Privacy Policy

Last updated: December 29, 2025

This Privacy Policy describes Moddy's practices regarding the collection, use, storage, and protection of personal data, in compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

Moddy

For any requests or questions, please refer to section 12 "Contact" at the end of this document.

When using our services, we automatically collect:

• Discord identifiers: user ID, server ID, channel ID
• Discord profile information: username, server name, avatars
• Email addresses: when provided for account creation or communications
• Logging data: error logs, technical information, command execution context
• Usage data: interactions with the bot, executed commands, system events

Some features collect data only when you actively use them:

• Saved messages: message content, metadata, attachments (URLs)
• Custom reminders: content, date, time and associated identifiers (maximum 10 per user)
• Inter-server messages: content, author, origin server, broadcast status
• Saved Discord roles: list of role identifiers (if module enabled)
• Moderation cases: sanctions, evidence, reasons, notes, complete history
• Ticket transcripts: customer support conversation records

• User attributes: BETA, PREMIUM, DEVELOPER, BLACKLISTED status
• Custom configuration: usage preferences, bot settings
• Server configuration: enabled modules, configured channels, custom prefixes

Through our payment provider Stripe, we process:

• Payment information: card number (tokenized), cardholder name, billing address
• Transaction history: amounts, dates, payment statuses
• Stripe identifiers: customer and transaction references

Important: Sensitive payment information (full card numbers, CVV) is never stored in our infrastructure. They are directly processed and secured by Stripe.

Our website may use:

• Technical cookies: necessary for website functionality
• Analytics cookies: Google Analytics to measure audience and improve our services
• Preference cookies: remembering your choices

You can configure your cookie preferences through your browser settings.

Your personal data is processed for the following purposes:

• Service provision: command execution, feature management, moderation
• Account management: authentication, user preferences, subscriptions
• Payment processing: transaction management, billing, fraud prevention
• Customer support: technical assistance, problem resolution, request handling
• Service improvement: performance analysis, error correction, new feature development
• Security: abuse prevention, suspicious activity detection, rule enforcement
• Legal obligations: response to authority requests, regulatory compliance
• Communications: essential notifications, service updates

We work with third-party service providers to deliver and improve our services. These providers process your data according to our instructions and are subject to strict confidentiality obligations:

• Railway: infrastructure hosting, PostgreSQL database and backend services
• Vercel: website hosting
• Discord: bot operating platform (automatic collection of identifiers and metadata)
• Sentry: error monitoring and performance (receives error logs with technical context)
• Stripe: payment processing, subscription management
• DeepL: linguistic translation service
• OpenAI: artificial intelligence services and natural language processing
• Google Analytics (if enabled): audience analysis and navigation statistics on our website

Data transmitted to the following third-party services is not anonymized: DeepL, OpenAI, and any other content processing service.

Discord identifiers may be anonymized during transmission, but the textual content you submit (queries, messages, translations) is transmitted as is to these services.

Some data sent to the OpenAI API may be used by OpenAI to train and improve its models, in accordance with their terms of use.

priority_high

Never include personal, confidential, or sensitive information in your queries to translation, AI, or content processing services. This includes, but is not limited to: passwords, banking information, medical information, confidential professional or personal documents.

All collected personal data is retained permanently until:

• Manual deletion performed by our technical team, or
• Explicit deletion request from you as part of exercising your right to erasure

We implement appropriate security measures to protect your personal data:

• Encryption in transit: all communications between our services use HTTPS/TLS protocol
• Encryption at rest: data encrypted in our databases according to Railway standards
• No local file storage: files are never stored on our servers; only URLs hosted by Discord CDN are retained

Access to your personal data is strictly controlled:

• Database access: reserved exclusively for Moddy developers and managers
• Support team: does not have direct database access but may consult certain information as part of customer support
• Stripe data: our team has no access to complete payment information stored by Stripe

Moddy never sells your personal data to third parties. Your information is only shared with service providers necessary for our platform's operation, in accordance with section 4 of this policy.

In case of a personal data breach likely to pose a risk to your rights and freedoms, we commit to:

• Notify the competent supervisory authority (CNIL in France) within 72 hours following discovery of the incident
• Inform you as soon as possible by email or via our Discord server
• Communicate the nature of the breach, measures taken, and recommendations to mitigate risks

Moddy never collects the following data categories:

• Personal passwords (except Discord authentication)
• Individual IP addresses
• Precise GPS geolocation data
• Discord private messages (except explicit saving via dedicated command)
• Web browsing history
• Address books or personal contacts
• Biometric data

In accordance with the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Right of access: obtain confirmation that your data is being processed and receive a copy
• Right to rectification: request correction of inaccurate or incomplete data
• Right to erasure (right to be forgotten): obtain deletion of your personal data
• Right to restriction of processing: request processing restriction under certain circumstances
• Right to data portability: receive your data in a structured, commonly used, and machine-readable format
• Right to object: object to the processing of your data for reasons relating to your particular situation
• Right to withdraw consent: when processing is based on your consent
• Right to lodge a complaint: file a complaint with the competent supervisory authority (CNIL in France)

We commit to responding to any request within a maximum period of one month from its receipt. This period may be extended by two additional months in case of a complex request, in which case you will be informed of this extension.

As part of providing our services, your personal data may be transferred and processed in countries outside the European Economic Area (EEA), particularly in the United States.

These transfers are made to the following providers: Railway, Vercel, Discord, Sentry, Stripe, DeepL, OpenAI, and Google (if Analytics enabled).

We ensure that these transfers are made in accordance with appropriate legal mechanisms provided by the GDPR, including:

• Standard Contractual Clauses (SCC) approved by the European Commission
• Adequacy decisions for certain countries
• Privacy Shield certifications or equivalents
• Provider-specific appropriate safeguards

Moddy reserves the right to modify this Privacy Policy at any time to reflect changes in our practices, services, or legal obligations.

Any substantial modification will be:

• Published on this page with an updated date
• Notified to users via our official Discord server and/or by email
• Effective immediately for new users, and after a reasonable notice period for existing users

We encourage you to regularly review this policy to stay informed about how we protect your data.

The processing of your personal data is based on the following legal grounds:

• Contract performance: provision of requested services (Article 6.1.b of GDPR)
• Consent: when you explicitly accept certain processing (Article 6.1.a of GDPR)
• Legitimate interest: service improvement, security, fraud prevention (Article 6.1.f of GDPR)
• Legal obligation: regulatory compliance, responses to authorities (Article 6.1.c of GDPR)

For any questions, requests regarding your personal data or this Privacy Policy:

• Email: hello@moddy.app
• Support (recommended): moddy.app/support

This includes: exercising your GDPR rights, information requests, legal and judicial requests, general privacy questions.

Supervisory authority (France):
Commission Nationale de l'Informatique et des Libertés (CNIL)
3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07
Phone: +33 1 53 73 22 22
Website: www.cnil.fr

By using Moddy services (Discord bot, website, and associated services), you acknowledge that you have read, understood, and accepted the terms of this Privacy Policy.

Effective date: December 29, 2025