Legal Documents  /  UndoIt

Privacy
Policy

DocumentPrivacy Policy
Effective DateMarch 8, 2026
Last UpdatedMarch 8, 2026
RegulationGDPR Compliant
01

Overview

UndoIt takes your privacy seriously. This Privacy Policy explains what data we collect when you use our Services — including RickBot, our website, and our Discord community — how we use it, and what rights you have over it.

We operate in compliance with the EU General Data Protection Regulation (GDPR). If you are located in the European Economic Area (EEA), you have specific rights described in Section 07 of this policy.

Plain English

We collect only what we need to run our services. We don't sell your data. We don't share it with advertisers. We're GDPR-compliant and you can ask us to delete your data at any time.

02

What We Collect

RickBot collects only the data it needs to function. Here is exactly what we store — and what we don't:

Data Type What It Is Stored?
Guild (Server) IDs Unique Discord identifier for each server RickBot is added to Stored
Bot Configuration Data Settings, role assignments, and moderation preferences set by Server Admins Stored
Moderation Logs Records of actions RickBot takes — bans, kicks, and warnings — including the Discord User ID of the subject Stored
Message Content (AutoMod) Message text scanned in real-time when AutoMod features are active. Content is checked against configured rules and immediately discarded — it is never written to disk Not Stored
User IDs (general) Discord User IDs are only stored as part of moderation log entries. We do not build profiles or store User IDs outside of this context Logs only

We do not collect your real name, email address, IP address, payment details, or any data not listed above.

Plain English

RickBot stores your server's settings and a log of moderation actions. AutoMod reads messages to check for rule violations, but never saves them. That's it.

03

How We Use Data

We use collected data solely for the following purposes, each with a lawful basis under the GDPR:

  • Service operation (Legitimate Interest / Contract). To provide RickBot's moderation and security features as configured by Server Admins.
  • Configuration persistence (Contract). To remember each server's settings between bot restarts.
  • Moderation records (Legitimate Interest). To maintain an accurate log of moderation actions for Server Admin review and community accountability.
  • Abuse prevention (Legitimate Interest). To detect and prevent misuse of our bots and services.
  • Support (Legitimate Interest). To diagnose reported issues and provide assistance through our Discord server.

We do not use your data for advertising, profiling, or any commercial purpose beyond the direct, stated operation of our Services.

04

Data Storage

All data collected by UndoIt is stored on self-hosted infrastructure — meaning our servers are operated directly by the UndoIt team rather than delegated to a third-party cloud provider. This gives us direct control over the physical and logical security of your data.

Our security measures include:

  • Strict access controls limiting data access to authorised UndoIt team members only.
  • Encrypted connections (TLS) for all data in transit between our infrastructure and Discord's API.
  • Regular review and improvement of our security posture.

While we implement strong security practices, no system is completely immune to risk. In the event of a data breach that affects your rights and freedoms, we will notify relevant supervisory authorities as required by GDPR Article 33, and affected individuals where required under Article 34.

05

Data Sharing

We do not sell, rent, or trade your data to third parties under any circumstances.

We may share data only in the following very limited cases:

  • With your consent. If you explicitly authorise a specific data disclosure.
  • Legal obligation. If required to comply with applicable EU or member state law, a court order, or a lawful request from a competent authority.
  • Protection of rights. Where strictly necessary to protect the rights, property, or safety of UndoIt, our users, or third parties, as permitted by law.
Plain English

We will never sell your data. We only share it if the law requires it or if you ask us to.

06

Data Retention

We retain data only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Our specific retention periods are:

  • Server configuration data is retained for as long as RickBot remains in your server. Upon RickBot's removal, this data is deleted within 30 days.
  • Moderation logs are retained for up to 12 months from the date of the action, after which they are automatically purged. Server Admins can request earlier deletion.
  • Message content processed by AutoMod is never written to storage and is discarded immediately after the real-time check completes.

You may request deletion of your data at any time. See Section 07 for how to exercise this right.

07

Your Rights (GDPR)

If you are in the European Economic Area, you have the following rights under the GDPR. We honour these rights for all users regardless of location:

  • Right of Access (Art. 15). You may request a copy of any personal data we hold relating to your Discord User ID or server.
  • Right to Rectification (Art. 16). You may request that inaccurate or incomplete data be corrected.
  • Right to Erasure (Art. 17). You may request deletion of your personal data ("right to be forgotten"). We will comply unless we have a legitimate legal basis to retain it.
  • Right to Restriction (Art. 18). You may request that we restrict processing of your data in certain circumstances.
  • Right to Data Portability (Art. 20). You may request an export of your data in a machine-readable format where technically feasible.
  • Right to Object (Art. 21). You may object to processing carried out on the basis of legitimate interests.
  • Right to Lodge a Complaint. You have the right to lodge a complaint with your local EU supervisory authority if you believe we have mishandled your data.

To exercise any of these rights, contact us via our Discord server. We will respond to all valid requests within 30 days as required by GDPR Article 12.

08

Children's Privacy

Our Services are not directed to children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that such data has been collected, we will take prompt steps to delete it.

If you are a parent or guardian and believe your child has provided us with data, please contact us via Discord immediately.

09

Third-Party Services

Our Services operate through Discord's platform. Your use of Discord is independently governed by Discord's Privacy Policy. UndoIt is not responsible for Discord's data practices.

Beyond Discord, our Services are self-hosted. We do not use third-party analytics platforms, advertising networks, or SaaS data processors that would receive your data.

10

Policy Changes

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date above. For material changes that affect your rights, we will provide advance notice via our Discord server where possible.

Continued use of our Services after changes take effect constitutes acceptance of the updated policy. We encourage periodic review of this page.

11

Contact & Data Protection

For all privacy-related enquiries, data subject requests, or complaints, please reach us via Discord. We aim to respond to all requests within 30 days in line with GDPR requirements.

If you are unhappy with our response to a privacy concern, you have the right to escalate your complaint to your national data protection authority. EU users may also use the EU Online Dispute Resolution platform.