Back to Home

Privacy Policy

1. Information We Collect

PeakBot consists of two connected services: the PeakBot Dashboard (web application at peakbot.pro) and the PeakBot Discord Bot (added to your Discord server). The bot operates within Discord servers owned and administered by third parties. When added to a server, the bot reads, creates, modifies, and deletes server resources (channels, roles, messages, and permissions) on behalf of the server administrator. Each service collects different types of data.

1.1 Dashboard Data

  • Discord Account Data: Your Discord user ID, username, display name, avatar, email address, and guild (server) memberships. This data is provided through Discord OAuth2 using the identify, guilds, and email scopes.
  • Server Data: Server IDs, names, icons, channel lists, role lists, and member counts for servers where you use PeakBot.
  • AI Conversation Data: Messages you send to the PeakBot AI Builder, including your prompts, the AI responses, and the server plans generated during your sessions.
  • Usage and Cost Data: We log AI API usage for internal cost tracking, which includes your guild ID, user ID, the text of messages you send to the AI Builder, the AI model used, token counts, and processing costs.
  • Template Interaction Data: Your Discord user ID is recorded when you like, rate, report, or use a server template.
  • Analytics Data: We use Google Analytics 4 (GA4) to collect anonymized website usage data, including pages visited, session duration, device type, browser, and approximate location. GA4 may collect your IP address for geolocation purposes. See Section 9 for more details.

1.2 Discord Bot Data

When the PeakBot bot is added to your Discord server, it collects and stores the following data based on which features are enabled by the server administrator:

  • Server Configuration: All feature settings you configure through the dashboard (welcome and goodbye messages, moderation rules, XP settings, ticket setup, auto-responder triggers, notification accounts, reaction roles, polls, giveaways, events, verification flows, onboarding questions, inactive-kick rules, and other feature configurations). These are stored with your guild ID.
  • XP and Leveling Data: User IDs, XP amounts, levels, total message counts, voice channel minutes, and last activity timestamps for each member in servers with XP enabled.
  • Moderation Data: Warnings (including user ID, moderator ID, and reason text), moderation action logs (bans, kicks, mutes, warns, with user IDs, moderator IDs, reasons, and durations), and appeal submissions (user ID, appeal reason text, reviewer ID, and review notes).
  • AI Moderation Logs: When AI Moderation is enabled, the bot sends message content to the OpenAI Moderation API for category scoring (e.g. harassment, hate, sexual, violence). The category scores returned by OpenAI, the action the bot took, the user ID, channel ID, and a snippet of the offending message may be stored in our database for audit and review.
  • Ticket Data: Ticket records (user ID, ticket number, status, who claimed and closed the ticket), ticket form submissions (reporter username, display name, avatar URL, and form field answers), and ticket transcripts (complete message history of the ticket channel, including each message author, their user ID, avatar, full message text, timestamps, and attachment URLs).
  • Invite Tracking Data: Which user invited which other user, the invite code used, join and leave dates, whether the invite was flagged as fake, and manual invite adjustments (adjusted by whom, amount, reason).
  • Server Backups: Complete snapshots of your server structure, including all channels (names, types, positions, permission overwrites, topics), all roles (names, colors, permissions, positions), and all bot feature configurations and data tables. When a backup is restored, the bot creates, modifies, and reorganizes Discord channels, roles, and permissions in the server, and re-deploys bot messages (polls, giveaways, ticket panels, reaction role panels) to the appropriate channels.
  • Poll and Giveaway Data: Poll questions and options with individual vote records (user ID per vote), and giveaway entries (user ID, entry timestamp) and winner selections.
  • Event Data: Event details (title, description, times) and RSVP lists (user IDs of interested members).
  • Onboarding Data: User responses to server onboarding questions, stored with user ID and completion timestamp.
  • Verification Data: Verification session records, including the user ID, verification status, the answers a member submitted to verification questions, and the timestamp at which the user passed or failed.
  • Member Activity Data: User IDs with last active timestamps and activity type, used for inactive-member management and the inactive-kick feature.
  • Source Tracking Data: Which invite source or link brought each member to the server (user ID, source name, join and leave dates).
  • Anti-Raid and Security Data: Flagged account records (user ID, username, account age, action taken), raid logs (user ID, username, violation details), and temporarily locked channel permissions.

