Home
FeaturesCommandsLeaderboardsAnalyticsPremium
ResourcesAboutChangelogFAQ
DashboardLogin with Discord

Privacy Policy

We make use of certain data to ensure that the bot functions well. You can find out about it here.

Effective as of the 19th of May 2026.

1. Introduction

This Privacy Policy describes how Pandora (the "Bot"), provided by Thomas Elston-King (the "Controller") via https://github.com/thomasking-web/pandora, collects, uses, discloses, retains and protects Personal Data in connection with the Bot's operation on the Discord platform. This Policy applies to data collected when you use the Bot on Discord servers (also known as "guilds"), or interact with the Bot via direct messages. By using the Bot, you acknowledge that you have both read and understand this Policy.

2. Scope & Controller

  • Controller: Thomas Elston-King. Contact us via our Discord Server.
  • Scope: Applies to all data processed by the Bot in the course of providing features (polls, trivia, giveaways, games, moderation helpers, and other interactive capabilities).

3. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on Personal Data (collection, storage, use, disclosure, deletion).
  • Service Providers / Processors: Third parties engaged to provide infrastructure, hosting, logging, database, or API services used by the Bot (e.g., Discord, MongoDB hosts, public trivia APIs).

4. Categories of Data Collected

We collect the following categories of data when necessary to provide features:

  • Discord identifiers and profile metadata: user ID, username, guild ID, channel ID. Used to attribute actions and deliver responses.
  • Command inputs and content: text and structured inputs provided to slash commands and options (e.g., poll questions, poll options, trivia category/difficulty, amounts).
  • Interaction data: button presses, reaction data, poll votes, ephemeral inputs required to run features and determine outcomes.
  • Message references and metadata: message IDs, timestamps, channel references and content required for fallback flows (e.g., fallback poll messages when native polls are unavailable). The Bot stores message IDs and references as needed to update or finalise interactions.
  • Operational logs and diagnostics: timestamps, error traces, stack traces, basic usage metrics to diagnose and improve service reliability. These logs may include identifiers for troubleshooting.
  • External content: Questions and answers retrieved from public APIs (e.g., OpenTDB). We store only the parts required for gameplay; we do not create profiles from that content.

What we do not collect (unless you explicitly include them in a command): payment information, passwords, private keys, or secrets.

5. Sources of Data

  • Directly from Discord when you interact with the Bot (commands, interactions).
  • Public third‑party APIs used for features (OpenTDB or equivalent for trivia content).
  • From Bot-maintained persistent storage (MongoDB) created by the Bot to maintain state.

6. Purposes of Processing & Legal Basis

We process Personal Data for the following purposes:

  • Provision of services and features: to run polls, trivia, games, giveaways, and other requested features. (Legal basis: performance of a contract/your request to use the service.)
  • Feature persistence and scheduling: to persist poll and giveaway state (message IDs, options, endsAt timestamps) so results can be posted and reconciled. (Legal basis: legitimate interest to maintain service operation.)
  • Abuse prevention, moderation, and enforcement: to implement limits (e.g., single-vote enforcement), detect misuse, and apply configured moderation. (Legal basis: legitimate interest in protecting the Bot and community.)
  • Troubleshooting and service improvement: to log errors, performance data, and diagnostic information. (Legal basis: legitimate interest.)
  • Legal compliance: to respond to legal requests and obligations (e.g., subpoenas). (Legal basis: compliance with legal obligations.)

If your jurisdiction requires additional consents, your use of the Bot’s features constitutes your consent to processing as described.

7. Data Retention

  • Transient operational data required to run an interaction is kept only as long as necessary to complete the operation.
  • Persistence data (polls/giveaways) is stored until a poll/giveaway is completed and results are posted; thereafter such records are removed from primary storage unless backup/retention configuration requires otherwise.
  • Diagnostic logs and backups may be retained for a limited period to support debugging and incident investigation; retention periods depend on hosting and backup configuration. If you require deletion of records associated with your user ID, see Section 11.

