Mitsuki - Privacy Policy

Last updated: 11/29/2025

Legal Framework Compliance

1. General Data Protection Regulation (GDPR) Compliance

Mitsuki ("we", "us", "our") is committed to protecting the privacy and security of your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This section outlines our legal bases for processing your data and your rights under these regulations.

2. Legal Bases for Processing

We process your personal data on the following legal grounds:

2.1 Contractual Necessity

• Processing necessary for the performance of our contract with you to provide Discord bot services

• Storing your settings and configurations to deliver our services

• Processing commands and responding to your requests

2.2 Legitimate Interests

• Improving our services through anonymous usage statistics

• Ensuring the security and proper functioning of our bot

• Preventing fraud and unauthorized use

• Analyzing bot performance and user interaction patterns

2.3 Consent

• Processing of any optional features you explicitly enable

• Collection and storage of custom messages and configurations

• Using your data for specific optional functionalities

2.4 Legal Obligation

• Complying with legal requirements and government requests

• Maintaining security and preventing abuse

• Retaining records as required by law

3. International Data Transfers

3.1 Data Transfer Mechanisms

We may transfer your personal data to countries outside the European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place through:

• Standard Contractual Clauses (SCCs) approved by the European Commission

• Adequacy decisions issued by the European Commission

• Other legally approved data transfer mechanisms

3.2 Transfer Safeguards

For all international transfers, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• End-to-end encryption of data in transit

• Secure data storage with industry-standard encryption

• Regular security assessments and audits

• Strict access controls and monitoring

4. Your Rights Under GDPR

Under the GDPR, you have the following rights:

4.1 Right to Access

• Request confirmation of whether we process your personal data

• Receive a copy of your personal data in a structured, commonly used format

• Obtain information about how we process your data

4.2 Right to Rectification

• Request correction of inaccurate personal data

• Have incomplete personal data completed

4.3 Right to Erasure ("Right to be Forgotten")

• Request deletion of your personal data under certain circumstances

• Automatic deletion when you remove our bot from your server

4.4 Right to Restrict Processing

• Limit how we use your personal data in certain cases

• Have incomplete personal data completed

4.5 Right to Data Portability

• Receive your personal data in a structured, commonly used format

• Transmit your data to another service provider where technically feasible

4.6 Right to Object

• Object to processing based on legitimate interests

• Object to direct marketing

• Object to processing for scientific/historical research/statistics

4.7 Rights Related to Automated Decision Making

• Not be subject to decisions based solely on automated processing

• Obtain human intervention for automated decisions

• Express your point of view and contest automated decisions

5. Exercising Your Rights

Under the GDPR, you have the following rights:

5.1 How to Submit Requests

You can exercise your rights by:

• Contacting us through our support server

• Emailing us at support@mitsuki.gg

5.2 Response Timeline

• We will respond to your requests within one month

• This period may be extended by two months for complex requests

• You will be informed of any extension within the first month

5.3 Identity Verification

To protect your privacy, we may need to verify your identity before processing your request. This may include:

• Confirming your Discord account ownership

• Requesting additional verification information

• Validating your server permissions

6. Data Protection Authority

You have the right to lodge a complaint with a supervisory authority. For users in the Netherlands, this is:

Autoriteit Persoonsgegevens
Bezuidenhoutseweg 30
P.O. Box 93374
2509 AJ Den Haag
The Netherlands

For users outside the Netherlands, you may contact your local data protection authority.

7. Updates to This Section

We reserve the right to update this section as needed to comply with legal requirements and operational changes. Material changes will be communicated through:

• Our Discord server announcements

• Direct bot notifications

• Updates to our website

Your continued use of our services after such changes constitutes acceptance of the updated terms.

Data Controller Information

1. Controller Identity and Contact Details

1.1 Data Controller

Mitsuki ("we", "us", "our") acts as the data controller for personal data collected through our Discord bot and associated services.

1.2 Contact Information

You can reach us through the following channels:

• Legal Contact: support@mitsuki.gg

• Discord Server: https://discord.gg/KguTKZNen6

2. Service Description

2.1 Primary Services

Mitsuki operates as a Discord bot providing the following primary services, but is not limited to:

• Leveling

• Moderation

• Activity leaderboards

• Economy

• Self roles

• Welcome messages

2.2 Associated Services

In addition to our Discord bot, we provide:

• Web dashboard for bot configuration

• Statistical tracking and analysis tools

3. Business Information

3.1 Legal Status

Mitsuki is operated by a private individual based in the Netherlands.

