This comprehensive privacy policy establishes the framework for data protection and privacy rights concerning a Discord bot service that operates quiz and puzzle functionalities with leaderboard features. The policy demonstrates strict adherence to General Data Protection Regulation (GDPR) requirements while maintaining transparency about minimal data collection practices. The service prioritizes user privacy by implementing data minimization principles, collecting only essential Discord IDs for core functionality while explicitly avoiding the collection of usernames, profile information, chat messages, or any personally identifiable information beyond what is absolutely necessary for service operation.
The data controller responsible for your personal data is Megermajo Productions, operating the Discord bot service known as "RiddleMaster" or similar puzzle/quiz bot functionality. As required under Article 13(1)(a) of the GDPR, we provide our complete contact information to ensure transparent communication channels.
For all matters relating to data protection, privacy concerns, or exercising your data subject rights, please contact us at:
Email: riddlemaster@megermajo-productions.com
This email address serves as the primary contact point for data subject access requests, deletion requests, and any privacy-related inquiries. In accordance with GDPR Article 12 requirements, we are committed to responding to all data protection inquiries in a timely manner, typically within one month of receipt9.
Currently, no formal Data Protection Officer (DPO) has been appointed as the service operates below the threshold requiring mandatory DPO appointment under Article 37 of the GDPR. However, all data protection matters are handled directly by the controller through the designated contact email address.
The processing of personal data through our Discord bot service is conducted under Article 6(1)(f) of the GDPR, which permits processing based on legitimate interests. Our legitimate interest lies in providing functional quiz and puzzle services that require user identification for leaderboard maintenance and progress tracking. This processing is necessary to deliver the core service functionality that users expect when interacting with quiz bots.
The legitimate interest assessment demonstrates that our data processing activities are proportionate and do not override the fundamental rights and freedoms of data subjects. The minimal nature of data collection, limited to Discord IDs only, ensures that privacy impact is minimized while maintaining service functionality.
In compliance with GDPR transparency requirements outlined in Articles 12-14, this privacy policy serves as our primary mechanism for informing users about data processing activities. The policy is structured to be "concise, transparent, intelligible and easily accessible form, using clear and plain language" as mandated by the regulation9.
The primary category of personal data collected consists exclusively of Discord User IDs, which are unique numerical identifiers assigned by Discord to each user account. These IDs serve as the sole means of user identification within our system and are essential for core service functionality including leaderboard management and participation tracking.
Discord IDs are considered personal data under the GDPR definition as they can be used to identify natural persons within the Discord platform context. However, these identifiers are processed in an anonymized manner within our database systems, meaning they are stripped of direct associations with Discord usernames, profile pictures, or other identifying information1.
In adherence to data minimization principles outlined in Article 5(1)(c) of the GDPR, we explicitly do not collect several categories of information that typical Discord applications might access. This includes Discord usernames, display names, profile pictures, profile descriptions, server membership information beyond what is necessary for leaderboard functionality, direct messages, or any chat content posted in channels where the bot operates.
This restricted data collection approach significantly reduces privacy risks while maintaining full functionality of the quiz and leaderboard features. Users can be confident that their Discord profile information, communication history, and broader platform activity remain completely private from our data processing activities.
Limited server-specific data is collected to enable proper bot functionality across different Discord servers. This includes server IDs for leaderboard segregation, specific channel IDs where puzzle content should be posted, and changelog notification status to prevent duplicate notifications. No server member lists, channel content, user names or administrative information is collected or stored.
The primary purpose for processing Discord User IDs is to enable core quiz and puzzle bot functionality that users explicitly request when interacting with the service. This includes maintaining separate leaderboards for different servers, tracking successful quiz completions, and preventing duplicate submissions for the same puzzle.
User identification through Discord IDs is essential for these purposes as it allows the system to recognize returning users, maintain their progress accurately, and provide fair competition within leaderboard systems. Without this identification mechanism, the service would be unable to prevent cheating through multiple submissions or maintain meaningful competition metrics.
The system tracks only successful quiz completions rather than failed attempts, implementing a privacy-by-design approach that minimizes data collection while maintaining service quality. This approach ensures that user performance data beyond successful completions is not stored, reducing the privacy footprint of the service.
The tracking mechanism operates on an anonymous basis where Discord IDs are processed without association to other identifying information, creating a technical separation between the Discord platform identity and internal service records1.
Server-specific leaderboards represent a key feature that requires user identification to function properly. The system maintains separate leaderboard data for each Discord server where the bot operates, ensuring that competition remains fair and relevant to specific communities14. This server segregation also serves privacy purposes by preventing cross-server data correlation or user activity tracking across multiple communities.
Personal data is retained only for as long as necessary to fulfill the legitimate purposes for which it was collected, in accordance with Article 5(1)(e) of the GDPR. For Discord User IDs and associated quiz completion records, data is retained indefinitely to maintain leaderboard integrity and prevent cheating through multiple accounts, unless deletion is specifically requested by the data subject.
Server configuration data, including channel IDs and changelog status, is retained for the duration of the bot's presence in the respective Discord server. When the bot is removed from a server, associated configuration data is automatically deleted within a reasonable timeframe.
All collected data is stored in encrypted database systems that implement industry-standard security measures to protect against unauthorized access, disclosure, or modification. The minimal nature of data collection inherently reduces security risks, as no sensitive personal information beyond Discord IDs is stored.
Access to stored data is restricted to essential personnel only and is governed by strict access controls. Regular security assessments are conducted to ensure ongoing protection of user information in accordance with Article 32 of the GDPR.
Discord User IDs are processed in an anonymized manner within the database, meaning they are not linked to Discord usernames, profile information, or other identifying data that could be used to identify individuals outside the service context. This technical anonymization provides additional privacy protection while maintaining service functionality.