8. Sharing and Disclosure

  • The Bot does not sell Personal Data.
  • The Bot may disclose Personal Data to: service providers (hosting, database, logging) who process data on behalf of the Controller; Discord (as the platform); public APIs (e.g., OpenTDB) for trivia content. Such processors are contractually bound to maintain confidentiality and security.
  • The Controller may disclose data in response to lawful requests by public authorities, to enforce agreements, or to protect rights, property, or safety.

9. Third-Party Services

  • Discord: the Bot uses Discord APIs for identity, messaging, and interactions. Discord’s own privacy policy applies to Discord’s processing.
  • MongoDB: used for persistence of polls, giveaways, and state. Data stored includes IDs, message references, option lists, and scheduling timestamps.
  • Third-party content APIs: e.g., OpenTDB for trivia content; the Bot fetches and uses content from these services.
  • Hosting / Logging / Monitoring providers: may store runtime logs and service metrics.

Always review third-party providers’ privacy policies when you require stricter controls.

10. International Transfers

Data may be transferred to, and processed in, jurisdictions other than your own (e.g., cloud hosts outside the UK and EEA). If you are subject to data transfer restrictions, contact the Controller to discuss protections; otherwise transfers proceed under the hosting and vendor contractual terms.

11. Your Rights and Choices

Subject to applicable law, you may have certain rights concerning your Personal Data, including: access, correction, deletion, restriction of processing, objection, and portability. To exercise these rights:

Run the bot command /removemydata - this will automatically remove all data associated with your account ID. Please note this may result in certain unexpected outcomes, such as: bans not ending (if we remove logs of you being banned from our Database, the Bot will never unban you), loss of economy stats, and so forth.

You must be sure before running this command.

For California residents: you may have additional rights under CCPA (access, deletion, opt-out of sale — the Bot does not sell data).

12. Security

Reasonable administrative, technical, and physical measures are used to protect data from unauthorised access, disclosure, alteration, or loss. Access to stored data is limited to the Bot process and authorised maintainers. However, no system is perfectly secure; if you become aware of a suspected breach affecting your data, notify the Controller via the repository.

13. Children

The Bot is not directed to children under 13. If you are under the minimum age in your jurisdiction, do not use the Bot. If the Controller becomes aware that Personal Data of a child under the applicable minimum age was collected without consent, the Controller will take steps to delete the data.

14. Automated Decision Making

The Bot does not make legally binding automated decisions about users. Any automated selection (e.g., random trivia question selection) is limited to operational behaviour and does not evaluate individuals in a way that produces legal effects.

15. Data Breach Notification

In the event of a security breach affecting Personal Data, the Controller will follow applicable notification requirements and will notify affected parties in a timely manner via their Discord direct messages, where required by law.

16. Changes to This Policy

This Policy may be revised occasionally. Material changes will be via the Bot’s Discord server. The Effective Date at the top of this page is the last revision date.

17. Governing Law and Jurisdiction

To the extent permitted by law, claims arising under this Policy are governed by the applicable law of the Controller’s jurisdiction (United Kingdom, England). Specific legal remedies vary by country and state.

18. Contact Information

For privacy requests, deletion requests, questions, or complaints, contact the Staff Team via the Discord Server. Create a ticket with the /ticket create command.
If you are a UK resident and remain unsatisfied with how we handle your Personal Data or respond to your enquiries, you have the right to lodge a complaint at any time with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

19. Practical Guidance for Server Owners and Users

  • To stop data collection by the Bot in a server, remove the Bot from the server or restrict its permissions. Note that removing permissions may render some features inoperative.
  • For permanent deletion of user-related records generated by server features (poll entries, saved preferences), provide the server ID and user ID in a deletion request as described above.
  • For server-wide data deletion you will need to provide evidence of you either owning the server the bot is in or having appropriate authority to make executive decisions.