1. Information We Collect

ProjectANTIDOGS processes the following data from Discord in real time to perform raid detection and moderation:

• Member events: User IDs, join timestamps, account creation dates, role assignments.
• Message events: Message IDs, channel IDs, message content (for similarity and spam analysis), links, mentions. Messages are processed in memory and are not stored permanently.
• Guild metadata: Server ID, server name, verification level, configured roles and channels.
• Moderation context: Actions taken (bans, timeouts, kicks), incident records, risk scores.

2. How We Use Information

All collected data is used exclusively for:

• Detecting coordinated raids, spam, and abusive behaviour in real time.
• Executing configurable automated moderation actions (timeouts, kicks, bans, quarantine).
• Presenting operational dashboards to authorised server administrators.
• Generating incident reports and audit logs for review.
• Improving detection accuracy through risk scoring and calibration.

3. Data Storage and Retention

• In-memory processing: Message content, join events and risk signals are processed in memory with short-lived sliding windows (typically 30–120 seconds). They are not written to persistent storage in their raw form.
• Incident records: When the Bot detects a raid or escalation, an incident record (containing user IDs, risk scores, timestamps and actions taken) may be persisted to the configured database for audit and review purposes.
• Audit logs: Administrative actions taken through the dashboard (login, rollout changes, reviews) are logged with timestamps and actor identity.
• No message archival: The Bot does not store, archive or export message content beyond the real-time analysis window.

4. Data Sharing

We do not sell, trade or share your data with third parties. Data processed by the Bot remains within:

• The Discord API (for executing moderation actions).
• The Bot’s own infrastructure (server/database where the Bot runs).
• Configured webhook endpoints (if the server administrator has set up alert webhooks).

5. Dashboard and OAuth

When using the optional dashboard with Discord OAuth verification, we request access to your basic Discord profile (user ID, username, avatar) solely to verify your identity against the access key configuration. We do not request access to your email, messages or friend list. OAuth tokens are used once for verification and are not stored.

6. Data Security

We implement reasonable security measures to protect data processed by the Bot, including:

• Access key hashing with timing-safe comparison.
• Session tokens signed with HMAC-SHA256.
• Rate limiting on authentication attempts.
• Path traversal protection on the dashboard file server.
• Role-based access control for the dashboard with Discord identity verification.

7. Your Rights

As a server administrator, you can:

• Remove the Bot from your server at any time, which stops all data processing for that guild.
• Request data deletion by contacting the Bot operator. Incident records and audit logs associated with your guild will be removed.
• Configure allowlists to exclude specific users, roles or bots from monitoring.
• Review incidents through the dashboard and reclassify false positives.

8. Children’s Privacy

The Service is not directed at individuals under 13 years of age. We do not knowingly collect personal information from children under 13. Use of Discord is subject to Discord’s own age requirements.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Continued use of the Service after changes constitutes acceptance. Material changes will be communicated through the Bot’s support channels where feasible.

10. Contact

For questions or data-related requests about this Privacy Policy, contact the Bot operator via the Discord server where the Bot is installed or through the dashboard support channels.