Privacy Policy
Effective May 4, 2026 (updated May 4, 2026 — added the self-service /account export and /account delete commands; corrected the AWS Rekognition region listed in the processors table: eu-west-1 Ireland instead of eu-west-3 Paris, since Rekognition is not deployed in the Paris region by AWS)
Welcome. This policy explains, in plain terms, what data PodiumBot collects about you, why, how long we keep it, and how you can control it. We tried to make it readable — not a legal wall of text. If anything is unclear, write to us: contact@podiumbot.app.
PodiumBot is a Discord bot that lets communities run contests (best burger, best cat, best meme…) with submissions, voting, and an automatic podium. It's an online service, and online services process personal data. Here's how we handle it.
1. Data Controller
The data controller, within the meaning of the General Data Protection Regulation (GDPR, EU Regulation 2016/679), is the company that publishes and operates PodiumBot:
- Legal form: Société par Actions Simplifiée (SAS), incorporated under French law
- SIREN:
102 311 636 - Share capital:
€500.00 - Registered office:
254 rue Vendôme, 69003 Lyon, France - Website: https://podiumbot.app
- Contact:
contact@podiumbot.app
When you use the bot on your Discord server, or sign in to podiumbot.app via Discord OAuth, this company decides why and how your data is processed — and is therefore responsible to you and to the French data protection authority (CNIL).
2. Data Protection Officer (DPO)
We have not designated a DPO. At our scale (PodiumBot is pre-launch, the team is small, we don't process special-category data within the meaning of GDPR Article 9, and we don't conduct large-scale systematic monitoring), appointing a DPO is not mandatory under GDPR Article 37.
That said, you always have a dedicated contact for any privacy question:
contact@podiumbot.app
Tag your subject line with [Privacy] so we route it as priority.
3. What data we collect
We try to collect only what's strictly needed to run the service. Here's the exhaustive list, broken down by source.
3.1 Data from Discord OAuth (signing in to podiumbot.app)
When you log in to our website via Discord, Discord sends us:
- Your Discord user ID (snowflake — the public ID Discord assigns you)
- Your Discord username and your global_name
- Your avatar hash (so we can show your avatar in the dashboard)
- The list of Discord servers you belong to — only to figure out which ones you can administrate. This list is transient: we read it, use it for display, and never store it in our database.
- An OAuth access token issued by Discord — it lives only inside your encrypted session cookie, never in our database.
3.2 Data from bot interactions on Discord
When you use PodiumBot on a Discord server, we record:
- The Discord server ID (snowflake) where the bot is invited
- The server name (only to display it in the dashboard)
- For each contest: its name, description, allowed-roles configuration, start/end schedules, channel ID where the contest is published
- For each submission: the image (uploaded via Discord, then re-uploaded to Cloudflare R2 so it stays available after the Discord URL expires), title, optional description, author's Discord user ID. Before storage, every image is automatically scanned by AWS Rekognition to detect prohibited content (explicit nudity, violence, hate symbols, drugs). If the server admin has marked the channel as NSFW (Discord's native flag), the scan is disabled for submissions in that channel. No analysis data is retained — only the binary verdict (accepted / rejected) is used to allow or block the upload. In addition, images served from Cloudflare R2 are scanned by Cloudflare's CSAM Scanning Tool (PhotoDNA / NCMEC hashes), which automatically detects and blocks child sexual abuse material.
- For each vote: the rating (1 to 5 stars), the voter's Discord user ID, the submission ID
- For each per-contest ban: the reason, who blocked, when
3.3 Data from Discord App Subscriptions
If your server subscribes to PodiumBot Pro (€3.99/month), Discord sends us:
- The subscription status for the server (active / cancelled / expired)
- The plan tier (Free / Pro)
- Renewal / expiry dates
We never see your payment method, card number, billing address, or any banking data. Discord is the merchant of record for all PodiumBot subscriptions — Discord collects the payment, Discord handles the payment data, and Discord's privacy policy applies to that flow. We just receive the signal "this server has paid, give them Pro features".