1.3 Bot Actions in Discord Servers

When added to a Discord server, PeakBot performs actions within the server on behalf of the server administrator. These actions include:

  • Creating, renaming, reordering, and deleting channels and categories
  • Creating, modifying, and deleting roles, and assigning or removing roles from members (including auto-roles on join, level rewards, reaction roles, booster roles, sticky roles, and Roblox-linked role grants)
  • Sending, editing, and deleting messages in server channels (welcome and goodbye messages, poll messages, giveaway announcements, ticket panels, reaction role panels, notification alerts, moderation log entries, AI Builder applied changes, Disboard bump reminders, and custom embed messages delivered via webhooks)
  • Managing channel permissions and permission overwrites for roles and individual members (including creating private ticket channels, locking channels during raids, and syncing permissions)
  • Creating temporary voice channels and deleting them when empty (Join-to-Create feature)
  • Kicking, banning, muting, and timing out members based on moderation rules, AI Moderation actions, anti-raid detections, inactive-kick sweeps, or administrator commands

2. How We Use Your Information

  • To authenticate your identity via Discord OAuth2 and manage your session
  • To provide the AI Server Builder, including sending your messages to AI providers for processing
  • To display and manage your Discord servers in the dashboard
  • To operate bot features you enable: moderation, AI moderation, XP and leveling, tickets, welcome and goodbye messages, invite tracking, giveaways, polls, events, auto-responders, voice channels, notifications, onboarding, verification, inactive-kick, server backups and restoration, embed delivery, Roblox account linking, and Disboard bump tracking
  • To enforce server rules through auto-moderation, AI moderation, and anti-raid protection
  • To track template likes, usage counts, and trending data
  • To monitor AI API costs and platform usage internally
  • To analyze website traffic and improve the Service via Google Analytics
  • To detect and prevent abuse or violations of our Terms
  • To analyze aggregated subscription events (plan upgrades, downgrades, cancellations, and reactivations) for product improvement, pricing research, and capacity planning. These analytics events are tied to your account but are reviewed in aggregate and are not sold or shared with third parties beyond the analytics providers listed in Section 3.

3. Third-Party Services and Data Sharing

We do not sell your personal data. To operate the Service, your data is shared with the following third-party providers:

  • Discord: We interact with the Discord API extensively to authenticate you, fetch your server data, and execute bot actions on your behalf. This includes reading and modifying server structure (channels, roles, permissions), sending and managing messages, moderating members, creating and deleting voice channels, managing webhooks, and restoring full server states from backups.
  • Anthropic (Claude API): Your AI Builder messages and conversation history are sent to Anthropic for AI response generation. Anthropic does not use API data to train its models.
  • Google (Gemini): Your AI Builder messages may be processed by Google Gemini as part of our analysis system. Google does not use API data to train its models.
  • OpenAI: OpenAI is used in two distinct ways. (a) Embeddings: your search queries are converted into numerical embeddings via OpenAI for our knowledge retrieval system. (b) Moderation: when AI Moderation is enabled in your server, message content is sent to OpenAI's Moderation API for category scoring. OpenAI does not use API data submitted through either endpoint to train its models.
  • Cohere: Your search queries are sent to Cohere to re-rank knowledge retrieval results for accuracy.
  • Pinecone: Vector embeddings generated by OpenAI are stored in Pinecone, a vector database service, to power the AI Builder's knowledge retrieval system. These embeddings are derived from documentation and help content, not personal user data.
  • Stripe: Payment processing for Pro subscriptions is handled by Stripe. We do not store credit card numbers. Stripe handles all payment data according to PCI DSS standards. See Stripe's privacy policy at stripe.com/privacy.
  • YouTube and Twitch: The bot checks YouTube RSS feeds and the Twitch API for stream and video notifications you configure.
  • Roblox: When a member uses the Roblox integration, the bot reads the public Roblox profile of the username they submit (description text and basic profile data) to confirm a verification code. We do not write to Roblox.

All AI providers listed above process your data solely to generate responses (or moderation scores) and do not use your data for model training through their API services.

4. Data Storage and Security

Your data is stored across the following systems:

  • PostgreSQL (Dashboard): AI usage logs (including message text, user IDs, and cost data) are stored in a PostgreSQL database on Railway for internal cost tracking and analytics.
  • PostgreSQL (Bot): All bot feature data is stored in a separate PostgreSQL database on Railway. This includes server configurations, XP and leveling data, moderation logs, AI Moderation audit logs, ticket records and transcripts, invite tracking, poll votes, giveaway entries, event RSVPs, server backups, onboarding responses, verification sessions, member activity, security logs, saved embeds, bot profile customisations, Roblox account links, Disboard bump history, webhook credentials, daily message count aggregates, and AI Builder plan versions.
  • Redis: Chat sessions, pipeline states, template analytics, AI cost tracking, OAuth tokens, rate limiting counters, and subscription plan caches are stored in Redis on Railway.
  • Server Memory: The bot temporarily caches guild settings, safety configurations, recent message content (for spam detection), voice session timers, invite counts, and message count buffers in server memory. These caches have short lifespans (30 seconds to 10 minutes) and are cleared automatically or when the bot restarts.
  • Your Browser: Your Discord auth token, user profile, chat history, and preferences are stored in your browser's local storage. This data never leaves your device unless sent as part of an API request.