4. Operational Framework

4.1 Service Jurisdiction

While we are based in the Netherlands, our services are provided internationally through the Discord platform. We comply with:

• Dutch data protection laws

• EU GDPR requirements

• Applicable international data protection regulations

4.2 Data Processing and Third-Party Services

We process and store data using the following third-party services:

4.2.1 Infrastructure Providers

• Vultr: Provides web backend hosting services

• YottaSrc: Provides bot hosting services

• MongoDB: Provides database services for storing user configurations, bot settings, and website data

4.2.2 Dependencies

We use various open-source NPM (Node Package Manager) packages to provide our services. These packages:

• Are carefully vetted for security

• Do not receive personal user data unless necessary for functionality

• Are regularly updated to maintain security

5. Roles and Responsibilities

5.1 Our Role as Data Controller

As the data controller, we:

• Determine the purposes and means of processing personal data

• Ensure compliance with data protection laws

• Respond to data subject requests

• Maintain appropriate security measures

• Select and oversee data processors

5.2 Relationship with Discord

We operate independently from Discord while utilizing their platform. Users should note:

• Discord acts as a separate data controller for platform-level data

• We process only the data necessary for our bot's functionality

• Users are subject to both Discord's and our privacy policies

6. Accountability and Governance

6.1 Internal Controls

We maintain:

• Regular data protection impact assessments

• Internal data protection policies

• Security incident response procedures

6.2 Documentation

We maintain records of:

• Processing activities

• Security measures

• Data breach notifications

• User consent records

7. Updates and Changes

7.1 Changes to Controller Information

Any changes to this information will be:

• Announced in our Discord server

• Updated in our privacy policy

• Notified to users when legally required

• Documented in our change logs

Enhanced Data Processing Details

1. Types of Data Collected

1.1 Discord Identifiers

• Snowflake IDs

• User IDs

• Server IDs

• Channel IDs

• Role IDs

• Message IDs

• Purpose: Essential for bot functionality and feature operations

• Retention: For the duration of bot presence in server plus one month

• Legal Basis: Contractual necessity

1.2 Configuration Data

• Server Settings

• Purpose: To maintain server-specific bot functionality

• Retention: Until changed by server administrators or bot removal

• Legal Basis: Contractual necessity and legitimate interests

1.3 Usage Statistics

• Command Usage

• Command types and frequency

• Error rates

• Response times

• Feature popularity

• Purpose: Service improvement and performance monitoring

• Retention: Anonymized after 90 days, aggregate data kept indefinitely

• Legal Basis: Legitimate interests

1.4 Website Data

• Basic Analytics

• Page views

• Session duration

• Feature interactions

• Purpose: Website optimization and user experience improvement

• Retention: 26 months in anonymized form

• Legal Basis: Legitimate interests

2. Data Processing Purposes

2.1 Core Functionality

• Responding to commands

• Managing server roles

• Executing moderation actions

• Delivering welcome messages

• Maintaining server configurations

2.2 Service Improvement

• Analyzing feature usage patterns

• Identifying performance issues

• Optimizing command response times

• Enhancing user experience

2.3 Security and Compliance

• Preventing abuse and spam

• Detecting unauthorized access

• Maintaining audit logs

• Ensuring service integrity

3. Data Retention Periods

3.1 Active Data

• Server configurations: Duration of bot presence in server

• User settings: Until user removes bot or requests deletion

• Command logs: 90 days

• Error logs: 30 days

3.2 Archived Data

• Anonymized statistics: Indefinitely

• Security audit logs: 1 year

• Backup data: 30 days

3.3 Deletion Procedures

• Automatic deletion after retention period

• Manual deletion upon request

• Cascade deletion when bot is removed

4. Automated Processing

4.1 Automated Decision-Making

Our bot makes automated decisions for:

• Spam detection and prevention

• Auto-moderation based on configured rules

• Role assignment based on user actions

4.2 User Rights Regarding Automation

Users have the right to:

• Contest any automated decision

• Request human review of decisions

• Opt out of certain automated features

• Configure automation thresholds

5. Data Processing Locations

5.1 Primary Processing

• Web backend: Vultr datacenter Amsterdam

• Bot hosting: YottaSrc

• Database: MongoDB

5.2 Data Transfers

• All data transfers use encryption

• EU-US data transfers comply with standard contractual clauses

• Regular security audits of transfer mechanisms

6. Special Categories of Data

6.1 Sensitive Data

We do not intentionally collect or process special categories of personal data such as:

