Privacy Policy

DuffyBot ("we", "our", "the Service") is an AI-powered Discord bot that provides automated support ticket handling. This policy explains what data we collect, how we use it, and what rights you have.

We respect your privacy and only collect what is necessary to make the Service work. We do not sell your data to third parties.

When you use DuffyBot, we collect the following data:

From Discord (via Discord API)

• Your Discord user ID, username, and avatar
• Server (guild) ID, name, and icon for servers where DuffyBot is installed
• Your role information within those servers
• Messages you send inside ticket channels created by DuffyBot

From the Dashboard

• Discord OAuth login data (user ID, username, email, avatar)
• Server configuration settings you create (knowledge base content, embed settings, etc.)

Automatically

• Ticket transcripts (messages within ticket channels)
• Usage analytics (ticket counts, resolution times, AI confidence scores)

• Ticket handling: Messages in ticket channels are processed by AI to generate responses from your knowledge base.
• Knowledge base: Content you provide (scraped websites, Discord channels, GitHub repositories, manual entries) is stored and used as context for AI responses for your server only. We do not use your content to train AI models.
• Transcripts: Ticket conversations are saved so server staff can review past tickets.
• Analytics: Aggregated ticket data is used to show dashboard statistics (resolution rates, response times, etc.).
• Authentication: Discord OAuth data is used to verify your identity and show you the correct servers.

We use the following third-party services to operate DuffyBot:

• Discord API: For bot functionality and OAuth authentication. When you interact with DuffyBot, data is exchanged with Discord's servers as part of normal bot operation (e.g., reading messages, creating channels, sending responses). This data is subject to Discord's Privacy Policy.
• Anthropic (Claude AI): Ticket messages and knowledge base content are sent to the Claude API to generate AI responses. Messages are processed according to Anthropic's Privacy Policy. Anthropic does not use API inputs to train their models.

We do not share your data with any other third parties, advertisers, or data brokers.

• All data is stored in a MySQL database on a dedicated server with encrypted connections.
• The server is access-controlled, protected by a firewall, and limited to essential ports only.
• Dashboard access requires Discord OAuth authentication.
• Server data is isolated. Each Discord server's data is separate and only accessible to authorized members of that server.
• In the event of a data breach, we will notify affected users and relevant authorities as required by applicable law.

• Ticket data: Ticket transcripts and messages are stored until manually deleted by server staff through the dashboard, or until the server removes DuffyBot.
• Knowledge base: Scraped content and manual entries are stored until manually deleted by server admins through the dashboard.
• Account data: Your Discord user data is stored as long as you have an active session. We do not store passwords (authentication is handled entirely by Discord OAuth).
• After bot removal: If a server owner removes DuffyBot, we will delete all data associated with that server within 30 days.

You have the right to:

• Access: Request a copy of the data we hold about you.
• Deletion: Request deletion of your personal data. Server owners can delete ticket data and knowledge base content directly from the dashboard. Individual users can request deletion of their personal data by contacting us through our Discord server.
• Portability: Request your data in a standard format.
• Withdraw consent: Stop using the Service at any time. Server owners can remove the bot, which stops all data collection for that server.

For GDPR (EU), CCPA (California), and other regional privacy law requests, contact us through our Discord server or any channel listed in the Contact section below. We will respond within 30 days.

DuffyBot is not intended for users under the age of 13 (or the minimum age required by Discord in your country). We do not knowingly collect data from children.

We may update this policy from time to time. Significant changes will be announced in our Discord server. The "last updated" date at the top of this page reflects the most recent revision.

If you have questions about this privacy policy or want to exercise your data rights, contact us through our Discord server.