Billboard BotOpen dashboard

This document is provided in English.

Privacy Policy

Last updated: June 12, 2026

1. Controller

The Billboard BotDiscord application and web dashboard (the “Service”) are operated by a sole trader (OSVČ) registered in the Czech Republic, who acts as the data controller for the personal data described in this policy. You can reach the controller at support@billboardbot.app.

2. Data we collect

We collect only what the Service needs to function:

  • Discord identity: your Discord user ID, username, and avatar, received when you sign in to the dashboard or interact with the bot.
  • Server data: IDs and names of the Discord servers (guilds) and channels where the bot is installed and billboards are configured.
  • Billboard content: the names, settings, schedules, and frame content (text, embeds, image URLs) of the billboards you create.
  • Subscription and vote records: which servers have Pro entitlements, their source (purchase or vote reward), and vote events delivered by bot-listing sites (containing your Discord user ID).
  • Technical logs: short-lived operational logs (errors, request metadata) used to keep the Service reliable and secure.

Payments are processed by Paddle.com Market Ltd as merchant of record. We never receive or store your card number or full billing details; we receive only the subscription status and a transaction reference. Paddle’s processing is governed by Paddle’s own privacy policy.

3. OAuth tokens

Signing in uses Discord OAuth. Access tokens are used to read your identity and server list for the duration of your dashboard session and are kept in an encrypted session cookie in your browser. We do not store your OAuth tokens server-side beyond the session, and we never request access to your private messages.

4. How we use your data

We use the data above to operate the Service (posting and rotating billboards, enforcing plan limits, granting vote rewards), to provide support, to secure the Service against abuse, and to comply with legal obligations. The legal bases under the GDPR are performance of a contract (Art. 6(1)(b)), our legitimate interests in running and securing the Service (Art. 6(1)(f)), and compliance with legal obligations (Art. 6(1)(c)).

5. Sharing

We do not sell personal data and we do not use it for advertising. Data is shared only with processors necessary to run the Service — hosting and database infrastructure providers, and Paddle for billing — under data processing agreements, and with authorities where the law requires it.

6. Retention

Billboard configuration and server data are retained while the bot is installed in a server and after it is removed, so that everything is restored if the bot is re-invited. Technical logs are kept for a limited period (no longer than 90 days). You can request deletion of your data at any time (see section 7), in which case we erase it without undue delay unless we are legally required to keep specific records (for example, billing records held by Paddle).

7. Your rights (GDPR)

If you are in the European Union or wherever the GDPR applies to you, you have the right to access, rectify, and erase your personal data, the right to restrict or object to its processing, and the right to data portability. To exercise any of these rights, email support@billboardbot.app from an address or Discord account that lets us verify your identity. You also have the right to lodge a complaint with a supervisory authority — in the Czech Republic, the Office for Personal Data Protection (Úřad pro ochranu osobních údajů, uoou.gov.cz).

8. International transfers

Our infrastructure providers may process data outside the European Economic Area. Where that happens, transfers are protected by appropriate safeguards such as adequacy decisions or the European Commission’s Standard Contractual Clauses.

9. Security

We protect your data with industry-standard measures: encrypted transport (TLS), encrypted session cookies, least-privilege access to production systems, and webhook signature verification for third-party events. No system is perfectly secure; if we become aware of a breach affecting your personal data, we will notify you and the supervisory authority as required by law.

10. Children

The Service is intended for users who meet Discord’s minimum age requirement (13 years, or higher where local law requires). We do not knowingly collect personal data from children below that age.

11. Changes to this policy

We may update this policy from time to time. Material changes will be announced via the dashboard or the Discord support channels before they take effect. The “Last updated” date at the top reflects the latest revision.

12. Contact

Privacy questions and data requests: support@billboardbot.app