Privacy Policy
Last updated: March 18, 2026.
This Privacy Policy explains what data CardGames Bot processes, why it is processed, and how server administrators can request deletion.
1) Data We Process
- Discord IDs: user ID, guild ID, channel IDs required for bot features.
- Gameplay data: level, XP, souls, packs opened, card inventory and profile progress.
- Server configuration: setup channels, economy values, rarity settings, and automation rules.
- Operational telemetry: limited API error traces and command health metrics for stability.
We do not intentionally store private DMs, message content, payment card data, or account passwords.
2) Why We Process Data
- To provide core gameplay features (leveling, packs, inventory, minigames).
- To allow server admins to configure and moderate the bot from the dashboard.
- To detect abuse, troubleshoot errors, and improve service reliability.
3) User-Generated Content (Cards/Images)
- Admins may submit card names, descriptions, and image URLs.
- Inputs are sanitized and validated server-side to reduce injection risk.
- Image URLs are restricted to approved hosts and direct image formats.
- Obvious NSFW markers and malicious patterns are blocked when detected.
Automated checks are best-effort and not perfect. Server owners remain responsible for content they submit.
4) Security Measures
- Authenticated dashboard access tied to Discord admin permissions.
- Rate limiting on read/write endpoints to reduce abuse.
- Input validation for IDs, URLs, numeric fields, and mutation payloads.
- Security headers (CSP, no-sniff, frame protections, transport hardening).
5) Data Retention
Data is retained while the bot remains active in a server and for operational continuity, unless deletion is requested by an authorized server admin.
6) Data Deletion Requests
Authorized server administrators can request deletion of server data or specific user gameplay data. Requests should include guild ID and proof of admin ownership.
Contact: replace this with your official support email or Discord support server invite before public launch.
7) Third-Party Services
The service depends on Discord APIs, MongoDB hosting, and image hosts (such as Imgur). Their own privacy policies also apply.
8) Policy Updates
This policy may be updated at any time. Continued use of the bot after updates means acceptance of the revised policy.