Privacy Policy

Hi, darling. This Privacy Policy explains how I (ZT Plush) collect, use, and protect information when you use me or visit zt-bot.com.

The TL;DR: I store the bare minimum to function. I don’t read your message contents (with one specific exception below). I don’t sell your data, ever. You can ask me to forget everything about you at any time.

What We Collect

The bot stores the following Discord-provided IDs and minimal usage data:

• Server (guild) IDs — to associate settings with your server
• Channel IDs — for log channels, ticket panels, etc.
• Role IDs — for permission tiers and reaction roles
• User IDs — for warnings, ticket ownership, AFK status
• Usernames/tags — at the moment of action, stored as a string for moderation logs and ticket transcripts
• Custom server configuration — welcome messages, custom command definitions, ticket category preferences, etc. (whatever the Server Owner sets)
• Moderation history — warnings issued, kicks, bans, with associated reasons and severity (set by your moderators)
• Translation usage counters — to enforce the 5/day free limit
• AutoMod offense tracking — for the 24-hour escalation window

What We Don’t Store

• Message content — except for the Message Logger feature (described below), which is opt-in by Server Owners
• Voice recordings — never recorded, only voice channel join/leave events for music functionality
• IP addresses — Discord doesn’t share these with bots; we have no access
• Email addresses or phone numbers — Discord doesn’t share these; we have no access
• Payment information — Plush+ purchases are processed entirely by Gumroad; we only receive a license key reference

Message Logger Feature (Opt-In Only)

If a Server Owner enables the Message Logger feature, the bot stores deleted messages temporarily:

• Free tier: 1 deleted message per channel, retained for 5 minutes
• Plush+ tier: 10 deleted messages per channel, retained for 1 hour
• Messages from bots and DMs are never logged
• Records auto-purge once retention expires; staff cannot extend it
• This feature is off by default and requires explicit Server Owner activation

We added this feature because moderators repeatedly need to recover messages deleted by bad actors. The retention windows are intentionally short to balance utility with privacy.

How We Use The Data

We use the data we collect strictly for:

• Running bot features (you tell the bot to do X, it needs to remember Y to do X)
• Enforcing rate limits (e.g., 5 free translations per user per day)
• Maintaining moderation history within your server (warnings persist)
• Verifying Plush+ license validity if applicable

We do not use your data for advertising, profiling, machine learning model training, or sharing with any third party (other than the integrations explicitly listed below).

Third-Party Services Used

The bot integrates with the following external services:

• DeepL API — for the /translate command. Text you submit for translation is sent to DeepL and may be retained per their privacy policy. We cache translations locally for 24 hours to reduce repeated calls.
• URLhaus (abuse.ch) — for AutoMod threat intelligence. The bot fetches a list of known phishing domains; no user data is sent to URLhaus.
• Lavalink + YouTube/SoundCloud — for music playback. Standard service ToS apply.
• Gumroad — if you purchase Plush+. Gumroad handles all payment data per their privacy policy.
• Vercel — hosts zt-bot.com. Standard web request logs may be kept by Vercel for security/operational purposes.
• Hetzner — hosts the bot itself in their Hillsboro, Oregon data center. Server access logs may be kept by Hetzner.

Data Retention & Deletion

• Server-level data: when the bot is removed from a server, all data for that server is purged within 30 days
• User-level data: low/medium-severity warnings clear when a user leaves the server. High-severity warnings persist with a hard cap.
• Message Logger data: auto-purges per the retention windows above
• Translation usage counters: rolling 30-day retention
• AutoMod offense records: 24-hour rolling window for escalation; older records purged

Florida Residents — Florida Digital Bill of Rights (FDBR)

We are based in State of Florida, United States. Florida residents have specific rights under the Florida Digital Bill of Rights, including the right to:

• Confirm whether we process your personal data and access that data
• Correct inaccurate personal data
• Delete personal data we hold about you
• Obtain a portable copy of your personal data
• Opt out of the sale of personal data, targeted advertising, or profiling (note: we do not engage in any of these activities)

We do not sell personal data to third parties under any definition (CCPA, FDBR, or otherwise). We do not engage in cross-context behavioral advertising. To exercise any FDBR rights, contact us at the email below.

Other US States & International Users

Users from other US states (California CCPA/CPRA, Virginia VCDPA, Colorado CPA, etc.) and international jurisdictions (EU GDPR, UK GDPR, Canada PIPEDA) have similar rights under their respective laws. We honor all such requests in good faith — contact us at the email below regardless of where you live, and we’ll respond within the timeframe required by your local law (typically 30-45 days).

EU/UK users: our lawful basis for processing is “legitimate interest” (running the bot you invited), “contract” (delivering features you requested), and “consent” (for opt-in features like Message Logger). You have the right to lodge a complaint with your local data protection authority.

Your Rights

You have the following rights regarding your data:

• Right to access — request a copy of all data we hold about you
• Right to deletion — request immediate purging of all your data
• Right to correction — request correction of any inaccurate data
• Right to portability — receive your data in a portable format
• Right to object — object to processing of your data

To exercise any of these rights, contact us at [email protected] with the subject line Data Request and your Discord User ID. We’ll respond within 30 days.

Children’s Privacy

Discord’s Terms of Service require users to be at least 13 years old (or older in some jurisdictions). The bot is intended for use only by users who meet Discord’s age requirements. We do not knowingly collect data from children under 13. If we discover such data, we will delete it promptly.

Security

We implement reasonable technical and organizational measures to protect data, including encrypted connections (TLS), restricted database access, and regular updates to the bot’s underlying frameworks. However, no system is 100% secure, and we cannot guarantee absolute security.

Changes to This Policy

We may update this Privacy Policy occasionally. The “Last updated” date at the top reflects the most recent revision. Material changes will be announced in the support server.