3.4 Data we generate ourselves
- An encrypted, signed session cookie (AES-256, sealed with
iron-webcrypto), 7-day lifetime - A language preference cookie (
froren) - Server logs (request paths, HTTP status codes, hashed IP) kept for 30 days for debugging and security
That's it. No tracking, no advertising profiling, no fingerprinting, no third-party analytics.
4. Purposes and legal basis
For each processing activity, here's what we do it for and which GDPR legal basis (Article 6) we rely on.
| Purpose | Data used | Legal basis (GDPR Art. 6) |
|---|---|---|
| Sign you in to podiumbot.app and show you the servers you administrate | Discord OAuth, session cookie | Performance of contract (Art. 6(1)(b)) |
| Let you create and manage contests on your server | Server ID, contest configuration | Performance of contract (Art. 6(1)(b)) |
| Let members submit entries and vote | Image, title, Discord ID, vote | Performance of contract (Art. 6(1)(b)) |
| Publish the podium when the contest ends | Submissions + votes | Performance of contract (Art. 6(1)(b)) |
| Enforce contest rules (per-contest bans) | Reason, moderator, timestamp | Legitimate interest (Art. 6(1)(f)) — moderation |
| Automatically scan submitted images to block prohibited content | Image (transitory, not retained by the moderation service), binary verdict | Legitimate interest (Art. 6(1)(f)) — security, legal compliance |
| Enable / disable Pro features based on subscription | Discord subscription status | Performance of contract (Art. 6(1)(b)) |
| Secure the service, detect abuse, debug | Server logs, hashed IP | Legitimate interest (Art. 6(1)(f)) — security |
| Remember your preferred language | Locale cookie | Legitimate interest (Art. 6(1)(f)) — functional |
We do not market. No newsletter, no advertising, no data resale. So there is no consent-based marketing processing — there's nothing to consent to, because we won't be soliciting you.
5. Who we share your data with (sub-processors)
PodiumBot relies on technical providers — these are sub-processors within the meaning of GDPR Article 28. None of them uses your data for their own purposes; they process it solely to deliver the service to PodiumBot, under a Data Processing Agreement (DPA).
| Sub-processor | Role | Country | Transfer mechanism |
|---|---|---|---|
| Discord Inc. | Authentication, bot gateway, DMs, App Subscriptions, image hosting transit | USA | Standard Contractual Clauses (SCCs) — incorporated by reference in Discord's DPA |
| Cloudflare, Inc. | Workers (web app hosting), R2 (image storage), DNS, registrar | USA / global edge | DPA + Standard Contractual Clauses |
| Neon, Inc. | Managed PostgreSQL (our database, EU-Central / Frankfurt region) | USA (parent), EU hosting | DPA + Standard Contractual Clauses |
| Hetzner Online GmbH | VPS hosting the bot's gateway client | Germany | EU only — no transfer outside EU |
| GitHub, Inc. | Source code hosting | USA | No user data flows there |
| Amazon Web Services, Inc. (AWS Rekognition) | Automated submission moderation (transitory analysis, no retention) | EU (eu-west-1 Ireland region) |
DPA + Standard Contractual Clauses |
We don't sell, rent, or assign personal data to third parties for commercial purposes. Period.
6. International transfers (outside the EU)
Some of our sub-processors are headquartered in the United States (Discord, Cloudflare, Neon). Whenever data may be transferred outside the EU, we rely on the Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914), incorporated into each provider's DPA.
To minimize transfers in practice:
- The Cloudflare R2 buckets where submission images are stored are configured in the EU jurisdiction: the actual image bytes do not leave the European Union.
- The Neon database lives in the
EU-Centralregion (Frankfurt, Germany): contest content, votes, and configuration stay in the EU. - The Hetzner VPS running the bot is in Germany: no transfer outside the EU for the bot layer.
