Privacy Policy

Kandy is a Discord bot and web dashboard ("the Service") operated by an independent development team ("we", "us", "our"). This Privacy Policy applies to:

• Dashboard users — individuals who log into the Kandy web dashboard via Discord OAuth2.
• Server members — Discord users who are members of guilds where Kandy is installed, whose anonymised Discord IDs may be processed as part of reach analysis.
• Server administrators — Users who configure Kandy for their Discord guild.

We are not affiliated with Discord Inc. We collect and process only the data required to operate the service. We do not sell, rent, or broker your personal data to any third party.

We collect two categories of data:

A. Data you provide directly

• Discord OAuth2 profile: When you log in, Discord shares your user ID, username, avatar hash, and email address (if you have one associated) with us. We store your Discord user ID and avatar for session and authentication purposes.
• Server configuration: Settings you input when configuring Kandy for your guild — including log channel IDs, role IDs, ad cooldowns, and minimum ad amounts. These are stored as part of your guild's Setup record.
• Partnership data: Partner server IDs, agreed reach figures, partnership descriptions, contact information (Discord user IDs), and status history submitted through the dashboard.
• Ad queue and templates: Advertisement message content and scheduling rules you configure.

B. Data collected automatically during service operation

• Ad delivery statistics: When Kandy broadcasts a heist or mafia advertisement, we record aggregate statistics per broadcast (channels posted to, errors encountered, timestamp, message ID). These are stored on your guild's Setup document.
• Reach cache: When a reach calculation is performed, we temporarily cache Discord role member IDs (stored as plain Discord snowflake strings) for a maximum of 5 minutes, after which the cache record is automatically deleted by a MongoDB TTL index. We do not permanently store member lists.
• Audit and console logs: Admin actions performed in the dashboard console (e.g., sending announcements, managing blacklists) are logged with the acting user's ID and a description of the action for accountability.
• Error logs: Internal bot and dashboard errors are logged with contextual metadata (e.g., guild ID, command used) to help us diagnose problems. Logs are purged on a rolling schedule.
• Inbox read state: We store a per-user record of when you last read a developer broadcast message, to determine whether to show an unread notification.
• Bot blacklists: If a user or server is blacklisted from using Kandy, we store their Discord ID and the reason for the block.

We use the data we collect for the following purposes:

• Service delivery: Processing your guild's ad automation, partnership management, and reach analytics as configured.
• Authentication: Verifying your Discord identity and authorising dashboard access to the guilds where you have manage permissions.
• Safety and integrity: Enforcing blacklists, detecting abuse, and protecting other users from spam or misuse of the bot.
• Service improvement: Analysing aggregate, anonymised usage patterns (e.g., how many guilds use mafia mode vs heist mode) to improve features.
• Communications: Sending developer broadcast messages through the Developer Inbox to inform users of important updates, downtime, or policy changes.
• Legal compliance: Retaining records as required by applicable law or to defend against legal claims.

We do not use your data for advertising to third parties, profiling for commercial purposes, or any purpose not described above.

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with data protection legislation, our legal bases for processing your data are:

• Contract performance: Processing your Discord ID and server configuration is necessary to provide the service you have signed up for.
• Legitimate interests: Maintaining audit logs, enforcing blacklists, and diagnosing errors are in our legitimate interest to operate a safe and reliable service.
• Legal obligation: Retaining certain records where required by law.
• Consent: Where we rely on consent (e.g., for any optional communications), you may withdraw it at any time without affecting the lawfulness of prior processing.

We do not sell or commercially share your personal data. We may share limited data in the following circumstances:

• Discord Inc.: Bot functionality requires us to send and receive data from Discord's API (e.g., posting messages, reading channel information). Discord's own Privacy Policy governs how they handle that data.
• Infrastructure providers: We use cloud hosting and database providers (such as MongoDB Atlas and Vercel) to run the service. These providers process data on our behalf under appropriate data processing agreements.
• Legal requirements: We may disclose data if required to do so by law, court order, or governmental authority.
• Serious harm prevention: Where we have a good-faith belief that disclosure is necessary to prevent imminent serious harm to a person or group.

