Privacy Policy

Effective Date: March 1, 2026

1. Introduction

Legacy Bot ("Service", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information when you use our AI-powered Discord ticket support platform.

2. Data We Collect

2.1 Discord Profile Data

When you sign in via Discord OAuth, we collect your Discord user ID, username, display name, email address, and avatar URL. This data is used to create and manage your account.

2.2 Ticket Content

We store the content of support ticket conversations between users and the AI bot, including messages sent by Discord users and AI-generated responses. This data is used to provide the support service, train the learning system (when enabled), and generate analytics.

2.3 Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other sensitive payment information on our servers. We retain your Stripe customer ID and subscription status for billing management.

2.4 Organization Data

We store organization configuration data including bot settings, knowledge base entries, learned solutions, ticket types, branding preferences, and analytics events.

2.5 Usage Data

We collect AI token usage counts, ticket statistics, and feature usage metrics to operate the Service and enforce plan limits.

3. How We Use Your Data

  • Service Operation: To authenticate you, manage your organization, operate the AI support bot, and deliver the Service.
  • AI Responses: Ticket content and knowledge base data are sent to our AI provider to generate support responses.
  • Learning System: When enabled, resolved ticket data is used to create learned solutions that improve future AI responses within your organization only.
  • Analytics: To provide you with dashboard analytics including resolution rates, satisfaction scores, and usage metrics.
  • Billing: To manage subscriptions, process payments, and enforce usage limits.
  • Communication: To send transactional emails such as billing receipts, trial expiration notices, and critical service updates.

4. Data Storage and Security

We take the security of your data seriously:

  • Sensitive data such as Discord bot tokens is encrypted at rest using AES-256-GCM encryption.
  • All data is transmitted over HTTPS/TLS encrypted connections.
  • Database access is restricted and authenticated.
  • We use session-based authentication with secure, HTTP-only cookies.
  • Regular security reviews are conducted to identify and address vulnerabilities.

5. Third-Party Services

We share data with the following third-party services as necessary to operate the platform:

  • Discord — OAuth authentication and bot integration. Subject to the Discord Privacy Policy.
  • Stripe — Payment processing and subscription management. Subject to the Stripe Privacy Policy.
  • Anthropic — AI model provider (Claude) used to generate ticket responses. Ticket content and knowledge base data are sent to Anthropic for processing. Subject to the Anthropic Privacy Policy.
  • Resend — Transactional email delivery for billing receipts and service notifications. Subject to the Resend Privacy Policy.

We do not sell your data to third parties. Data is shared only as described above and as necessary to provide the Service.

6. GDPR Compliance (European Users)

6.1 Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract: Processing necessary to provide the Service you have subscribed to.
  • Legitimate Interest: Analytics and service improvement, provided these do not override your rights.
  • Consent: Where explicitly obtained, such as for optional features like the learning system.

6.2 Your Rights

If you are in the European Economic Area (EEA), you have the following rights:

  • Right of Access: You can request a copy of all personal data we hold about you. Use the "Export Data" feature in your dashboard settings.
  • Right to Erasure: You can request deletion of your personal data. Use the "Delete Account" feature in your dashboard settings or contact us.
  • Right to Portability: You can export your data in a machine-readable JSON format.
  • Right to Rectification: You can update your information through your Discord profile (which syncs on login) or contact us to correct inaccurate data.
  • Right to Restrict Processing: You can request that we limit how we process your data in certain circumstances.
  • Right to Object: You can object to processing based on legitimate interest.

6.3 Data Deletion Timeline

Upon receiving a deletion request, all personal data will be permanently removed within 30 days. This includes your user profile, organization data, ticket history, and all associated records.

6.4 Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users and relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by GDPR Article 33.

7. Cookies

We use only essential session cookies required to keep you logged in and maintain your session state. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

Specifically, we use:

  • Session Token Cookie: An HTTP-only, secure cookie that stores your authentication session. This cookie is essential for the Service to function and cannot be disabled.

Because we only use essential cookies that are strictly necessary for the Service to operate, consent is not required under GDPR Article 5(3). However, we provide a cookie notice for transparency.

8. Children's Privacy

Legacy Bot is not directed to children under the age of 13 (or the minimum age required by Discord in your jurisdiction). We do not knowingly collect personal information from children. If we discover that we have collected data from a child without appropriate parental consent, we will delete that data promptly. If you believe a child has provided us with personal information, please contact us immediately.

9. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. After account termination, data is retained for 30 days to allow for export, after which it is permanently deleted. Billing records may be retained longer as required by applicable tax and financial regulations.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Service at least 30 days before they take effect. The "Effective Date" at the top of this page indicates when the policy was last revised.

11. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us through our Discord support server or via the contact methods listed on our website.

View our Terms of Service