All databases are hosted on Railway with encryption at rest. We use HTTPS for all data in transit. Authentication between our frontend and bot backend uses signed tokens and internal secrets. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

5. AI-Powered Features

PeakBot uses artificial intelligence in two distinct places: the AI Server Builder, and AI Moderation. When you interact with these features:

  • AI Builder: Your messages are sent to third-party AI providers (Anthropic Claude, and optionally Google Gemini) for processing. Up to 14 recent messages of conversation history are included for context, along with server structure data (channel names, role names, categories) so the AI can reason about your server. Your message text is logged to our database for cost tracking purposes.
  • AI Moderation: When enabled, message content sent in your server is forwarded to OpenAI's Moderation API for category scoring (harassment, hate, sexual, violence, self-harm, etc.). The bot acts on the returned scores according to the rules you configured.
  • AI-generated responses, plans, and moderation decisions may not always be accurate and should not be relied upon as professional advice. Server administrators are responsible for reviewing AI-suggested actions before applying them.
  • legal.privacy.s5.item4
  • legal.privacy.s5.item5

None of the AI providers use data submitted via their APIs to train their models.

6. Discord Bot Privileged Intents

The PeakBot Discord bot uses the following Discord privileged Gateway Intents to provide its features:

  • Server Members Intent: Required for welcome and goodbye messages, invite tracking, anti-raid detection (monitoring join velocity and account ages), member activity tracking, and inactive-member detection.
  • Message Content Intent: Required for auto-moderation, AI Moderation, spam detection, auto-responder triggers, XP per message tracking, ticket transcript generation, and Disboard bump detection. See Section 1.4 for details on how message content is handled.

7. Data Retention

We retain your data for the following periods:

Dashboard Data

  • AI chat sessions: Stored in Redis for up to 90 days, then automatically deleted.
  • Pipeline states: Stored in Redis for 30 minutes to 2 hours during active use.
  • AI cost logs: Stored in PostgreSQL indefinitely for internal analytics. These logs include your message text, user ID, and guild ID.
  • AI usage tracking: Per-guild monthly cost data is stored in Redis for 45 days.
  • Template likes and usage: Stored in Redis indefinitely while the Service is operational.
  • OAuth tokens: Stored in Redis for 7 days, then automatically deleted.
  • Browser local storage: Remains on your device until you clear your browser data or log out.
  • Google Analytics: Data is retained according to our GA4 configuration (default: 14 months).

Bot Data

  • Server configurations: Stored indefinitely until the server removes PeakBot or settings are manually deleted.
  • XP and leveling data: Stored indefinitely. Can be manually reset by server administrators.
  • Warnings: Subject to configurable automatic decay set by the server administrator. Warnings can also be manually removed.
  • Moderation logs and AI Moderation logs: Stored indefinitely for accountability and audit purposes.
  • Ticket records and transcripts: Stored indefinitely. Ticket transcripts contain full message history.
  • Invite tracking, source tracking, and member activity data: Stored indefinitely while the relevant feature is enabled.
  • Poll votes and giveaway entries: Stored until the poll or giveaway is deleted by the server administrator.
  • Server backups: Subject to a configurable maximum number of backups per server. When the limit is reached, the oldest backup is automatically deleted.
  • Anti-raid and security logs, onboarding responses, verification sessions, and Disboard bump history: Stored indefinitely.
  • Roblox account links: Stored until the user unverifies their account through the bot or until the server administrator deletes the link.
  • Webhook credentials and saved embeds: Stored indefinitely. Webhooks can be deleted by server administrators through the dashboard.
  • Message count aggregates: Daily per-server message counts stored indefinitely for analytics.

8. Data Deletion

When PeakBot is removed from a Discord server, cached data for that server is cleared from memory. Database records are retained unless deletion is specifically requested.

You can request deletion of your data by contacting us through our Discord support server. Server administrators can also delete specific data through the dashboard:

  • Reset XP and leveling data for individual users or the entire server
  • Delete individual warnings and moderation logs
  • Delete tickets and their transcripts
  • Delete server backups
  • Delete polls, giveaways, and events
  • Delete Roblox account links and webhooks created through PeakBot

9. Cookies and Tracking

PeakBot itself does not set cookies. However, we use Google Analytics 4 (GA4), which sets cookies in your browser to distinguish users and sessions:

  • _ga - Used to distinguish users. Expires after 2 years.
  • _ga_<ID> - Used to maintain session state. Expires after 2 years.

We also use browser local storage extensively to save your authentication token, user profile, chat history, preferences, and session data. This data is stored only on your device.

10. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (see Section 8)
  • Opt out of Google Analytics tracking by using the Google Analytics Opt-out Browser Add-on
  • Disable specific bot features through the dashboard to stop collection of that feature's data

To exercise these rights, please contact us through our Discord support server. We will respond to requests within 30 days.

11. International Data Transfers

Your data may be transferred to and processed in the United States, where our third-party service providers (Anthropic, OpenAI, Cohere, Pinecone, Stripe, Google, Railway) are based. By using the Service, you consent to the transfer of your data to the United States and other countries that may have different data protection laws than your country of residence.

12. Children's Privacy

PeakBot is not intended for users under 13 years of age, consistent with Discord's own age requirements. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information as quickly as possible.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the Service or via our Discord server. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact

If you have questions about this Privacy Policy or your data, please reach out through our Discord support server.