Partnership data (e.g., server names, reach figures, contact IDs) visible in the dashboard is accessible to users with dashboard access to the relevant guild. You control who has access by managing permissions within your Discord server.

• Active guild setup data is retained for as long as the bot remains in your server or your account remains active.
• Reach cache is automatically deleted after 5 minutes via a MongoDB TTL index.
• Developer Inbox messages are capped at 10 entries and older messages are automatically deleted when new ones are published.
• Console and audit logs are retained for up to 90 days for operational accountability and then purged.
• Session data (NextAuth tokens) expires when you log out or your Discord access token expires (~30 days without activity).
• Blacklist records are retained indefinitely while the block is active and for 12 months after removal, for audit purposes.

Upon receiving a valid deletion request (see Section 08), we will delete your personal data within 30 days, subject to legal retention obligations.

We take the security of your data seriously and implement the following measures:

• All dashboard traffic is encrypted in transit via HTTPS (TLS 1.2+).
• API routes that access or modify data require a valid authenticated session. Admin-only routes perform additional role verification.
• Rate limiting is applied to all API endpoints to prevent brute-force attacks and database flooding.
• Database access is restricted to the application layer; database credentials are stored as environment variables and never exposed client-side.
• Discord OAuth tokens are handled by NextAuth.js and stored securely server-side, never in browser-accessible storage.
• Input validation and NoSQL injection protection are applied to all user-submitted data before any database write operation.

No system is perfectly secure. If you discover a security vulnerability in Kandy, please report it responsibly via our support server rather than exploiting it.

Depending on your location, you may have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Ask us to correct inaccurate data.
• Right to erasure ("right to be forgotten"): Request deletion of your personal data. We will honour this within 30 days, subject to legal retention requirements.
• Right to data portability: Request your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests.
• Right to restrict processing: Ask us to pause processing your data while a dispute is resolved.

To exercise any of these rights, contact us through our official Discord support server. We will respond within 30 days. We may need to verify your identity before processing your request.

If you believe we have mishandled your data, you have the right to lodge a complaint with your local data protection authority (e.g., the ICO in the UK, or your EU member state's supervisory authority).

The Kandy dashboard uses the following browser storage mechanisms:

• Session cookies: NextAuth.js stores an encrypted session token in a secure, HttpOnly cookie. This cookie is required for authentication and cannot be disabled while using the dashboard.
• CSRF protection tokens: Automatically managed by NextAuth.js to prevent cross-site request forgery.

We do not use cookies for advertising, tracking across third-party sites, or analytics beyond what is necessary to operate the service. We do not use Google Analytics or similar third-party tracking scripts.

Kandy is not directed to children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us and we will delete that data promptly.

Since Kandy operates through Discord, which itself requires users to be at least 13, we rely on Discord's age verification as the first gate. Users in jurisdictions with higher minimum ages (e.g., 16 under GDPR for certain processing) should comply with their local law.

Kandy is operated and our infrastructure providers are located in various countries. If you are located in the EEA or UK, your data may be transferred to and processed in countries outside the EEA or UK.

When such transfers occur, we ensure appropriate safeguards are in place, such as using service providers that participate in approved data transfer frameworks or provide adequate contractual guarantees (e.g., Standard Contractual Clauses).

We may update this Privacy Policy from time to time. Material changes will be communicated through the Developer Inbox system on the dashboard and in connected Discord servers, with at least 14 days' notice before changes take effect.

The "Last Updated" date at the top of this page will always reflect the most recent revision. Your continued use of the service after changes take effect constitutes your acceptance of the updated policy.

For any questions, data requests, or privacy concerns, please contact us through our official Discord support server, which is linked in the dashboard documentation pages.

When submitting a data access or deletion request, please include:

• Your Discord username and user ID.
• The specific data or guilds your request relates to.
• A clear description of your request.