Privacy Policy
Last updated: July 2, 2026
This Privacy Policy explains how Kyvera collects, uses, stores, protects, and deletes personal data in connection with the Discord bot, the web dashboard, and related services.
1. Controller and Contact
The controller responsible for processing personal data through Kyvera is:
- Controller: Kevin Bauer
- Full provider and address details are available in the Imprint.
- Website: kyvera.horizov.site
- Privacy contact: [email protected]
If a separate legal notice or imprint is available on this website, the details listed there also apply to this Privacy Policy.
2. Services Covered by This Policy
This Privacy Policy applies to:
- the Kyvera Discord bot, including commands and automations;
- the Kyvera web dashboard;
- Discord OAuth2 login and authentication flows;
- server configuration, moderation, logging, feedback, ticket, backup, and automation features;
- Discord bot permissions and Discord Gateway Intents, including privileged intents where enabled and approved;
- technical infrastructure required to operate and secure the service.
3. Data We Collect
We only collect and process data that is necessary to provide, secure, maintain, troubleshoot, and improve the service. Because Kyvera may use Discord Gateway Intents, including privileged intents where enabled and approved, the categories of data processed may depend on the features enabled in a specific Discord server.
- Discord account data: Discord user ID, username, global name, display name, avatar hash or avatar URL, discriminator where available, locale where provided, and basic profile information provided through Discord OAuth2 or Discord API responses.
- Discord authentication data: login status, session cookies, signed session tokens, OAuth2 authorization data, access tokens where technically required, token expiry time, and OAuth2 scopes approved during login.
- Discord guild/server data: guild ID, guild name, guild icon, owner information where available, server settings, permission flags, enabled features, channel IDs, role IDs, category IDs, emoji/sticker metadata, webhook metadata, invite metadata, scheduled event metadata, and server configuration values required for bot features.
- Member-related data: Discord user IDs, guild member IDs, nicknames, roles, join dates, permission-related information, moderation status, timeout or ban-related metadata, warning history, and other member metadata required for moderation, logging, role management, dashboard access, or configured server features.
- Message-related data: message IDs, channel IDs, guild IDs, author IDs, timestamps, message content, attachment metadata, embeds, links, mentions, reactions, edited/deleted message events, and related message metadata where required for commands, moderation, automod, logging, tickets, feedback, anti-spam, anti-abuse, or other enabled features.
- Direct message data: user IDs, message IDs, timestamps, and message content may be processed if a user directly interacts with the bot through Discord direct messages or if a feature requires DM-based communication.
- Presence and activity data: presence status, activity metadata, and related event data may be processed where Discord provides it and where a feature requires it. Kyvera does not use this data for advertising or selling user profiles.
- Voice state data: voice channel IDs, join/leave events, mute/deafen status, streaming/video indicators, and related voice state metadata may be processed where required for logging, moderation, automation, or server utility features.
- Moderation and audit-related data: moderation actions, warning logs, timeout logs, ban or kick metadata, deleted or edited message events, automod events, audit-style logs, staff actions, reason fields, timestamps, and related metadata required for moderation, security, and abuse prevention.
- Dashboard data: selected guilds, dashboard settings, feature toggles, server configuration changes, administrative actions, feedback management actions, and permission checks performed through the web dashboard.
- Bot feature data: leveling data, economy data, command usage metadata, custom command triggers, ticket metadata, ticket transcripts, feedback submissions, developer notes, backup templates, restore metadata, automation settings, logging settings, and other feature-specific data.
- Technical data: IP address, user agent, request URL, referrer, timestamps, error logs, security events, rate-limit events, Cloudflare security data, Vercel request data, API logs, and diagnostic information generated when accessing the website, dashboard, API, or bot services.
Not every category is processed for every user or every server. The actual data processed depends on the Discord permissions granted to the bot, the Gateway Intents enabled for the application, the features enabled in the server, the user's interaction with the bot or dashboard, and the data provided by Discord.
4. Why We Process Data
We process personal data for the following purposes:
- to authenticate users through Discord OAuth2;
- to display the correct Discord servers in the dashboard;
- to verify whether a user has permission to manage a server;
- to store and apply server-specific bot settings;
- to provide moderation, logging, ticket, feedback, backup, automod, economy, leveling, and automation features;
- to process Discord Gateway events required for enabled bot features;
- to protect the website, dashboard, APIs, and bot against abuse, spam, raids, malicious use, and unauthorized access;
- to troubleshoot bugs, monitor service reliability, and investigate security incidents;
- to comply with legal obligations where applicable.
5. Legal Bases for Processing
Where the General Data Protection Regulation applies, we rely on the following legal bases:
- Contract or pre-contractual necessity: processing required to provide the bot, dashboard, authentication, and requested features.
- Legitimate interests: processing required for security, abuse prevention, debugging, service reliability, permission checks, moderation history, anti-spam measures, and maintaining server configurations.
- Consent: processing based on optional Discord OAuth2 authorization, optional cookies where required, or optional features enabled by a user or guild administrator.
- Legal obligation: processing required to comply with applicable laws, lawful requests, or record-keeping obligations.
6. Discord OAuth2, Bot Permissions, and Gateway Intents
Kyvera uses Discord OAuth2 to let users log in with their Discord account and to verify which servers they can manage. During this process, Discord may provide account and guild information according to the authorization scopes approved by the user.
