Privacy Policy

Who we are

Controller/Operator: Scrapline

Contact: Contact Support

Information we collect

• Account & Discord Data: Discord user ID, username, avatar, guild ID and role IDs you connect; OAuth tokens scoped only as needed.
• Usage & Logs: Timestamps, feature actions, IP in server logs, user-agent; minimal diagnostic events for reliability and security.
• Billing: We use Stripe. We never store full card data. Stripe may process your payment details and fraud signals.
• Support: Messages, tickets, and contact details you provide.
• Message Content (Premium Tier): For AI moderation features, message content may be temporarily processed by third-party AI providers.
• Listing Media Uploads: If you upload listing pictures or banners, we collect and store processed image files and minimal metadata required to render your listing.

How we use information

• Provide, secure, and improve the Services
• Authenticate via Discord OAuth
• Process subscriptions and payments via Stripe
• Detect/prevent abuse, enforce policies
• Comply with legal obligations

Australian Privacy Act 1988

We are subject to the Privacy Act 1988 (Cth) and comply with the Australian Privacy Principles (APPs). This policy is our APP Privacy Policy as required by APP 1.

• APP 3 – Collection: We collect personal information only by fair and lawful means and only where reasonably necessary for our services.
• APP 5 – Notification: We notify you of the purposes of collection at or before the time of collection (via our consent flows and this policy).
• APP 7 – Direct marketing: We do not use or disclose your personal information for direct marketing without your consent. You may opt out of any marketing communications at any time by contacting us.
• APP 8 – Cross-border disclosure: Your data may be transferred to or processed in overseas countries including the United States (Stripe, Discord, AI providers), the European Union (hosting, CDN providers), and other countries where our service providers operate. We take reasonable steps to ensure recipients handle your data consistently with the APPs.
• APP 11 – Security: We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access.
• APP 12 – Access: You have the right to access your personal information we hold. See "Your rights" below.
• APP 13 – Correction: You have the right to request correction of personal information that is inaccurate, out of date, incomplete, or misleading.

Legal bases (GDPR/EU/UK)

• Contract: To provide requested services.
• Legitimate interests: Security, anti-abuse, product improvement.
• Consent: Where required (for example, certain cookies or marketing).
• Legal obligation: Tax, fraud prevention, compliance.

Sharing

We share data with processors only as needed to run the Services (e.g., hosting, databases, Stripe payments, error monitoring). We may disclose where required by law or to protect rights and safety.

AI Processing

If you use AI-powered features (AI Moderation, AI Ticket Triage, AI Sentiment, AI Reports, etc.), message content may be processed by third-party AI services for content filtering, triage, analysis, and summarization. These services process data in accordance with their own privacy policies.

• AI providers are used solely for the feature you have enabled (moderation, triage, summaries).
• We may change AI providers at any time to improve service quality.

Important notes about AI processing

• All AI features are opt-in and disabled by default.
• For AI Ticket Triage, only the ticket opener’s messages inside an active triage session are sent to our AI provider; staff messages are not.
• For AI Ticket Triage, we store only a sha256 hash of each message and a category tag for tuning. No raw content is retained beyond the AI conversation transcript, which is deleted after 90 days.
• Content is processed in real-time and not stored by AI providers beyond their standard processing.
• We cache AI responses locally for up to 5 minutes to reduce redundant API calls
• You can disable AI moderation at any time via the dashboard
• AI providers do not use your content for training their models

International transfers

Your data may be processed in countries outside your own. Where applicable, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards.

Retention

We keep data only as long as necessary for the purposes above, or as required by law. Specifically:

• Active guilds: Data retained while the bot is in your server.
• Inactive guilds: Data (moderation cases, tickets, giveaways, appeals) deleted after 6 months of bot removal.
• Billing records: Retained as required by tax law (typically 7 years).
• AI processing: Content processed in real time and not stored beyond immediate use.

We run automated cleanup jobs weekly to remove data from inactive guilds.

How listing images are handled

• Uploaded listing media is validated against strict file type and size rules.
• We sanitize and re-encode uploaded images before storage to reduce security risk.
• Unsupported, malformed, or suspicious uploads are rejected.
• Processed images are stored only for service operation and can be replaced by the guild owner.

Your rights

Under Australian law (Privacy Act 1988, APPs) and GDPR/UK GDPR where applicable, you have the following rights:

• Access (APP 12 / GDPR Art. 15): Request a copy of the personal information we hold about you.
• Correction (APP 13 / GDPR Art. 16): Request correction of inaccurate, out of date, incomplete, or misleading data.
• Deletion (GDPR Art. 17): Request deletion of your data ("right to be forgotten") where applicable.
• Portability (GDPR Art. 20): Request your data in a machine-readable format where applicable.
• Object or restrict: Object to or restrict certain processing.
• Opt out of direct marketing (APP 7): You may opt out of direct marketing at any time by contacting us.
• Withdraw consent: Where processing is based on consent, you may withdraw at any time.

