Privacy Policy (GDPR)

This Privacy Policy explains how personal data is processed in connection with Glydebot ("Service").

1. Data Controller

The Operator acts as the Data Controller under Regulation (EU) 2016/679 (GDPR).

2. Categories of Personal Data

2.1 Account Data (Discord OAuth)

• Discord User ID
• Username and discriminator
• Avatar hash
• OAuth access and refresh tokens

We do not request or store your email address from Discord.

Purpose: Authentication and account management

Legal basis: Performance of contract

2.2 Guild Configuration Data

• Discord guild ID
• Guild name and icon
• AI settings and prompts
• Channel and role IDs

Purpose: Operation of ticketing system

Legal basis: Performance of contract

2.3 Ticket and Message Data

• Ticket number and metadata
• Discord user IDs of participants
• Message content
• Intake form responses
• AI responses
• Attachments metadata

Purpose: Providing support services

Legal basis: Performance of contract

2.4 Payment Data

Payments are processed by Stripe.

We store:

• Stripe session ID
• Payment amount and currency
• Subscription status
• Webhook payload (for accounting and verification)

Legal basis: Performance of contract and legal obligation (accounting)

Stripe Privacy Policy: https://stripe.com/privacy

2.5 AI Processing (OpenAI)

Ticket content and knowledge base data may be sent to OpenAI for processing.

OpenAI Privacy Policy: https://openai.com/privacy

Legal basis: Performance of contract

2.6 Analytics and Audit Logs

• IP address
• User-Agent
• Actions performed
• Guild ID
• User ID

Purpose:

• Security
• Fraud prevention
• Service improvement

Legal basis: Legitimate interest

2.7 Web Analytics (Google Analytics)

Our marketing website uses Google Analytics to understand how visitors use our site. We only load Google Analytics after you consent via our cookie banner. Data collected may include:

• IP address (anonymized where possible)
• Pages visited and time on site
• Device and browser information
• Referring source

Purpose: Analyzing website traffic and improving our marketing site

Legal basis: Your consent (via cookie banner)

Google Privacy Policy: https://policies.google.com/privacy

You may withdraw consent at any time by clearing your browser cookies and localStorage, or by choosing "Reject" when the cookie banner is shown again (e.g. in a new browser session).

3. Data Retention

We retain data:

• Account data: Until account deletion
• Tickets: Until deleted by server administrator
• Audit logs: 30–365 days depending on type
• Payment records: As required by accounting law

Data may be retained longer where legally required.

4. Data Sharing

We share data with:

• Discord (authentication and bot operations)
• OpenAI (AI response generation)
• Stripe (payments)
• Google (web analytics, only when you consent via cookie banner)
• Hosting infrastructure providers

We do not sell personal data.

5. International Transfers

Data may be processed outside the EU by subprocessors such as OpenAI, Stripe, or Google. Appropriate safeguards such as Standard Contractual Clauses (SCCs) are used where required.

6. Security Measures

We implement:

• Encryption in transit (HTTPS)
• OAuth authentication
• Role-based access control
• Internal API secrets
• Stripe webhook verification
• Audit logging

JWT tokens are stored in browser localStorage. Our marketing site uses a cookie consent banner; your choice (accept or reject analytics) is stored in localStorage and controls whether Google Analytics is loaded.

7. Your GDPR Rights

Under GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase data ("right to be forgotten")
• Restrict processing
• Object to processing
• Data portability
• Lodge a complaint with a supervisory authority

In the Czech Republic: Office for Personal Data Protection (ÚOOÚ)

8. Exercising Your Rights

To exercise your rights, contact:

[email protected]

We may require identity verification before fulfilling requests.

9. Changes to This Policy

We may update this Privacy Policy.

Material changes will be communicated via:

• Website
• Dashboard notification

10. Contact