Under Article 15 of the GDPR, data subjects have the right to obtain confirmation of whether personal data concerning them is being processed and access to that data913. Users may request information about their Discord ID storage, quiz completion records, and any associated server leaderboard data by contacting us through the designated email address.
Access requests will be fulfilled within one month of receipt and verification of identity. Due to the anonymized nature of data storage, identity verification may require confirmation of Discord account ownership through the contact process10.
Data subjects have the right to request deletion of their personal data under Article 17 of the GDPR. Deletion requests can be submitted via email to riddlemaster@megermajo-productions.com with verification of Discord account ownership. Once verified, all associated Discord ID records, quiz completion data, and leaderboard entries will be permanently removed from the system.
The deletion process typically takes up to 30 days to complete fully, during which time the data is marked for deletion and access is restricted. Users will receive confirmation once the deletion process is complete.
Under Article 20 of the GDPR, users have the right to receive their personal data in a structured, commonly used format. For our service, this would include quiz completion records and leaderboard standings associated with their Discord ID. Data portability requests are processed through the same contact mechanism as other data subject rights.
Data subjects may object to the processing of their personal data under Article 21 of the GDPR, particularly for processing based on legitimate interests. Users may withdraw from the service entirely by requesting data deletion, which effectively terminates all data processing activities related to their Discord account.
The service operates under a strict no-data-sharing policy, meaning that no collected information is transferred to, shared with, or sold to third parties under any circumstances. This includes advertising networks, analytics services, data brokers, or any other external entities that might have commercial or analytical interest in user data.
The commitment to avoiding third-party data sharing extends beyond commercial considerations to include research, statistical analysis, or any other purposes that would involve external access to user information. This policy provides users with assurance that their Discord usage patterns and quiz participation remain completely private to the service.
While no data is shared with third parties for commercial or analytical purposes, necessary technical service providers such as hosting infrastructure may have access to encrypted data as part of their technical operations. These relationships are governed by strict data processing agreements that limit access and use of data to technical maintenance purposes only6.
All technical service providers are selected based on their GDPR compliance capabilities and commitment to data protection principles. Regular assessments ensure that these relationships maintain the same privacy standards as our direct operations.
The Discord bot service currently operates on a non-commercial basis, meaning that no revenue is generated from user data, advertising, or premium features8. This non-commercial status eliminates many privacy risks associated with data monetization and ensures that user information is processed solely for service functionality rather than business purposes.
The absence of commercial interests means that there are no incentives to collect additional data beyond what is strictly necessary for service operation, supporting genuine implementation of data minimization principles. Users can be confident that feature development and service improvements are driven by user experience rather than data collection opportunities.
Should the service transition to a commercial model in the future, users will be notified in advance and provided with updated privacy policies that reflect any changes in data processing purposes or practices. Any transition would maintain the same high standards of data protection and user privacy that characterize the current operation.
Commercial operation would not alter the fundamental commitment to minimal data collection and strong privacy protection, ensuring that user trust established during non-commercial operation is maintained through any business model changes.
While the service operates globally through Discord's platform, specific attention is paid to data transfer considerations under Chapter V of the GDPR. Database storage and primary processing occur within infrastructure that provides adequate protection for EU citizen data, whether through adequacy decisions or appropriate safeguards such as Standard Contractual Clauses.
Users are informed that Discord's own infrastructure involves international data transfers that are governed by Discord's privacy policy and data protection measures. Our service layer adds additional protection through minimal data collection and encryption, regardless of the underlying infrastructure location.
Where data is processed outside the European Economic Area, appropriate safeguards are implemented to ensure protection equivalent to GDPR standards1. This includes technical measures such as encryption, contractual protections with service providers, and regular assessment of data protection adequacy in processing locations.
This privacy policy may be updated periodically to reflect changes in legal requirements, service functionality, or data protection practices. Significant changes that affect user rights or data processing activities will be communicated through Discord bot announcements or direct notification where contact information is available.
Users are encouraged to review this privacy policy periodically to stay informed about data protection practices. The effective date of the current policy version is clearly indicated, and previous versions may be available upon request for transparency purposes.
Continued use of the Discord bot service after privacy policy updates constitutes acceptance of the updated terms, provided that changes do not materially affect user rights without additional consent mechanisms5. For significant changes that expand data collection or alter fundamental privacy protections, explicit consent may be required before continued service provision.
Under Article 77 of the GDPR, data subjects have the right to lodge complaints with supervisory authorities regarding data processing activities. Users may contact their local data protection authority if they believe that data processing violates GDPR requirements or if they are unsatisfied with responses to privacy concerns.
Contact information for EU data protection authorities is available through the European Data Protection Board website, and users are encouraged to exercise this right if they have concerns that cannot be resolved through direct communication with the service9.
The service commits to full cooperation with supervisory authority investigations and compliance assessments. This includes providing requested documentation, implementing corrective measures, and maintaining transparent communication throughout any regulatory processes1.
This privacy policy establishes a comprehensive framework for data protection that exceeds typical requirements through minimal data collection and strong privacy safeguards. The service demonstrates that effective Discord bot functionality can be achieved while maintaining user privacy through technical and procedural measures that go beyond basic GDPR compliance requirements. Users can confidently engage with quiz and puzzle features knowing that their privacy is protected through design choices that prioritize data minimization and transparency over data collection convenience.
The commitment to avoiding commercial data use, preventing third-party sharing, and providing easy data deletion mechanisms creates a privacy-protective environment that serves user interests while delivering engaging quiz experiences. Regular policy reviews and proactive communication ensure that these standards are maintained as the service evolves and regulatory requirements develop.
