Privacy Policy

1. Data Controller

The data controller responsible for data processing under GDPR is:

2. General Information on Data Processing

The protection of your personal data is of particular concern to us. We process your data exclusively on the basis of legal provisions (GDPR, TKG 2003). In this privacy policy, we inform you about the most important aspects of data processing within the scope of our website and Discord bot.

3. Discord OAuth Login

3.1 Data Collected

When you log in to our dashboard via Discord, we collect the following data from Discord:

• Discord ID: Unique user identification number
• Username: Your Discord username
• Avatar: Your Discord profile picture (URL)
• Email Address: The email address linked to your Discord account
• Server List: List of Discord servers you are a member of (for bot management only)

3.2 Purpose of Processing

The processing of this data is carried out for the following purposes:

• Authentication and login to our dashboard
• Management of Roasty.gg on your Discord servers
• Personalization of user experience
• Communication regarding the service (e.g., important updates)

3.3 Legal Basis

Processing is based on:

• Art. 6 para. 1 lit. b GDPR - Contract fulfillment (provision of bot service)
• Art. 6 para. 1 lit. a GDPR - Consent (granted during Discord OAuth authorization)

4. Bot Usage Data

4.1 Server Data Collected

When using Roasty.gg on your Discord servers, we store:

• Server ID: Unique identification number of the Discord server
• Server Name: Name of the Discord server
• Server Icon: Server image (URL)
• Bot Settings: Your configured settings (e.g., roast level, allowed roles)
• API Keys: Your ElevenLabs API keys (stored encrypted)

4.2 Roast Logs

For error analysis and service improvement, we store:

• Timestamp of bot usage
• Type of roast executed (game roast, user roast, etc.)
• Roast level (light, medium, hard)
• Channel ID where the bot was used

5. Payment Data & Premium Subscriptions

5.1 Stripe as Payment Processor

For processing premium subscriptions, we use Stripe, Inc. as our payment processor. During payment, the following data is transmitted directly to Stripe:

• Name and address
• Payment information (credit card details, etc.)
• Email address
• Transaction amount and date

5.2 Payment Data Stored by Us

In our database, we store only:

• Stripe Customer ID: Unique customer ID from Stripe (no credit card data!)
• Stripe Subscription ID: Subscription ID
• Subscription Status: active, canceled, past_due, etc.
• Subscription Period: Start and end date of subscription
• Invoice Information: Date and status of invoices

5.3 Legal Basis

Processing is based on Art. 6 para. 1 lit. b GDPR for contract fulfillment (provision of premium service).

For more information about Stripe's privacy practices, please visit: https://stripe.com/privacy

6. Google Fonts

Our website uses Google Fonts for uniform font display. When you access a page, your browser loads the required web fonts into your browser cache.

6.1 Data Transmitted

For this purpose, the browser you use must connect to Google's servers. This gives Google knowledge that our website was accessed via your IP address.

6.2 Legal Basis

The use of Google Fonts is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the uniform and appealing presentation of our web presence.

For more information about Google Fonts, please visit: https://policies.google.com/privacy

7. Cookies

Our website uses cookies. Cookies are small text files that are stored on your device.

7.1 Technically Necessary Cookies

We use the following technically necessary cookies:

• Session Cookie: To maintain your login session (deleted after session ends)
• Language Cookie: Storage of your preferred language

7.2 Legal Basis

Processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the technical functionality of the website.

7.3 Cookie Management

You can configure your browser to inform you about cookie settings and only allow cookies on a case-by-case basis. If you deactivate cookies, the functionality of our website may be limited.

8. Data Storage and Retention Periods

8.1 Storage Duration

We store your data only as long as necessary for the respective purposes:

• Account Data: As long as your account is active
• Server Settings: As long as the bot is active on the server
• Roast Logs: Maximum 90 days
• Payment Information: According to legal retention requirements (typically 10 years)

8.2 Deletion

Your data will be deleted when:

• You delete your account
• You remove the bot from all your servers
• You cancel your premium subscription (after retention period expires)
• The purpose of storage ceases to exist

9. Your Rights

According to GDPR, you have the following rights:

• Right to Access (Art. 15 GDPR): You can request information about your personal data processed by us.
• Right to Rectification (Art. 16 GDPR): You can request correction of inaccurate data.
• Right to Erasure (Art. 17 GDPR): You can request deletion of your data, provided there are no legal retention obligations.
• Right to Restriction (Art. 18 GDPR): You can request restriction of processing your data.
• Right to Data Portability (Art. 20 GDPR): You can receive your data in a structured, common format.
• Right to Object (Art. 21 GDPR): You can object to the processing of your data for reasons arising from your particular situation.
• Right to Withdraw Consent: You can withdraw consent given at any time.

9.1 Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your data violates data protection law.

Competent supervisory authority for Austria:

10. Data Security

We implement comprehensive technical and organizational security measures to protect your data from unauthorized access, loss, or misuse:

• SSL/TLS Encryption: All data transmissions are encrypted
• Encrypted Storage: Sensitive data (e.g., API keys) is stored encrypted
• Access Controls: Strict access restrictions to our systems
• Regular Backups: To prevent data loss
• Security Updates: Our systems are regularly updated

11. Sharing Data with Third Parties

Your data is only shared with third parties in the following cases:

11.1 Service Providers

• Discord API: To provide bot functionality
• Stripe: For payment processing
• ElevenLabs: For text-to-speech generation (via your own API keys)
• Hosting Provider: To operate our servers

11.2 Legal Obligation

We share your data when legally required to do so (e.g., by order of authorities).

11.3 Data Processing Agreements

With all service providers who have access to personal data, we conclude data processing agreements in accordance with Art. 28 GDPR.

12. International Data Transfers

Some of our service providers are located outside the EU/EEA (e.g., Discord, Stripe in the USA). These transfers are based on:

• Adequacy decisions of the EU Commission (e.g., EU-US Data Privacy Framework)
• Standard Contractual Clauses according to Art. 46 GDPR

13. Changes to this Privacy Policy

We reserve the right to amend this privacy policy to adapt it to changed legal situations or changes to the service. You can always find the current version on this page.

In case of significant changes, we will inform you via email or through a dashboard popup.

14. Privacy Contact

If you have questions about data protection, exercising your rights, or complaints, you can contact us at any time: