Privacy Policy

We only process data that is required to run the bot, provide translations, and manage your server settings. This also includes operational/error logs and short-lived caches to prevent abuse and keep latency low.

• Server and role IDs, channels, translation and verification options, and limits from your configuration (e.g., welcome flows, auto roles, logging).
• Operational and error logs contain metadata such as guild, channel, and user IDs, command names, locale, and message IDs. For critical errors the bot owner may be notified via DM with guild and user IDs.
• Language and timezone preferences plus poll- and ticket-related settings so responses and notifications use the right locale; language history is stored to respect your previous choices.
• For polls we store the poll message (ID), server and channel IDs, the question/answers, and submitted votes (user ID + option) to calculate results.
• For translations we calculate text length, derive a hash of the cleartext, and store the hash, detected language, and usage/cost metrics in caches and log tables. The cleartext is sent to the translation provider unless a cache is available.
• Support requests via email and subscription metadata (plan, limits) where required to provide and support the service.
• Contact and identity details of guild owners (e.g., owner ID, username/global name, avatar URL, DM channel ID) to reach out and manage the bot join process.
• Event templates and instances with title, description, channel and role IDs, announcement/reminder timings, target languages, plus reminder status and error history.

We only receive personal data from the following sources when you use the bot or dashboard:

• Directly from Discord via the Discord API (e.g., server, channel, role, and user IDs plus content sent for translation).
• Information you provide in the dashboard, such as settings, event copy, or support messages.
• Payment and subscription details from Stripe (e.g., status, subscription IDs, invoice metadata).
• Email or support communication when you contact us.

• Operating the Discord bot, including translations, welcome and verification flows, and polls. Legal bases: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in a reliable service).
• Abuse prevention and stability (rate limits, error logs, caches) to keep the service reliable. Legal basis: Art. 6(1)(f) GDPR.
• Communicating about support and billing requests and maintaining server and user settings. Legal bases: Art. 6(1)(b) and (f) GDPR.

• Configurations, user preferences, and poll data remain stored while your server uses the bot or until you remove them in the dashboard. Inactive server data is typically deleted after 12 months of inactivity.
• Translated content only lives in memory during processing; hash-based caches for language detection/translation expire automatically after a short period (typically 24 hours).
• Operational and error logs are typically stored for 30 days; security-relevant logs are kept for up to 90 days. Support communications are usually deleted 12 months after the case is closed.
• Billing and payment data (e.g., Stripe transactions, plans, and limits) are retained for statutory tax and commercial purposes, typically 10 years.

• Discord Inc. as the communication platform: slash commands, messages, and interactions are processed via the Discord API.
• Fly.io as the hosting environment (multi-regional setup with dedicated worker processes), Neon as Postgres database provider, and Upstash as Redis service for caching and locks. These vendors act as processors.
• External LLM provider (e.g., Groq) for language detection and translations. Message content may be transmitted for processing; hashes and usage metrics are stored for cache control and billing.
• Internal billing processes to sync plans and limits; errors and status codes are logged for monitoring.
• Data may be transferred to non-EU countries when services are hosted abroad. We rely on appropriate safeguards such as EU Standard Contractual Clauses (SCCs) and assess additional protections (e.g., transfer impact assessments, encryption).

We use organisational and technical measures to protect your data:

• Encrypted data transmission (TLS) and secure access paths to databases and APIs.
• Access controls based on need-to-know and role-based permissions.
• Security-relevant logging and monitoring to detect abuse or outages early.
• Regular backups and recovery processes to reduce the risk of data loss.

• Right of access to stored data and processing details (Art. 15 GDPR).
• Rectification of inaccurate or incomplete data (Art. 16 GDPR).
• Erasure or restriction of processing unless legal obligations require retention (Art. 17, 18 GDPR).
• Data portability in a structured, commonly used format (Art. 20 GDPR).
• Objection to processing based on legitimate interests (Art. 21 GDPR).
• Right to lodge a complaint with a supervisory authority.

For privacy requests or to exercise your rights, email privacy@mecks-translator.com.

To process privacy requests securely and quickly, we use the following steps:

• We verify your identity (e.g., via a reply from the Discord account or email linked to your request).
• We clarify which guilds, time ranges, or data categories you want to access or delete.
• We respond within statutory deadlines; complex requests may take longer after notice.
• If you contact us via Discord, we may ask you to confirm your request via email to protect your account.

We do not make automated decisions with legal or similarly significant effects.

• No profiling or scoring takes place that could significantly affect you.
• Language detection and translations are automated solely to deliver the bot features.
• You can adjust your settings in the dashboard or remove the bot at any time.

To improve stability and user experience we use self-hosted Matomo. The legal basis is your consent (Art. 6(1)(a) GDPR in conjunction with § 25(1) TTDSG). Data is processed exclusively on our server and never shared with third parties.

• We measure page views, feature usage (e.g., dashboard navigation), and technical events like errors or load times to detect issues quickly.
• Matomo sets a cookie to recognise returning devices. You can disable tracking at any time via the opt-out below.
• IP addresses are automatically truncated (IP anonymisation) so they cannot directly identify you.
• Your opt-in/opt-out choice is stored in the browser. After clearing cookies you may need to set your preference again.

We use a small set of cookies or local storage items that are required for operation. The legal basis for strictly necessary storage is Art. 6(1)(f) GDPR in conjunction with § 25(2) TTDSG; analytics cookies are only set with consent.

• Session cookies for sign-in via Discord and secure account management.
• Local preferences such as language selection or dashboard settings.
• Analytics cookies from Matomo if you opt in to tracking.

Based on our services and dependencies we rely on the following processors or infrastructure partners:

• Discord Inc. for platform connectivity and OAuth authentication (e.g., user ID, username) during sign-in.
• Fly.io for hosting the dashboard and bot services (compute, networking, logs).
• Neon as the PostgreSQL database provider for configurations, preferences, and operational data.
• Upstash as the Redis REST service for caching, locks, and rate limiting.
• Groq as the LLM provider for language detection and translations.
• Stripe for payment processing and subscriptions. Payment details are handled directly by Stripe; we receive status and metadata for contract management.
• AWS S3 to store generated files or uploads where necessary, accessed via pre-signed URLs.
• Resend for transactional emails (e.g., confirmations, support communication).
• Sentry for error and performance monitoring in the dashboard.
• Matomo (self-hosted) for web analytics; data stays on our infrastructure.

The service is intended for Discord communities and is not directed at children under the age of 16. If you believe we have collected data from a minor, please contact us and we will delete it.

We update this privacy policy when legal bases, processing activities, or vendors change. We will notify you about material updates in the dashboard or via email.