1. Who We Are
NeoBot ("we", "us", "our") is a Discord bot and web dashboard operated by its founder. The service is accessible at www.neobot.one. For privacy questions, use our Feedback page.
2. Data We Collect
We collect only what is necessary to operate the bot's features. All data originates from your Discord server activity.
User Data
- Discord User ID — used to identify you across servers
- Username & display name — used to display leaderboards, rank cards, and notifications
- XP, level, and coin balance — stored per-server for the leveling and economy systems
- Message count & voice activity hours — used for XP rewards and achievement tracking
- Achievement progress — actions tracked: messages, reactions, voice joins/minutes, invites, casino games, daily claims, purchases, and level milestones
- Economy records — job history, quest completions, shop purchases, gambling results
- Warning history — moderation actions applied to a user by server staff
- Invite records — invite codes used to join a server, for the Invite Tracker feature
Server (Guild) Data
- Guild ID, name, and icon — used to identify and display your server in the dashboard
- Channel IDs and role IDs — stored when you configure features (welcome channels, log channels, role panels, etc.)
- Configuration settings — XP rates, economy multipliers, AutoMod rules, AutoMod bad-word lists, ticket panel settings, reaction-role panels, birthday channels, stats channels, and webhook configurations
- Custom commands — command names and response text you define
- Ticket transcripts — message history of closed support tickets, stored until deleted by a server administrator
- Subscription tier — whether your server has an active Premium or Ultimate plan
Dashboard Authentication
- Discord OAuth2 access token — session-based, encrypted, used only to verify your identity and server permissions. Never stored long-term.
- Server membership and administrator status — checked at login to confirm you have permission to manage a given server
Payment Data
Payments are processed by Stripe. We do not store credit card numbers, bank details, or full payment information. We receive only a subscription status and customer reference from Stripe. Redemption codes (if used) are stored as text alongside your guild record.
3. How We Use Your Data
- Operate leveling, economy, moderation, music, ticket, giveaway, birthday, invite-tracking, and achievement systems
- Display analytics, leaderboards, rank cards, and statistics in the dashboard
- Send automated Discord notifications (level-up messages, birthday announcements, achievement unlocks, welcome messages)
- Authenticate and authorise access to the dashboard
- Apply AutoMod rules and sync them with Discord's native AutoMod API
- Enforce subscription tier limits and redeem promotional codes
- Generate achievement unlock images using server-side canvas rendering
4. Data Storage & Infrastructure
All data is stored in a PostgreSQL database hosted on our secure AWS EC2 infrastructure. Session tokens are encrypted. We do not use Replit or any third-party managed database hosting for production data.
Data is stored per-server (guild). A user's XP in Server A is completely separate from Server B — nothing carries over between Discord servers.
5. Data Retention
- User activity data (XP, coins, levels, achievements) — retained while the bot is active in your server
- Ticket transcripts — retained until a server administrator deletes them via the dashboard
- Moderation records (warnings) — retained until cleared by a server administrator
- Session tokens — expire automatically; not retained after logout or session timeout
- Server configuration — retained until you remove the bot from your server or request deletion
6. Data Sharing
We do not sell, rent, or share your data with third parties for advertising or commercial purposes. Data is shared only in these narrow cases:
- Discord — we call Discord's API to read server structure, send messages, manage roles, and sync AutoMod rules. Discord's own Privacy Policy governs their use of that data.
- Stripe — payment processing only. Stripe's Privacy Policy governs their handling of payment data.
- Fluent Emoji CDN — emoji images for the webhook emoji picker are loaded from Microsoft's CDN. No user data is sent.
- Lavalink music nodes — audio stream URLs are passed to our Lavalink node to play music. No personal data is included.
7. Your Rights & Data Requests
You have the right to:
- View your data — use the dashboard analytics and leaderboard pages for your server
- Delete your server's data — remove NeoBot from your server. Contact us via the Feedback page to request permanent deletion of all stored records for your guild.
- Delete your user data — submit a deletion request via the Feedback page with your Discord User ID. We will remove your records from all guilds within 30 days.
- Opt out of specific tracking — server administrators can disable individual features (voice XP, invite tracking, etc.) via the dashboard.
8. Children's Privacy
NeoBot operates within Discord. Discord requires users to be at least 13 years old (or older in some jurisdictions). We do not knowingly collect data from users below Discord's minimum age requirement.
9. Security
We implement encrypted session storage, CSRF protection, parameterised database queries, and access-level checks on all API endpoints. However, no system is completely secure, and we cannot guarantee absolute protection against all threats.
10. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or applicable law. The "Last updated" date at the top of this page will be revised accordingly. Continued use of NeoBot after an update constitutes acceptance of the revised policy.
11. Contact
For privacy questions, data requests, or to report a concern, please use our Feedback page or reach us in our Discord server.