Privacy Policy
How we collect, use, and protect your data
Introduction
At Trustly, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Discord bot and related services. Please read this privacy policy carefully.
Key Principle: We only collect data necessary to provide our security services and never sell your personal information to third parties.
Information We Collect
Automatically Collected Information
When you use Trustly on your Discord server, we automatically collect:
- Discord server ID and basic server information
- User IDs of members who interact with the bot
- Message metadata (timestamps, channel IDs, but not message content unless flagged)
- Moderation actions taken (bans, kicks, warnings)
- Bot configuration settings and preferences
User-Submitted Information
We collect information you voluntarily provide:
- Ban reports and violation descriptions
- Custom automod rules and filters
- Support inquiries and feedback
- Configuration preferences
Security Database Information
For our Global Ban System, we collect:
- User IDs of flagged accounts
- Violation types and severity levels
- Ban timestamps and originating servers (anonymized)
- Evidence hashes for verification purposes
How We Use Your Information
We use the collected information for the following purposes:
- Service Delivery: To operate and maintain the bot's security features
- Threat Detection: To identify and prevent harmful actors across the platform
- Improvement: To analyze patterns and improve our AI moderation algorithms
- Support: To respond to your requests and provide customer support
- Legal Compliance: To comply with legal obligations and enforce our terms
- Communications: To send important service updates and security alerts
Data Sharing and Disclosure
Global Ban Database
When you ban a user for serious violations, anonymized information is shared with other servers using Trustly to provide network-wide protection. This includes:
- User ID (Discord's public identifier)
- Violation type and severity
- Ban timestamp
Server identities are never shared, and all data is encrypted in transit and at rest.
Third-Party Service Providers
We may share information with trusted service providers who assist us in:
- Cloud hosting and infrastructure (AWS, Google Cloud)
- Analytics and monitoring tools
- Customer support platforms
These providers are contractually obligated to protect your data and use it only for specified purposes.
Legal Requirements
We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:
- Comply with legal obligations
- Protect our rights, property, or safety
- Prevent fraud or abuse
- Respond to emergencies involving safety threats
Data Security
We implement industry-standard security measures to protect your information:
- Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access Controls: Strict role-based access with multi-factor authentication
- Regular Audits: Periodic security assessments and penetration testing
- Monitoring: 24/7 security monitoring and intrusion detection
- Data Minimization: We collect only what's necessary and delete data when no longer needed
Security Notice: While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of your data.
Data Retention
We retain your information for as long as necessary to provide our services:
- Active Server Data: Retained while the bot is active on your server
- Ban Records: Retained in the global database for 3 years or until successfully appealed
- Logs: Moderation logs retained for 90 days, security logs for 1 year
- Backup Data: Encrypted backups retained for 30 days
You may request deletion of your data at any time through our privacy portal or by contacting support.
Your Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data (subject to legal obligations)
- Portability: Request a copy of your data in a machine-readable format
- Object: Object to processing of your data for certain purposes
- Restrict: Request restriction of processing in certain circumstances
To exercise these rights, contact us at support@hugolabs.eu or visit our privacy portal.
Children's Privacy
Trustly does not knowingly collect personal information from children under 13 (or applicable age in your jurisdiction). Discord's Terms of Service require users to be at least 13 years old. If we become aware that we have collected data from a child under 13, we will take steps to delete it promptly.
International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:
- Standard Contractual Clauses approved by the European Commission
- Data Processing Agreements with all service providers
- Compliance with GDPR, CCPA, and other applicable regulations
Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by:
- Posting the updated policy on our website
- Sending an in-bot notification to server administrators
- Updating the "Last Updated" date at the top of this policy
Continued use of Trustly after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
- Email: support@hugolabs.eu
- Support Portal: soon
- Discord Server: discord.gg/u6hue2shjx
- Privacy Portal: soon