot that provides moderation, security and server-management features. This Privacy Policy explains what information we process, why we process it, how it is protected and the rights you hold under applicable data-protection laws, including the General Data Protection Regulation (GDPR) and the UK GDPR.

By inviting audacity to a server, or otherwise interacting with the service, you acknowledge the practices set out below. If you do not agree, please remove the bot and discontinue use of the service.

Data Controller

For the purposes of the GDPR and the UK GDPR, the operators of audacity act as the data controller in respect of personal data processed through the bot and this website. You may contact us at any time via our support server regarding any data-protection matter.

Information We Process

We process only the minimum information required to operate the service:

  • Guild (server) metadata: server identifier, server name, icon URL and member count.
  • Channel and role identifiers required to operate features that server administrators have configured (for example, log channels or muted roles).
  • Moderation records: the target user identifier, the moderator's identifier, the action type, an optional reason and a timestamp, for each warning, mute, kick or ban.
  • Per-server configuration set via slash commands, such as prefixes, auto-moderation rules and verification settings.
  • User identifiers where required to support moderation actions or user-specific preferences.

We do not process message content, voice data, direct messages, email addresses, telephone numbers, IP addresses or payment information. We do not build profiles of individual users.

Lawful Basis for Processing

We rely on the following lawful bases under Article 6 of the GDPR:

  • Legitimate interests: operating moderation and security features that server administrators have expressly chosen to enable.
  • Performance of a contract: processing necessary to deliver the service you have agreed to use.
  • Consent: inviting the bot to your server constitutes consent to the minimum processing required for it to function.

How We Use Your Information

  • Operating moderation, logging and automation features.
  • Maintaining per-server configuration and ensuring persistence across restarts.
  • Publishing aggregated, non-identifying statistics on our website, such as total server and user counts. No personal data is included in these figures.
  • Diagnosing technical issues and improving reliability.
  • Enforcing our Terms of Service and preventing abuse of the service.

Security and Encryption

We apply appropriate technical and organisational measures to safeguard the information we hold:

  • Data in transit is encrypted using TLS. All connections between the bot, our website and our database are secured.
  • Data at rest is stored on encrypted infrastructure operated by our database provider.
  • Strict access controls. Raw data is never shared with the developers for casual or personal use. Access is restricted to automated systems and, where strictly necessary for debugging, to narrowly scoped operational procedures.
  • Credentials and database keys are stored in environment variables, never committed to source control and rotated promptly if exposure is suspected.
  • No internal resale. Developers do not read, browse, export or otherwise use server data for any purpose outside operating the service.

Data Sharing

We do not sell, rent, trade or otherwise share your data with third parties for marketing, advertising or any commercial purpose.

Your information is only processed by:

  • Discord, as required to operate the bot and receive events from the Discord API.
  • Our infrastructure providers, solely to host and serve the data required for the service to function. These providers are bound by contractual data-processing agreements.

No data is supplied to advertisers, data brokers, analytics resellers or any other third party.

International Transfers

Our infrastructure may process data across multiple regions. Where personal data is transferred outside the United Kingdom or the European Economic Area, we rely on lawful transfer mechanisms, such as Standard Contractual Clauses, and ensure an equivalent standard of protection.

Retention

We retain server data for as long as audacity remains in the server and the data is required for the configured features to operate.

  • Where the bot is removed from a server, non-essential data associated with that server is scheduled for deletion within 30 days.
  • Moderation history may be retained for a longer period where necessary to prevent evasion, but only for as long as is strictly required.
  • Aggregated, non-identifying statistics (for example, total guild counts) may be retained indefinitely.

Your Rights

If you are located in the United Kingdom, the European Economic Area or a jurisdiction with comparable protections, you have the following rights:

  • Right of access: to obtain confirmation of, and a copy of, the personal data we hold about you or your server.
  • Right to rectification: to have inaccurate or incomplete data corrected.
  • Right to erasure (“right to be forgotten”): to request the deletion of your data, subject to any lawful retention obligations.
  • Right to restriction of processing: to limit how your data is processed in specified circumstances.
  • Right to data portability: to receive your data in a structured, commonly used and machine-readable format.
  • Right to object: to object to processing based on our legitimate interests.
  • Right to withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
  • Right to lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner's Office).

To exercise any of these rights, please contact us via our support server. We will respond to verified requests within one calendar month, in line with Article 12 of the GDPR.

Children’s Privacy

audacity is not directed at children under the age of 13, or 16 in jurisdictions that require a higher age of consent. If we become aware that data has been processed in relation to a user below the applicable age, we will delete it. Server administrators are responsible for ensuring that members of their communities meet Discord's minimum-age requirements.

Data Breaches

In the unlikely event of a personal data breach that is likely to result in a risk to the rights and freedoms of users, we will notify the relevant supervisory authority within 72 hours, in accordance with Article 33 of the GDPR. Where required, we will also notify affected users directly via our support server and in-service announcements.

Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes to the service, our practices or applicable law. Material changes will be announced in our support server. Continued use of audacity after the effective date of the updated policy constitutes acceptance of the revised terms.

Contact

For any privacy-related enquiries, data-subject requests or concerns, please contact us via our support server. We treat all enquiries seriously and aim to respond promptly.

Questions? Please contact us via our support server.