Privacy notice.

"Keta bot" refers to the Discord bot account Keta#6719 and its operations console at bot.keta.lol. The bot is operated by the same team as keta.lol, but the two services use separate accounts, separate databases, and separate retention rules. Nothing on bot.keta.lol is shared with keta.lol or vice-versa.

The minimum required to run the configured features. Concretely:

• Per-server configuration: which modules are enabled, channel IDs you pick, role IDs, the message templates you write. Stored against a Discord guild_id.
• Levelling totals: guild_id,user_id, current XP and level. Only filled in when the levelling module is on for that server.
• Warnings: when a moderator runs /warnwe record the user, the moderator, the reason and a timestamp.
• Reaction-role pairings: channel ID, message ID, emoji and role ID per pairing.
• Custom command text: the name and response you configure, plus the user ID who created it.
• OAuth session: when you sign in to the dashboard we issue a signed cookie that contains your Discord user ID, username, avatar hash, and the Discord access / refresh tokens. The cookie is HttpOnly, Secure, SameSite=Lax and expires after 30 days.
• Verification log: when you verify on a server we record your user ID, the verification method (button or oauth), and the timestamp. That is the entire row. We never log IP addresses, email addresses, browser fingerprints, or device information for verified members.
• Member-backup tokens (only if you opted into OAuth verification on a server that uses it): an AES-256-GCM encrypted copy of your Discord access token + refresh token, scoped to that one server. The encryption key lives in our server environment, not in the database, so a database leak alone cannot reveal the tokens. We use these tokens only to re-add you to that same server if it gets nuked and an administrator runs the recovery command. Tokens are deleted when you leave the server, when the bot is removed, or when you revoke the bot in your Discord User Settings → Authorized Apps.

We do not store: message content (we never read, log or persist message bodies outside the auto-mod path described below), email addresses, IP addresses beyond standard short-lived web-server logs, or anything we're not explicitly told to.

When the auto-moderation module is enabled the bot inspects message content in real time to decide whether to delete or escalate. The message text itself is not persisted - the bot reads it, makes a decision, and discards it. Where a moderation action is taken (e.g. a delete, a timeout) the corresponding mod-log embed contains the offending content if the server has configured a mod-log channel; that embed is retained in Discord, not in our database.

• To deliver the features your server explicitly enabled.
• To authenticate you into the dashboard so we can show you the servers you manage rather than every server.
• To meet operational requirements (rate-limiting, abuse-prevention, error-tracing).

We do not profile, sell, share, or otherwise hand off user data to third parties. We do not run ads.

Persistent data is held on servers we operate inside the European Union. Traffic to the dashboard is encrypted end-to-end via TLS. We use a standard CDN in front of the dashboard for DDoS and abuse protection; that CDN is configured so per-user API responses are not cached or stored.

We do not share, rent, sell, or expose the data to third parties. We do not run analytics, advertising, or tracking scripts on any page of bot.keta.lol.

• Configuration, levels, warnings and reaction-role rows persist until the server removes the bot or you remove the entry.
• When the bot leaves a server (kick, ban, or you remove it) we keep the configuration for 30 days in case the same server re-adds the bot, then delete it.
• OAuth session cookies expire after 30 days regardless of activity.

If you are in the EU/EEA the GDPR gives you the right to access, correct, export and erase the data we hold about you. To exercise any of these rights, send a Discord DM to __joschi__or open a ticket on discord.gg/CVjCwwdVF3. We respond within 30 days.

The fastest way to delete most data is from inside Discord: remove the bot from your server (config goes), or ask a moderator to /clearwarns your record.

The dashboard uses one strictly-necessary cookie -kp_session - to keep you signed in. It is HttpOnly, Secure, and bound to bot.keta.lol. We do not run analytics, ad, or third-party tracking cookies. There is no consent banner because there is no consent decision to make.

Discord's Terms of Service require users to be at least 13 years old (or higher in some jurisdictions). If you are below that age, do not use Keta bot. We do not knowingly collect data from children below the relevant age threshold.

When we materially change what we collect or how, we will update the "Last updated" date at the top and post the change in our support server before the change takes effect.

Discord: __joschi__ · Support server: discord.gg/CVjCwwdVF3