Privacy Policy

Last updated: April 8, 2026

1. What Data We Collect

Zagreus Bot collects and stores the following data to provide its services:

Server Data

• Server ID and name — to scope all features per server
• Channel IDs — for configured log channels, trade channels, ticket categories, etc.
• Role IDs — for moderator roles, reaction roles, role persistence, protected roles
• Server configuration — all feature settings (thresholds, toggles, channel assignments)

User Data

• Discord user IDs — to track XP, trade reputation, moderation cases, tickets, and reminders
• Message metadata — trade post content for monitoring; we do not store general message content
• Voice activity — join/leave timestamps and channel IDs for voice XP (not audio)
• Game activity — game names and session durations from Discord presence data
• Moderation records — warnings, bans, mutes, timeouts, and associated reasons

Dashboard Data

• Discord OAuth tokens — used to authenticate dashboard sessions (stored in secure httpOnly cookies, never in the database)
• Session data — standard authentication session managed by NextAuth.js

2. What We Do NOT Collect

• We do not store general message content outside of trade monitoring
• We do not record or store voice audio
• We do not sell, share, or provide user data to third parties
• We do not use data for advertising or profiling

3. How We Use Data

All collected data is used solely to provide the bot's features:

• Trade management, reputation, and statistics
• Gaming activity tracking and leaderboards
• Moderation case tracking and audit logs
• XP/leveling calculations and role rewards
• Ticket management and support workflows
• Anti-nuke and security event detection
• Dashboard analytics and configuration

4. Data Storage

Data is stored in a PostgreSQL database hosted by Supabase with Row-Level Security enabled on all tables. The database is protected by service role authentication and is not directly accessible to end users.

5. Data Retention

• Active data is retained as long as the bot is in your server
• Moderation audit logs are periodically pruned (configurable per server)
• Game sessions are aggregated into rollups; raw sessions older than 90 days may be pruned
• Closed tickets are retained for 30 days, then archived

6. Data Deletion

Server administrators can request deletion of all data associated with their server by removing the bot and contacting us. Individual users can request deletion of their personal data (XP, game stats, reminders) through the support server.

7. Third-Party Services

• Discord API — for bot functionality and OAuth authentication
• Supabase — database hosting
• IGDB / Twitch API — for game metadata enrichment (game names, cover art)

8. Children's Privacy

The bot is not intended for users under the age of 13 (or the minimum age required by Discord in your jurisdiction). We do not knowingly collect data from children.

9. Changes to This Policy

We may update this policy as features evolve. Significant changes will be announced via the bot's support server.

10. Contact

For privacy questions or data deletion requests, join our support server or contact us through the dashboard.