Privacy Policy

1. Introduction

KiwiBot ("we," "our," or "us") operates at https://kiwibot.app and is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Discord bot and related services (collectively, the "Services").

KiwiBot operates on the Discord platform and complies with Discord's Terms of Service and Privacy Policy. By using KiwiBot, you also agree to Discord's Privacy Policy and Terms of Service.

2. Information We Collect

When you authenticate with KiwiBot, we collect the following information from Discord:

• Discord User ID: Your unique Discord identifier
• Username and Display Name: Your Discord username and server-specific display name
• Email Address: The email address associated with your Discord account
• Avatar: Your Discord profile picture
• Server Membership: A list of Discord servers (guilds) where you and KiwiBot are both members

We also automatically collect certain technical information when you interact with our Services:

• Usage Data: Information about how you interact with KiwiBot, including commands used and interaction timestamps
• Log Data: Technical information such as IP addresses, browser type, and access times for security and diagnostic purposes

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Provision: To provide, operate, and maintain KiwiBot's features and functionality
• Authentication and Verification: To verify your identity and manage access to server-specific features
• Communication: To send you service-related notifications and respond to your inquiries
• Improvement and Analytics: To understand how users interact with our Services and improve functionality
• Security: To detect, prevent, and address technical issues, fraud, and abuse
• Legal Compliance: To comply with applicable laws, regulations, and legal processes

4. Legal Basis for Processing (GDPR & UK)

For users in the European Economic Area (EEA) and United Kingdom, we process your personal data based on the following legal grounds:

• Consent: You have given explicit consent for us to process your data for specific purposes
• Contract Performance: Processing is necessary to provide the Services you have requested
• Legitimate Interests: Processing is necessary for our legitimate interests in operating and improving our Services, provided these interests do not override your rights
• Legal Obligation: Processing is necessary to comply with legal requirements

5. Data Retention

We retain your personal information for as long as you remain a member of at least one Discord server where KiwiBot is present.

After you are no longer in any server with KiwiBot, we will retain your data for a maximum of 6 months. This retention period allows for:

• Resolving any outstanding issues or disputes
• Complying with legal obligations and record-keeping requirements
• Preventing fraud and abuse
• Allowing you to rejoin servers without needing to re-authenticate immediately

After the 6-month period, your personal information will be permanently deleted from our systems, except where we are legally required to retain it for longer periods (e.g., for tax, accounting, or legal purposes).

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

• Discord Server Administrators: Basic information necessary for server moderation and management may be visible to server administrators
• Service Providers: We may share data with third-party service providers who assist us in operating our Services (e.g., hosting providers, analytics services). These providers are contractually obligated to protect your data
• Legal Requirements: We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, property, or safety
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity

7. Your Privacy Rights

Depending on your location, you have the following rights regarding your personal data:

For All Users:

• Access: You can request a copy of the personal information we hold about you
• Correction: You can request that we correct inaccurate or incomplete information
• Deletion: You can request that we delete your personal information

For GDPR & UK Users (EEA & UK):

• Portability: You can request a copy of your data in a machine-readable format
• Restriction: You can request that we restrict processing of your data in certain circumstances
• Objection: You can object to processing based on legitimate interests
• Withdraw Consent: You can withdraw consent at any time where processing is based on consent
• Lodge a Complaint: You can file a complaint with your local data protection authority

For New Zealand Users:

• Correction: You have the right to request correction of inaccurate personal information under the Privacy Act 2020
• Complaint: You can file a complaint with the Office of the Privacy Commissioner

For California Residents (CCPA):

• Know: You have the right to know what personal information we collect, use, and disclose
• Delete: You have the right to request deletion of your personal information
• Opt-Out: You have the right to opt-out of the sale of your personal information (Note: We do not sell personal information)
• Non-Discrimination: You have the right not to be discriminated against for exercising your privacy rights

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below.

8. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Secure hosting infrastructure

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from those in your jurisdiction.

When we transfer personal data from the EEA or UK to other countries, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions recognizing the receiving country has adequate data protection laws

10. Children's Privacy

Our Services are not intended for individuals under the age of 13 (or the minimum age required in your jurisdiction to consent to data processing). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately, and we will take steps to delete such information.

For users aged 13-16 in the EEA and UK, parental consent may be required under GDPR. For users under 16 in New Zealand, we may require parental consent in certain circumstances.

11. Discord Integration and Third-Party Services

KiwiBot is a Discord bot application that operates on Discord's platform. As such, your use of KiwiBot is subject to both this Privacy Policy and Discord's own policies:

• Discord's Privacy Policy: Discord collects and processes data according to their Privacy Policy. This includes data about your Discord account, messages, and activities on the Discord platform.
• Discord's Terms of Service: Your use of Discord and Discord bots (including KiwiBot) is governed by Discord's Terms of Service.
• Data Sharing: When you authenticate with KiwiBot, you authorize Discord to share certain information with us as described in Section 2 of this Privacy Policy. Discord controls this data sharing process through their OAuth system.
• Platform Compliance: We comply with Discord's Developer Terms of Service and Discord's policies regarding bot development and data handling.

Our Services may also contain links to other third-party websites or services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated Privacy Policy on this page with a new "Last Updated" date
• Sending a notification through Discord or email (where applicable)

Your continued use of our Services after any changes indicates your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For users in the EEA or UK, you may also contact your local data protection authority if you have concerns about how we handle your personal data.