Privacy Policy
Effective Date: 02/10/2025
1. Scope & Purpose
This Privacy Policy explains how Nerteron (the “Company”, “we”, “us”, or “our”) collects, uses, stores, protects, and shares personal data when you install, configure, or interact with the Nerteron Discord Moderation Bot (“Bot”) on Discord servers. It applies to all users, server owners, and administrators who use the Bot, regardless of whether they are private individuals or entities.
2. Legal Basis (French & EU Law)
Our processing activities are grounded in the following legal bases under the Règlement Général sur la Protection des Données (RGPD) and the French Loi Informatique et Libertés:
| Activity | Legal Basis |
|---|---|
| Performance of the contract – providing moderation services as requested by the server owner. | Art. 6(1)(b) RGPD |
| Legitimate interests – ensuring security, preventing abuse, improving the Bot, and complying with legal obligations. | Art. 6(1)(f) RGPD (balanced against your rights) |
| Consent – optional features that require explicit opt‑in (e.g., analytics, marketing communications). | Art. 6(1)(a) RGPD |
| Legal obligation – responding to lawful requests from authorities. | Art. 6(1)(c) RGPD |
3. What Data We Collect
| Category | Description | Source | Why We Need It |
|---|---|---|---|
| Discord identifiers | User ID, Guild (server) ID, Channel ID, Message ID, Role IDs | Discord API (provided when the Bot is invited) | Identify the user/guild for moderation actions, enforce rules, log events. |
| Message metadata | Timestamp, content hash (used only for detecting prohibited content), attachments metadata (file name, size, MIME type) | Discord messages processed by the Bot | Detect spam, harassment, hate speech, phishing, or other rule violations. |
| Configuration settings | Custom word filters, auto‑moderation thresholds, whitelist/blacklist entries | Server admin configuration via Bot commands | Apply the server‑specific moderation policy. |
| Log data | Action taken (e.g., warning, mute, ban), moderator who issued the command, reason text (if supplied) | Bot activity logs | Auditing, transparency, dispute resolution, and compliance. |
| Technical data | IP address of the server where the Bot runs (internal), request timestamps, error reports | Hosting environment (cloud provider) | Operational monitoring, security, debugging. |
| Optional analytics (only if you enable the analytics feature) | Aggregated usage statistics (number of commands, most common actions) | Bot telemetry | Improve product experience, prioritize feature development. |
What we do not collect:
- Private messages that are not sent in a server where the Bot is present.
- Direct messages between users unless the Bot is explicitly invoked in a DM (which is not supported by default).
- Personal data beyond the identifiers and message metadata listed above.
4. How We Use Your Data
- Moderation & Enforcement – Apply the configured rules, issue warnings, mutes, bans, or delete offending content.
- Audit & Transparency – Keep immutable logs (for a configurable retention period) to allow server owners to review moderation actions.
- Security & Abuse Prevention – Detect and block spam, phishing links, malware distribution, and coordinated attacks.
- Service Improvement – Analyze aggregated, anonymized data (if analytics are enabled) to fix bugs, enhance performance, and develop new features.
- Legal Compliance – Respond to lawful requests from competent authorities (court orders, subpoenas, etc.).
- Communication with You – Send important service notices (e.g., downtime, policy changes) via the email address you provide when you create a Nerteron account. Marketing communications are sent only with explicit consent.
5. Data Retention
| Data Type | Retention Period | Rationale |
|---|---|---|
| Moderation logs | 90 days by default (configurable up to 365 days by server admin) | Enables audit while respecting storage limits. |
| Message metadata used for detection | Deleted immediately after processing, except when a violation is recorded (stored as summary in logs). | Minimizes unnecessary retention. |
| Configuration settings | As long as the Bot remains installed on the server. | Needed for continuous operation. |
| Analytics (optional) | 30 days (aggregated, anonymized) | Sufficient for trend analysis; then purged. |
| Technical logs (errors, IPs) | 30 days | Debugging and security monitoring. |
You may request deletion of retained logs earlier by contacting us (see § 9).
6. Data Sharing & Transfers
- Within the Company – Authorized Nerteron personnel (engineers, support staff) may access data strictly on a need‑to‑know basis.
- Third‑Party Service Providers – Cloud hosting providers (e.g., AWS, GCP) process data for storage and compute. They are bound by EU‑standard contractual clauses and GDPR‑compliant terms.
- Legal Authorities – We will disclose data when required by French law (e.g., a court order, CNIL request) or to protect our rights, safety, or the safety of others.
- No Sale of Data – We never sell personal data to advertisers or third parties.
All transfers outside the European Economic Area (EEA) are protected by standard contractual clauses approved by the European Commission.
7. Your Rights Under the RGPD
As a data subject, you enjoy the following rights, exercisable free of charge:
- Right of Access – Obtain a copy of the personal data we hold about you.
- Right to Rectification – Request correction of inaccurate data.
- Right to Erasure (“right to be forgotten”) – Ask us to delete your data, subject to legitimate retention needs (e.g., legal obligations).
- Right to Restriction of Processing – Limit how we process your data temporarily.
- Right to Data Portability – Receive your data in a structured, commonly used format.
- Right to Object – Object to processing based on legitimate interests or direct marketing.
- Right to Lodge a Complaint – File a complaint with the French data protection authority (CNIL).
To exercise any of these rights, contact privacy@nerteron.com with a clear description of the request and proof of identity (e.g., Discord user ID + associated email). We will respond within one month as required by the RGPD.
8. Security Measures
- Encryption in transit – All communication between Discord, our servers, and the Bot uses TLS 1.2+ encryption.
- Encryption at rest – Sensitive identifiers are stored encrypted using AES‑256.
- Access controls – Role‑based access, multi‑factor authentication for staff, and regular audits.
- Vulnerability management – Continuous scanning, patching, and a coordinated vulnerability disclosure program (bug bounty).
- Incident response – Defined procedures to detect, contain, and notify affected parties of any data breach within 72 hours, per Article 33 RGPD.
9. How to Contact Us
Data Protection Officer (DPO)
Email: privacy@nerteron.com
For general support or questions about the Bot: support@nerteron.com or join our Discord support server (@NerteronSupport).
10. Changes to This Privacy Policy
We may update this Privacy Policy to reflect regulatory changes, new features, or operational adjustments. When a material change occurs, we will:
- Post the revised policy on the Bot’s documentation site with a clear “Last updated” date.
- Notify server owners via the Bot’s announcement channel (if they have opted in).
Your continued use of the Bot after such notice constitutes acceptance of the updated policy.