- Discord, however, is a US platform — that's not something we can change. But by using Discord, you've already accepted Discord's privacy policy, which covers those transfers under their own SCCs.
If you'd like more details on the safeguards in place for transfers, write to us.
7. How long we keep your data
| Category | Retention period |
|---|---|
| Active user account (you log in or use the bot) | As long as your account / bot session is active |
| Server configuration (contests, settings, roles) | As long as the bot is in the server |
| Submissions and votes for a contest | Until the contest is deleted, or kept indefinitely as a podium archive (early deletion on request) |
| Inactive accounts (no interaction with the bot for 2 years) | Automatically purged |
| Session cookies | 7 days rolling |
| Locale cookie | 1 year |
| Server logs (logs, hashed IP) | 30 days |
| Backups (rolling) | 30 days |
When you remove the bot from a server, all data tied to that server (contests, submissions, votes, bans, stored images) is automatically deleted within seconds of the bot leaving. This wipe is triggered by the Discord GUILD_DELETE event on the bot side. If you'd like to delete only your personal data within a server with other users' data (rather than wiping the whole server), just write to us.
8. Your rights
GDPR gives you seven rights over your data. Here's what each one means in practice and how to exercise it.
8.1 Right of access (Art. 15)
You can pull a full copy of every piece of data we hold about you yourself, with no email and no waiting period.
Command: /account export, on any server where PodiumBot is present. The bot replies to you directly in Discord with an ephemeral JSON file (only you can see it — no one else on the server gets a peek). The export is keyed on your Discord ID and includes:
- Your user profile as we store it
- Every submission you've ever made (title, description, the R2 image URL, metadata, parent contest)
- Every vote you've cast (rating, target submission, contest, timestamp)
- Every contest you've created, with full configuration (name, description, schedules, channel, settings)
- Every report you've filed on other submissions
- Every per-contest ban that targets you (reason, moderator, timestamp)
This is the same JSON that doubles as your portability format (see §8.5).
If for some reason you can't access a server with the bot, email us at contact@podiumbot.app from the address linked to your Discord account (or otherwise prove your Discord identity). We respond within 30 days.
8.2 Right to rectification (Art. 16)
Your Discord profile (username, avatar) is the source of truth: we don't keep a frozen copy on our side, we fetch this info from Discord on the fly. So if you change your username or avatar on Discord, it updates on PodiumBot automatically.
If a piece of data you entered through the bot is inaccurate (submission title, description), you can edit it yourself via the bot's commands, or write to us.
8.3 Right to erasure / "right to be forgotten" (Art. 17)
You can wipe all of your data yourself, with no email and no waiting.
Command: /account delete, on any server where PodiumBot is present. The bot shows you a summary of exactly what's about to disappear and asks for an interactive confirmation (a button to click). Until you click, nothing is touched. Once confirmed, the deletion is immediate and final — no grace period, no trash bin, no undo.
What gets deleted on confirmation:
- Every submission you've made, in every contest, on every server
- Every R2 image attached to those submissions (the files are erased from object storage, not just dereferenced)
- Every vote you've cast
- Every report you've filed on other submissions
- Your
Userrow in our database — so no trace of your Discord ID remains on our side
Special case — contests you created: they stay in place. A contest belongs to the server (its community), not to the person who originally created it. The createdById link that tied you to those contests is anonymised (set to null). The contest carries on as a contest with no identified author.
Special case — bans against you: if a moderator banned you from a contest (ContestBan), that row is not deleted. This is an explicit carve-out under GDPR Art. 17(3)(c): we have a legitimate interest in keeping a banned user from coming back clean simply by deleting their account and re-joining. We keep only the targeted Discord ID and the reason — nothing else.
If you can't reach the command for some reason (e.g. the bot is no longer on any server where you are), email us at contact@podiumbot.app. We'll perform the deletion manually within 30 days, except where a legal obligation requires us to retain something specific.
