Privacy Policy

1. Introduction

This Privacy Policy explains how Exile Bot ("we", "us", "our") collects, uses, and protects information when you use the Exile Bot Discord bot ("the Bot") or the Exile Bot web dashboard ("the Dashboard"). By using the Service, you agree to the collection and use of information as described in this policy.

This policy covers only data collected and stored by the Exile Bot platform. It does not cover data collected by Discord, DHGames, or any other third party.

2. Data We Collect

When you or your server uses the Service, we may collect and store the following information:

• Discord User ID — your unique identifier on Discord, used as the primary key across all user records. • Discord Username and Avatar — stored at login time and refreshed on each subsequent login. Used to display your profile in the Dashboard. • Server Membership — which Discord servers you are a member of, and your permission level in each (owner, moderator, or member). Used to determine Dashboard access. • XP and Level — your accumulated experience points and level within each server where the levelling system is enabled. Earned through participation in those servers. • Credit Transactions — a log of credit purchases and premium command usage associated with each server. Stored for audit and billing purposes. • Server Configuration — settings chosen by server administrators (enabled commands, premium role IDs, word reactions, custom commands). This is server data, not personal data.

We do not collect passwords, email addresses (unless voluntarily submitted for support), real names, or payment card details.

3. How We Use Your Data

We use the data described above solely to provide and improve the Service:

• To authenticate you via Discord OAuth and grant appropriate Dashboard access. • To track your XP and level within servers that have the levelling system enabled. • To enforce credit balances and maintain an audit trail of premium command usage. • To allow server administrators to configure the Bot through the Dashboard.

We do not sell your data to third parties. We do not use your data for advertising or profiling purposes.

4. Data Retention

User data is retained for as long as you or your server actively uses the Service.

• If the Bot is removed from a server, the server's configuration and credit balance are retained indefinitely to allow for re-installation. You may request deletion of server data at any time (see Section 6). • XP and level data for individual users is retained indefinitely while the levelling system is active in a server. • Credit transaction logs are retained indefinitely for billing and dispute resolution purposes.

You may request deletion of your personal data at any time (see Section 6).

5. Data Sharing

We do not share your personal data with third parties except in the following limited circumstances:

• Service Providers — we may use hosting and infrastructure providers who process data on our behalf, under contractual obligations to protect it. • Legal Requirements — we may disclose data if required to do so by law, court order, or governmental authority. • Discord API — some data (such as your avatar URL) is fetched from the Discord API on your behalf when you log in. Discord's Privacy Policy governs how Discord handles your data.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — you may request a copy of the personal data we hold about you. • Deletion — you may request that your personal data be permanently deleted. • Objection — you may object to certain processing activities.

How to submit a request: Data access and deletion requests are accepted by email only and must be sent from the email address linked to your Discord account. To find your Discord-linked email, check your Discord account settings under My Account.

Once we receive your email, we will send a one-time verification code to your Discord account via direct message. Reply to our email with that code to confirm your identity. Codes expire after 24 hours and can only be used once — if an incorrect code is submitted, a new one cannot be issued until the original expires.

Upon successful verification, your data will be deleted and you will receive a confirmation via Discord DM and email.

To submit a request, email us at exilebot@404mw.com. We will respond within 30 days.

7. Security

We take reasonable measures to protect your data against unauthorised access, loss, or disclosure. These include encrypted connections (HTTPS/TLS), environment-based secrets management (no credentials in source code), and access controls on the database.

No method of transmission or storage is completely secure. We cannot guarantee the absolute security of your data and encourage you to use strong Discord account security practices (two-factor authentication).

8. Children's Privacy

The Service is not directed at children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this page reflects when the policy was last revised. Significant changes will be announced in the Discord support server. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.