Last updated: June 2025

1. Controller & Contact

The controller responsible for data processing through the Glacier service is the operator identified in our Legal Notice (Impressum). For privacy-related enquiries please contact us at:

inf.glacier@gmail.com

2. Data We Collect

We collect and process only data that is technically necessary to operate the Glacier Discord bot and associated web dashboard. Below is a comprehensive list of all data categories:

2.1 Discord Account Data

When you authenticate via Discord OAuth2, we receive your Discord user ID, username, discriminator (if applicable), avatar hash, and a list of guilds (servers) you have administrative access to. This data is provided by the Discord API and is necessary to identify you and display your servers in the dashboard.

2.2 Guild (Server) Configuration Data

For each server that adds Glacier, we store the guild ID and per-module configuration settings (e.g. enabled/disabled modules, channel assignments, role assignments, automod rules, welcome messages, etc.). This data is stored as JSONB objects in our PostgreSQL database.

2.3 Moderation & Audit Data

When moderation actions are taken through Glacier (warnings, bans, mutes, kicks, lockdowns), we store the action type, target user ID, moderator user ID, reason, and timestamp. Audit log entries are retained to allow server administrators to review moderation history.

2.4 Economy & Engagement Data

If a server enables economy or engagement modules, we store user-level data such as XP points, level, bank balance, daily streak count, and inventory items. This data is linked to the Discord user ID and guild ID combination.

2.5 Ticket Data

When ticket modules are used, we may store ticket transcripts (messages within the ticket channel), participant user IDs, and timestamps. If the AI Summary feature is enabled by a server administrator, the transcript text is sent to OpenAI’s API (gpt-4o-mini) for summarisation. The summary text is stored; the raw transcript sent to OpenAI is not retained by us after the API response is received.

2.6 Session & Authentication Data

When you use the web dashboard, we store a session cookie containing a session identifier. The session is backed by server-side storage and contains your Discord OAuth2 access token (encrypted), refresh token (encrypted), user ID, and session expiry. We also log your IP address and user-agent string for security and rate-limiting purposes.

2.7 Application & Form Data

If a server uses Glacier’s application/forms modules, submitted form responses (text answers, selected options) are stored linked to the applicant’s Discord user ID and guild ID.

2.8 Partner & Premium Data

If you or your server participates in Glacier’s partner or premium programme, we store your subscription status, tier, and associated metadata (e.g. payment reference - we do not store full payment details; payments are processed by third-party providers).

3. Legal Basis for Processing (GDPR Art. 6)

  • Contractual necessity (Art. 6(1)(b) GDPR): Processing your Discord ID and guild configuration is necessary to provide the bot service you or your server administrator requested.
  • Legitimate interest (Art. 6(1)(f) GDPR): Storing moderation logs and session security data serves our legitimate interest in maintaining a safe, abuse-free service.
  • Consent (Art. 6(1)(a) GDPR): Where optional features are enabled by a server administrator (e.g. AI ticket summaries), the administrator’s configuration constitutes consent on behalf of their server’s users.

4. Data Storage & Security

All persistent data is stored in PostgreSQL databases hosted on Railway (railway.app). Databases are protected by network-level access controls and require authenticated connections.

Data in transit is encrypted using TLS 1.2 or higher for all connections - between your browser and our dashboard, between our bot and the database, and between our services and third-party APIs (Discord, OpenAI).

OAuth2 tokens stored in session data are encrypted at the application level before being written to storage. Database backups are performed automatically by the hosting provider.

Access to production databases and infrastructure is restricted to the Glacier core team and requires multi-factor authentication.

5. Data Sharing & Third Parties

We share data with the following third parties only as described:

  • Discord Inc. - We interact with the Discord API to provide bot functionality. Your Discord data is subject to Discord’s own Privacy Policy.
  • OpenAI - When AI ticket summary is enabled, ticket transcript text is sent to OpenAI’s API for processing. OpenAI does not use API data for training purposes.
  • Railway (railway.app) - Our hosting infrastructure provider.

We do NOT sell, rent, or trade your personal data to any third party. We do NOT use advertising or tracking services.

6. Cookies

We use a single, strictly necessary session cookie to maintain your authenticated session on the web dashboard. This cookie contains only a session identifier and expires when the session ends or after a set period of inactivity. We do not use tracking cookies, advertising cookies, or any third-party cookie services.

7. Your Rights (GDPR Art. 15–22)

Under the General Data Protection Regulation, you have the following rights:

  • Right of access (Art. 15) - You may request a copy of all personal data we hold about you.
  • Right to rectification (Art. 16) - You may request correction of inaccurate data.
  • Right to erasure (Art. 17) - You may request deletion of your personal data. Removing the bot from a server stops all data collection for that server.
  • Right to restriction (Art. 18) - You may request that we restrict processing of your data.
  • Right to data portability (Art. 20) - You may request your data in a structured, machine-readable format.
  • Right to object (Art. 21) - You may object to processing based on legitimate interest.
  • Right to lodge a complaint - You have the right to lodge a complaint with a supervisory authority (in Germany: your state’s Landesdatenschutzbeauftragte/r).

To exercise any of these rights, email us at inf.glacier@gmail.com. We will respond within 30 days.

8. Data Retention

  • Guild configuration data is retained as long as the bot is a member of the server. When removed, data may be retained for up to 30 days, after which it is permanently deleted.
  • Moderation logs are retained indefinitely unless the server administrator or affected user requests deletion.
  • Economy and engagement data is retained as long as the respective module is active.
  • Session data expires automatically (typically within 24 hours of inactivity).
  • Ticket transcripts are retained as long as the server administrator has not deleted them.

9. Children’s Privacy

Glacier is not directed at children under the age of 13. We do not knowingly collect personal data from children.

10. International Data Transfers

Our infrastructure may be hosted in the US or EU. If data is transferred outside the EU/EEA, we ensure appropriate safeguards (e.g. Standard Contractual Clauses per GDPR Art. 46(2)(c)).

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced in our Discord server. Continued use constitutes acceptance.

12. Contact

For all privacy-related questions or data requests, contact us at inf.glacier@gmail.com or join our Discord server.

Legal Notice →Terms of Service →