Note: if you participated in a public contest that's already finished, the podium message may remain visible on the Discord server even after we've deleted your data on our side — we don't control display on Discord's end. But the underlying data is gone from our systems.
8.4 Right to restriction of processing (Art. 18)
You can ask us to freeze processing (not delete, but stop using) — for example while we verify a rectification request. Just write to us.
8.5 Right to data portability (Art. 20)
The JSON produced by /account export (see §8.1) is structured, machine-readable, and directly reusable to move your data to another service. It's our default portability format — covering both your right of access and your right to portability through a single command.
8.6 Right to object (Art. 21)
You can object to processing based on legitimate interest (moderation, security). In practice, since we have no "marketing" legitimate interest and the only relevant processing is moderation and security, objecting often amounts to leaving the service — but you can always reach out and we'll look into your case.
8.7 Right to lodge a complaint with the supervisory authority
If you're not satisfied with our response, you can complain to the French data protection authority:
CNIL — 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, France www.cnil.fr
But please try us first — we act in good faith and take every request seriously.
9. Security
We take security seriously, because a data leak is bad for everyone. Concrete measures:
- HTTPS everywhere, TLS 1.3 enforced via Cloudflare
- All secrets in environment variables, never committed to source code
- Encrypted session cookies (
iron-webcrypto, AES-256 sealed) - No passwords stored — authentication is fully delegated to Discord OAuth
- TLS-encrypted database connections, IP-restricted at the Neon level
- SSH access to the VPS via key only, password authentication disabled, fail2ban + UFW in place
- Automatic security updates (
unattended-upgradeson Linux) - Regular encrypted backups, 30-day retention
No system is 100% bulletproof, but we do our best, and in the event of a data breach we follow the legal procedure: notification to the CNIL within 72 hours and notification to affected individuals if the risk is high (GDPR Art. 33-34).
10. Cookies
PodiumBot uses only functional cookies. No tracking cookies, no analytics cookies, no advertising cookies. That's why you didn't see an "Accept / Reject" banner — there's nothing to accept beyond what's strictly necessary.
| Name | Type | Purpose | Lifetime | Legal basis |
|---|---|---|---|---|
pb_session |
Functional — strictly necessary | Keep your session open on podiumbot.app after Discord OAuth login; AES-256 encrypted | 7 days | Performance of contract (Art. 6(1)(b)) — consent-exempt |
pb_locale |
Functional | Remember your language preference (fr or en) |
1 year | Legitimate interest (Art. 6(1)(f)) — consent-exempt |
You can delete these cookies anytime via your browser, but without pb_session you'll be logged out, and without pb_locale the language will fall back to the one detected from your browser.
11. Children
PodiumBot is built on top of Discord. Discord's Terms of Service require a minimum age of 13 years (and 16 years in some EU countries — e.g. France, for GDPR consent of minors without parental consent). We rely on the age check Discord performs at signup: if you can use Discord, you can use PodiumBot.
We don't knowingly collect data from people below the minimum age. If you're a parent or guardian and you believe a child too young is using our service, write to us at contact@podiumbot.app — we'll take appropriate action (data deletion).
12. Changes to this policy
The service evolves, the law evolves, so this policy may evolve too. When we make material changes (a new sub-processor that changes an international transfer, a new purpose, a longer retention period…), we'll let you know:
- By email, if we have an address to reach you
- In-app on podiumbot.app and/or via a Discord bot announcement
- With a 30-day notice before material changes take effect
For minor changes (rewording, URL update, typo fix), we simply update the "Effective…" date at the top of this page.
The history of previous versions is available on request at contact@podiumbot.app.
13. Contact and remedies
For any question, rights request, or just curiosity:
Email:
contact@podiumbot.appTag your subject with[Privacy]so we handle it fast.Postal address:
254 rue Vendôme, 69003 Lyon, France
To file a complaint with the French supervisory authority:
CNIL — 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, France https://www.cnil.fr
Thanks for using PodiumBot. We work hard to keep this service simple, clean, and respectful of your privacy.