Docs: Privacy Policy Needed

[naomi-lgbt]

According to Discord's Developer Terms of Service, any application (like this bot) that uses the API is required to have a privacy policy. We should create one (as PRIVACY.md maybe?).

You will comply with all applicable privacy laws and regulations including those applying to personally identifiable information ("PII"). You will provide and adhere to a privacy policy for your application that uses the API (your “API Client”) that clearly and accurately describes to users of your API Client what user information you collect and how you use and share such information with Discord and third parties.

A basic privacy policy should cover, at a minimum:

1. What data does the bot collect (including but not limited to personal identifying information)?
2. Why does the bot need the data?
3. How does the bot use the data?
4. Aside from Discord and the bot's users, who do we share the data with (if anyone)?
5. How can users contact us if they have concerns about the bot?
6. How can users request their data be removed?

A couple of potential resources for generating a privacy policy (note that I cannot personally vouch for these and offer no warranty):
https://app-privacy-policy-generator.firebaseapp.com/
https://termly.io/products/privacy-policy-generator/
https://getterms.io/
https://www.shopify.com/tools/policy-generator

[github-actions]

It's great having you contribute to this project

Feel free to raise an Issue! Welcome to the community 🤓

If you would like to continue contributing to open source and would like to do it with an awesome inclusive community, you should join our Discord chat and our GitHub Organisation - we help and encourage each other to contribute to open source little and often 🤓 . Any questions let us know.

[bagladivyang03]

@nhcarrigan could u pls tell me what exactly has to done with this issue?

[naomi-lgbt]

We would need to add a privacy policy document to the bot's codebase. Given the nature of this issue, I recommend @eddiejaoude weigh in before anyone contributes.

[bagladivyang03]

We would need to add a privacy policy document to the bot's codebase. Given the nature of this issue, I recommend @eddiejaoude weigh in before anyone contributes.

Ok @nhcarrigan

[eddiejaoude]

The information we save looks like this..

From Discord information, I think it is only:

• username
• avatar url
• roles

[naomi-lgbt]

joinedAt is Discord information too.

Everything in bio is user-generated information, which also counts as Discord data.

[eddiejaoude]

Oh yes you are right about joinedAt.

Oh user generated from our bot data is included too? I did not realise that 🤦‍♂️

[naomi-lgbt]

Yep - because those are message contents created by a Discord user through Discord.

Additionally, all of those are considered Personally Identifiable Information.

[github-actions]

Stale issue message

[naomi-lgbt]

We still need this, stalebot.

Maybe I'll push up a basic one today.

[github-actions]

Stale issue message

[github-actions]

Stale issue message

[naomi-lgbt]

Going to bump this and say that Discord is also now expecting a Terms of Service document for bots.

[mikeysan]

I will also leave a comment to prevent stale bot trying to close this again. This is very important information that needs to be displayed somewhere.

In addition, I am not sure if or how this may relate to GDPR (the European side of data protection), which I think is more strict than most. Whatever we come up with should cover that as well. Again, if required.

[eddiejaoude]

Thanks all 👍

[mikeysan]

Just a comment to draw attention to see and make sure it has not been forgotten :)

[adityaraute]

Do we have an update on this one?