Privacy Policy

kesarAI (the “Bot”) is operated as an individual project. The operator acts as the data controller for the purposes of the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP).

Contact the operator through the kesarAI support server for privacy questions, data-subject requests, and security reports.

kesarAI processes only the information required to run the feature you invoke.

Collected automatically

• Guild metadata— numeric guild, channel, and role IDs (and their names) so configuration can be displayed and applied.
• User identifiers— numeric Discord user IDs for permission checks, per-user rate limits, and audit-trail attribution.
• Command invocations— the slash command used, the channel it was used in, and the timestamp.

Collected only when relevant

• Message content is read on demand for features such as /summarise, /fallacy, and /modadvice. It is forwarded to the AI backend for that single request and is not retained afterwards, except where audit logging is explicitly enabled.
• Audit events— moderation actions, member events, and AI usage are written to audit.db when the corresponding category is enabled for your guild.

Under GDPR Article 6 and the equivalent provisions of the Swiss FADP, we rely on the following legal bases:

• Legitimate interest— running moderation tooling, preventing abuse of the AI surface, and enforcing per-user and per-guild rate limits.
• Performance of the service— storing the configuration you create, routing your commands, and returning their results.
• Consent— sending message content to the AI backend when you voluntarily invoke an AI command on a message or channel. You can decline by not invoking the command.

Persistent data lives in SQLite databases on the operator’s hosting infrastructure:

• config.db— guild configuration: channel mappings, role grants, feature toggles.
• audit.db— audit-trail events, subject to the retention policy set per guild.

Audit logs are retained indefinitely by default. Server administrators can configure a per-guild retention period using /logs retention <days>, after which older entries are removed by a daily purge task. Configuration data persists for as long as the Bot is in your guild, plus a short grace period after removal.

Discord API

All bot activity flows through the official Discord API. Discord’s own Privacy Policy governs how Discord handles message data, identifiers, and server membership.

Google Vertex AI

AI-assisted commands send prompts — which may include message content scoped to the request — to Google Vertex AI, the enterprise Gemini surface on Google Cloud. We deliberately use Vertex rather than the consumer Gemini API because of its stronger data-handling guarantees: per Google’s Vertex AI data governance policy, customer prompts and responses are not used to train, fine-tune, or otherwise develop Google’s foundation models, and they are processed under the Cloud Data Processing Addendum (CDPA) as “customer data,” not as input to Google’s own services.

Even with these protections, do not share through AI commands anything you would not be comfortable sending to a third-party service provider.

Vertex AI processes prompts on Google Cloud infrastructure that may be located outside Switzerland and the European Economic Area. Transfers to such locations are governed by Google’s Cloud Data Processing Addendum and the Standard Contractual Clauses incorporated by it. By using AI commands you accept that the content of those prompts is transferred under that framework.

Traffic between the Bot and both Discord and Google Gemini is encrypted in transit using TLS. The SQLite databases live on the operator’s hosting infrastructure with restricted filesystem access; no Discord or Google credentials are written to the audit trail. No security measure is perfect; in the event of a breach that materially affects your data we will notify affected administrators through the support server.

Subject to applicable law, you have the right to access, correct, export, delete, or restrict the processing of personal data we hold about you, and to object to processing or withdraw consent.

To exercise these rights, contact us through the support server with enough information to identify the relevant Discord user ID and guild ID. Server administrators can clear audit logs and configuration for their own guild using the Bot’s built-in controls; end users who wish to be removed from a guild’s audit history should also contact that guild’s administrators.

You have the right to lodge a complaint with a supervisory authority. Residents of Switzerland may contact the Federal Data Protection and Information Commissioner (FDPIC); residents of the EU/EEA may contact their local data-protection authority.

We do not sell, rent, or trade personal data. We do not use it to train external AI models, and we do not build cross-server profiles of individual Discord users.

The Bot operates on Discord, which requires users to be at least 13 years old (or the higher minimum age specified in their jurisdiction). We do not knowingly collect data from users below that age. If you believe a minor has interacted with the Bot in a way that requires intervention, contact us so we can act.

The Bot itself does not set cookies — it operates entirely within Discord. This marketing website may use a minimal set of first-party analytics to understand aggregate traffic. We do not run third-party advertising trackers.

We may revise this Privacy Policy from time to time. When we do, the “Last updated” date at the top of this page changes, and material revisions are announced through the support server.

For privacy questions, data-subject requests, and security reports, reach out via the kesarAI support server.