• Race or ethnicity

• Political opinions

• Religious beliefs

• Health information

• Biometric data

6.2 User-Generated Content

Users are responsible for ensuring they do not share sensitive data through:

• Custom messages

• Server configurations

• Bot commands

7. Data Minimization

7.1 Collection Principles

We collect only data that is:

• Necessary for bot functionality

• Specifically requested by server administrators

• Required for service improvement

• Mandated by law

7.2 Regular Reviews

We conduct regular reviews to:

• Remove unnecessary data collection

• Optimize storage usage

• Update retention periods

• Improve data accuracy

8. Data Quality Measures

8.1 Accuracy

• Regular validation of stored data

• Automatic correction of known errors

• User ability to update stored preferences

8.2 Completeness

We conduct regular reviews to:

• Required field validation

• Data integrity checks

• Backup verification

9. Processing Records

9.1 Documentation

We maintain detailed records of:

• All processing activities

• Data flows and transfers

• Security measures

• Access controls

9.2 Auditing

Regular audits ensure:

• Compliance with stated policies

• Accurate processing records

• Effective security measures

• Proper data handling

Cookie Policy

1. Introduction

1.1 What Are Cookies

Cookies are small text files that are stored on your device when you visit our website. They help us provide you with a better experience by remembering your preferences and understanding how you use our services.

1.2 Scope of This Policy

This Cookie Policy applies to:

• The Mitsuki website (https://mitsuki.gg)

• The Mitsuki web dashboard

• Any subdomains of mitsuki.gg

2. Cookie Usage

2.1 Essential Cookies

These cookies are necessary for the website to function and cannot be switched off. They are used for Discord authentication and user session management.

Name	Purpose	Duration
discord_auth	Manages Discord authentication state	Session
discord_user	Stores Discord user information for site functionality	Session

2.2 Performance Cookies

These cookies help us understand how visitors interact with our website by collecting anonymous information through Google Analytics:

Name	Purpose	Duration
_ga	Google Analytics identifier	2 years
_gid	Google Analytics daily user identifier	24 hours
_ga_[site-specific]	Google Analytics session data	2 years

3. Cookie Control

3.1 Cookie Consent

When you first visit our website, you will be presented with a cookie banner that allows you to:

• Accept all cookies

• Reject non-essential cookies

• Customize your cookie preferences

3.2 Managing Cookies

You can manage cookies through:

• Our cookie preferences center

• Third-party opt-out tools

4. Third-Party Cookies

4.1 Google Analytics

We use Google Analytics to understand website usage:

• Data collected: Page views, user behavior, session duration

• Privacy measures: IP anonymization, data retention limits

• Opt-out: Available through Google Analytics Opt-out Browser Add-on

4.2 Discord Integration

Our website integrates with Discord for authentication and user management:

• Cookies are set during Discord authentication

• These cookies are essential for site functionality

5. Cookie Categories

5.1 By Duration

• Session Cookies: Deleted when you close your browser (discord_auth, discord_user)

• Persistent Cookies: Used for analytics and remain active for set periods (_ga, _gid)

5.2 By Function

• Authentication: Discord login and session management

• Analytics: Google Analytics for usage tracking

• Technical: Essential website functionality

6. Data Processing

6.1 Cookie Data Usage

Cookie data is used for:

• Maintaining user sessions

• Discord authentication

• Website analytics

• Improving user experience

6.2 Data Sharing

Cookie data may be shared with:

• Google Analytics (anonymized)

• Discord (for authentication)

• Our hosting providers

7. Your Rights

7.1 Control Options

You have the right to:

• Accept or reject non-essential cookies

• Modify cookie preferences

• Delete existing cookies

• Block future cookies

7.2 Consequences

Please note that:

• Discord authentication cookies cannot be disabled if you want to use our services

• Analytics cookies can be rejected without limiting core functionality

• Some features require essential cookies to work

8. Updates to Cookie Policy

8.1 Policy Changes

We may update this Cookie Policy to reflect:

• New cookies being used

• Changes in how we use cookies

• Legal or regulatory requirements

• Technical improvements

8.2 Notification

Changes will be communicated through:

• Website notifications

• Discord server announcements

9. Contact Information

For questions about our Cookie Policy or cookie usage:

• Email: support@mitsuki.gg

• Discord Server: https://discord.gg/KguTKZNen6

• Website: https://mitsuki.gg