Kyvera may also use Discord bot permissions and Discord Gateway Intents, including privileged intents where enabled and approved, to provide bot features. This may allow the bot to receive events related to guilds, members, messages, message content, reactions, moderation actions, voice states, presences, scheduled events, auto moderation, and other Discord events required for configured features.
- We do not use Discord data for advertising or selling user profiles.
- We use Discord data only to operate Kyvera features, permission checks, security systems, moderation tools, dashboard functionality, and support workflows.
- Message content is processed only where required for enabled features such as commands, moderation, automod, logging, tickets, feedback, anti-spam, or anti-abuse systems.
- If a user removes authorization, leaves a server, or removes the bot from a server, some stored data may remain temporarily where needed for logs, security, moderation history, abuse prevention, legal obligations, or backup integrity.
7. Cookies, Sessions, and Similar Technologies
We use cookies and similar technologies to keep the dashboard secure and functional. These may include:
- Session cookies: used to keep users logged in after Discord OAuth2 authentication.
- Security cookies: used by Cloudflare to detect abuse, bots, attacks, or suspicious traffic.
- Hosting and deployment cookies: used by Vercel or related tooling, especially for development, preview, or admin features.
- Discord cookies: Discord may set or read cookies during login or authorization on Discord-controlled pages.
Essential cookies are required for login, security, and dashboard access. If optional analytics or marketing cookies are added in the future, this policy should be updated and consent should be requested where required.
8. Hosting, Infrastructure, and Processors
We use external service providers to host, secure, and operate Kyvera. These providers may process technical or service-related data on our behalf.
- STRATO: domain registration and domain-related services.
- Cloudflare: DNS, CDN, traffic routing, DDoS protection, firewall, bot protection, and security cookies.
- Vercel: hosting and deployment of the dashboard and API routes.
- WispByte: hosting of the Discord bot. Bot server location: Romania, European Union.
- Supabase: database hosting. Database region: EU Central 1.
- Discord: authentication provider, bot platform, and source of Discord account, guild, member, message, permission, and event data.
These providers are used only as necessary to provide, secure, and maintain the service. Some providers may process data in countries outside the European Economic Area.
Where these providers act as processors on our behalf, we use appropriate data processing agreements or equivalent contractual safeguards where required by applicable data protection law. Where required for international transfers, we rely on appropriate safeguards such as contractual protections or standard contractual clauses.
9. Data Retention
We keep personal data only for as long as necessary for the purposes listed in this Privacy Policy, unless a longer retention period is required or permitted by law.
- Session data: stored until logout, expiry, or manual deletion.
- Guild settings: stored while the bot is used in a server or until deletion is requested by an authorized guild administrator.
- Moderation and security logs: stored as long as needed for moderation history, abuse prevention, dispute handling, server safety, or legal obligations.
- Feedback and tickets: stored until resolved, deleted, or no longer needed for support and development purposes.
- Message-related logs: stored only where a server has enabled features that require such logs and only for as long as needed for moderation, security, support, troubleshooting, or configured retention.
- Technical logs: stored for a limited period needed for debugging, security, abuse prevention, and reliability.
- Backups: may remain for a limited backup rotation period before being overwritten or deleted.
10. Data Sharing
We do not sell, rent, or trade personal data. Data may be shared only in the following limited cases:
- with infrastructure providers listed in this policy;
- with Discord where required for bot, OAuth2, API, or Gateway functionality;
- with authorized server administrators through dashboard features;
- when required to comply with applicable law or lawful requests;
- when necessary to investigate abuse, fraud, security incidents, policy violations, or technical issues.
11. Security Measures
We use technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures may include HTTPS, access controls, signed sessions, database access restrictions, provider-level security controls, rate limits, anti-abuse controls, and limited access to administrative tooling.
No online service can guarantee absolute security. If we become aware of a security incident that affects personal data, we will take appropriate steps to investigate, mitigate, and notify affected users or authorities where required by law.
12. Your Rights
Depending on your location and applicable law, you may have the right to:
- request access to personal data stored about you;
- request correction of inaccurate or incomplete data;
- request deletion of personal data;
- request restriction of processing;
- object to processing based on legitimate interests;
- request data portability where applicable;
- withdraw consent where processing is based on consent;
- lodge a complaint with a competent data protection authority.
To exercise your rights, contact us at [email protected]. We may need to verify your identity and Discord account ownership before processing certain requests.
To request deletion of Discord-related user data, include your Discord user ID. To request deletion of guild-related data, include the Discord guild ID and proof that you are the guild owner or have sufficient administrative permissions.
13. Guild Administrator Requests
Guild owners or users with sufficient server permissions may request deletion of guild-specific settings, backups, feedback records, logs, transcripts, or configuration data. Some records may be retained where necessary for security, abuse prevention, moderation history, legal obligations, dispute handling, or backup integrity.
14. Children and Minimum Age
Kyvera is intended for users who are allowed to use Discord under Discord's own terms and applicable local law. We do not knowingly collect data from users who are not permitted to use Discord. If you believe that data from such a user has been processed, please contact us.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, infrastructure, Discord permissions, Gateway Intents, legal requirements, or data processing practices. The latest version will always be available on this page. Significant changes may be announced through the dashboard, website, or Discord support channels.
Questions about this Privacy Policy? Contact [email protected].