How to exercise your rights

To make a data subject request, email Contact Support with:

• Your Discord user ID (for verification)
• A description of your request
• Any relevant guild IDs if applicable

We will respond within 30 days. In complex cases, we may extend this by up to 60 days with notice. For Australian Privacy Act requests we aim to comply with the timeframes set out in the APPs.

Right to complain

If you believe we have not handled your data in accordance with the Australian Privacy Principles, you may first contact us directly. If your complaint is not resolved to your satisfaction, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) under the Privacy Act 1988 (Cth):

Children and Minimum Age (COPPA)

Our Services are intended only for users who are 13 years of age or older (or the applicable minimum age required by law in your country). We do not knowingly collect, use, or disclose personal information from children under 13.

In accordance with Discord's own Terms of Service and Developer Policy, we do not direct our Services to children under 13. If you are under 13, do not use or provide any information to us through the Services.

If we become aware that we have inadvertently collected personal information from a child under 13, we will take immediate steps to delete that information. If you believe we have collected data from a child under 13, please contact us at Contact Support and we will act promptly.

For users in countries with higher minimum age requirements, the applicable local minimum age applies.

Data Breach Notification

In the event of a data breach that is likely to result in serious harm, we are committed to the following:

• Australian NDB Scheme: Under the Notifiable Data Breaches scheme (Privacy Act 1988, Part IIIC), if an eligible data breach occurs, we will notify the Office of the Australian Information Commissioner (OAIC) and all affected individuals as soon as practicable.
• Discord Developer Terms (Section 5): We will notify Discord and affected users of any potential unauthorised access to Discord API data as required by the Discord Developer Terms of Service.
• GDPR/UK GDPR: Where applicable, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay.
• Internal response: Upon discovering a breach we will: (1) contain the breach; (2) assess the risk and affected data; (3) notify regulators and affected users; (4) take steps to prevent recurrence.

To report a suspected security incident or breach, contact us immediately at Contact Support.

Discord Developer Policy Compliance

Our bots and applications are built on the Discord API. We comply with the Discord Developer Terms of Service and Discord Developer Policy. Specifically:

• We only use Discord API data for the stated functionality of our Services as described in this policy.
• We do not direct our Applications at users under the age of 13.
• We maintain this publicly available, up-to-date privacy policy and keep the link current in the Discord Developer Portal.
• We will notify Discord and affected users of any potential unauthorised access to API data (see Data Breach Notification above).
• Our Applications respect user-initiated blocks, bans, kicks, mutes, and visibility settings.
• We obtain appropriate consent before performing actions on a user or server's behalf.

Reporting issues with our bot

Discord's Developer Policy requires that users have a way to report issues or violations relating to our Application. You can report issues through:

• Discord support server: discord.gg/UnyJngFf8S
• Email: Contact Support

We review all reports and take appropriate action.

Security

We use industry-standard safeguards (access controls, encryption in transit, least-privilege, monitoring). No method is 100% secure; report issues to Contact Support.

Cookies & analytics

See our Cookie Policy for details about cookies, analytics, and choices.

Changes

We may update this Policy from time to time. If changes are material, we'll take reasonable steps to notify you.

User Data Handling Summary

The following summarises how we handle specific categories of user data, for transparency and to satisfy Discord Developer Policy requirements:

• Discord User ID / Username / Avatar: Collected via OAuth. Used to authenticate you and display your profile. Retained while you have an account. Deleted on request.
• Guild (Server) IDs and Settings: Collected when you add the bot to your server. Used to operate bot features. Deleted 6 months after the bot is removed from your server.
• Moderation Actions (bans, kicks, warnings, cases): Stored per-guild for moderation history. Deleted 6 months after bot removal.
• Message Content: Only processed (not stored) by AI providers for Premium AI moderation features. Never stored by us or AI providers beyond immediate processing. This feature is opt-in.
• Payment / Billing Data: Handled by Stripe. We store only Stripe Customer ID and subscription status. We never store card numbers or full billing details.
• IP Address: Retained in server logs for security and abuse prevention. Log rotation occurs regularly.
• Support Messages: Retained for as long as needed to resolve your issue.

Data deletion requests

To request deletion of all personal data we hold about you, email Contact Support with your Discord User ID. We will delete your data within 30 days, except where retention is required by law (e.g. billing records).

Contact