Skip to main content
The canonical Privacy Policy lives at kovra.xyz/privacy. This page is a readable summary for developers + operators. In case of any discrepancy, the canonical page at kovra.xyz/privacy controls.

What we collect

From Discord (via the bot gateway):
  • Discord user IDs of server members + their joined/left timestamps.
  • Discord server (guild) metadata: name, icon, member count, role list, channel list.
  • Moderation events: ban / kick / mute / warn cases you record with Kovra.
  • Message content transiently — only for AutoMod rule evaluation (dropped within 60 seconds, never persisted).
  • Voice session timestamps for XP accrual.
From you (dashboard login):
  • Discord OAuth identity (user ID, username, avatar). No email, no phone.
  • Session cookie (HttpOnly + SameSite=Lax).
From LemonSqueezy (billing):
  • Subscription metadata: tier, status, period end. No card numbers, no addresses.

What we don’t collect

  • Private DMs (we have no access).
  • Message content at rest (we don’t read or store messages beyond AutoMod’s 60s window).
  • IP addresses of your server members.
  • Voice audio (we only see join/leave events, not the audio).

Why we collect it

  • Running the product — moderation cases, XP, tickets, logs all need persistence.
  • Security — audit log of who did what in the dashboard.
  • Billing — subscription status drives tier gates.
We do not sell or share your data with third parties for marketing. We do not use your data to train AI models.

How long we keep it

DataRetention
Message content60 seconds (transient AutoMod buffer)
Moderation cases7 days (Free) / 30 days (Premium) / indefinite (historical archive)
Audit log90 days minimum
Ticket transcriptsWhile the server is active
XP dataWhile the server is active
Session cookies30 days sliding window

Your rights (GDPR)

  • Access. Dashboard → Account → Export my data. Returns a ZIP with all data tied to your Discord ID.
  • Deletion. Dashboard → Account → Delete my account. Hard-deletes your user rows within 7 days. Data bound to a server (not to you as an individual) remains if other users contributed to it.
  • Rectification. Most data is derived from Discord. Fix it on Discord and it propagates within a sync cycle.
  • Portability. Export format is JSON + CSV, suitable for import into other tools.
Request outside the dashboard? Email yalmazimran@icloud.com.

Subprocessors

  • Hetzner (Germany) — hosting.
  • Cloudflare — CDN + DDoS protection for public-facing endpoints.
  • LemonSqueezy (Merchant of Record) — billing.
  • Resend — transactional email (receipts, deletion confirmations).
Full DPA available on request.

Questions

yalmazimran@icloud.com. Response within 72 hours on weekdays.