Privacy Policy

Effective date: 2026-03-11

1. Overview

This Privacy Policy describes how CheeseBot ("the Service") processes information when you use the Discord bot or the companion web portal.

2. Information We Process

• Discord OAuth data: Discord user ID and username, collected when you authenticate via Discord OAuth to access the web portal.
• Fish spot submissions: fish names, locations, rarity values, optional remarks, an optional submitter display name, and screenshots submitted via the portal or the /fishsubmit bot command. Submitted content becomes the property of CheeseBot upon submission. Display names are provided voluntarily and may be shown publicly alongside submissions.
• Vote records: which Discord user ID cast an up or down vote on which proposal, used to enforce one vote per user, compute net scores, and determine proposal visibility.
• Contract renewal data: Discord usernames and contract expiration dates read from Google Sheets configured by guild admins. This data is accessed solely to determine when to send DM reminders and is not stored beyond a log entry confirming the reminder was sent.
• Reminder delivery records: when a contract renewal DM is sent, a record is stored containing the guild ID, Discord user ID, Discord username, reminder type, expiration date, and send timestamp. This is used for deduplication to prevent duplicate reminders.
• Reminder opt-out preferences: when a member uses /reminder-optout in a server, their guild ID, Discord user ID, and the opt-out timestamp are stored. This record is used solely to suppress future reminder DMs for that server. Opt-outs are per-server and can be reversed at any time with /reminder-optin.
• Attendance records: when /attendance is used, the event name, voice channel name, and the Discord user ID, display name, and username of the requester and all non-bot members present in the channel at the time of capture are stored. This data is accessible to server admins via the web portal attendance history view.
• World boss schedule data: publicly available calendar data retrieved from a configured Google Calendar iCal feed. No personal data is involved.
• Technical logs: limited operational logs for security, diagnostics, and service reliability.

The Service does not intentionally collect sensitive personal information such as financial data, government-issued identification numbers, or precise geolocation data.

3. How Information Is Used

• To authenticate users via Discord OAuth.
• To allow authenticated Discord users to submit fish spot proposals, cast up or down votes, and have their submissions surface in Discord search results.
• To allow designated fish admins to review, approve, and reject proposals.
• To provide Fish Locator, world boss timer, and attendance tracking functionality via Discord bot commands.
• To display attendance history and participant details to authorized server admins via the web portal.
• To maintain, secure, and improve the Service.

The Service processes only the minimum data necessary to provide its functionality.

4. Third-Party Services

• Discord: Used for authentication and bot functionality via Discord APIs. Authenticating grants the Service access to your Discord user ID and username only (the identify scope — no access to your servers, messages, or guild memberships).
• Google Sheets: Used by guild admins to store member contract expiration data. CheeseBot accesses sheets via a Google service account with read-only permission, solely to check expiration dates and send reminders. The Service does not store sheet data beyond the reminder delivery record described above.
• Google Calendar: Used to retrieve publicly available world boss schedule data via iCal feed.
• Hosting providers: Infrastructure providers may process data solely for hosting and operational purposes.
• OpenAI (optional): If AI-enhanced features are enabled, limited text input may be sent to the OpenAI API to generate responses. This is optional and dependent on configuration.

5. Data Sharing

CheeseBot does not sell personal data. Information is shared only as required to operate the Service (e.g., Discord APIs, hosting providers) or as required by law.

6. Data Retention

Submitted content and vote records are retained as long as necessary to operate and improve the Service. Because submitted content becomes the property of CheeseBot, deletion requests for individual submissions may not result in removal from the Service or archival backups. Operational backups may retain data for a limited period consistent with standard disaster recovery practices.

7. Security

Reasonable administrative and technical safeguards are used to protect stored data. However, no system can guarantee absolute security.

8. Your Choices

• You may revoke the application's Discord OAuth access at any time via your Discord account settings (Authorized Apps).
• Revoking access prevents future logins but does not automatically delete previously submitted content.
• You may opt out of contract renewal reminder DMs for any server at any time by using the /reminder-optout slash command in that server. You can re-enable reminders with /reminder-optin. Opt-out preferences are per-server and take effect immediately.

9. Data Deletion Requests

You may request deletion of personal account-related data (such as your stored Discord user ID and associated OAuth records) by contacting privacy@cheesebot.io and including your Discord user ID. Requests will be reviewed and processed within a reasonable timeframe. Deletion of community-submitted content that has been incorporated into shared resources may not be guaranteed.

10. Children's Privacy

The Service is not directed toward individuals under the minimum age required by Discord's Terms of Service.

11. Changes to This Policy

This policy may be updated from time to time. Updates become effective when posted at this URL.

12. Contact

Privacy inquiries: privacy@cheesebot.io