legal
Privacy Policy
Last updated: 2026-05-28.
Who we are
head-mod is an AI-assisted Discord moderation service operated by Ayo Software & Design UG (haftungsbeschränkt), Anemonenweg 1, 47447 Moers-Kapellen, Germany. The data controller for the purposes of the GDPR is the UG, represented by managing director Paul Gößmann (see Imprint). Privacy contact: impressum@ayo-service.de.
Message content handling (Discord MESSAGE_CONTENT intent)
The most common question we get is: do you store and train on Discord message content? Short, plain answers:
- Yes, we store message content outside Discord — but only from channels the bot was invoked in: ticket channels, DM conversations, channels where a user opened a session by mentioning the bot. We do not scrape unrelated channels.
- No, message content is never used to train AI models. Our AI providers (Google Gemini, OpenAI, Anthropic) operate under their standard API terms, which contractually prohibit training on customer data. We do not run our own training pipelines.
- Content is sent to AI providers transiently for each call (intent classification, reasoning, embedding) and is not stored on the provider side beyond what their own policies describe.
- Where we do persist text — ticket transcripts, channel- session buffers (capped at 200 turns each), profile facts, audit events, knowledge-base entries — retention is documented in the "Retention" section below, and users can request erasure at any time.
What we process
When a server owner invites the head-mod bot, and when users interact with it, we process the following categories of data:
- Discord identifiers — user IDs, guild (server) IDs, channel IDs, role IDs, and message IDs. These are required to address the right channels and apply the right permissions.
- Message content — only messages the bot is invoked on (direct mentions, DMs, ticket channels, channels where an active session is open). The bot does not silently scrape unrelated channels.
- Profile facts — short text notes the AI saves about users when they ask it to remember something (name, pronouns, preferences). PII categories like passwords, government IDs, financial data, and health data are filtered out before storage.
- Moderation history — when the bot takes a moderation action (warn, timeout, kick, ban) or processes a ticket, we record the event with timestamp and actor for audit purposes.
- Usage metrics — anonymous AI-call counts, token totals, and cost-per-call so the dashboard can show usage against your plan.
- OAuth session — when an administrator signs in to the dashboard via Discord OAuth, we store an encrypted session cookie. No third-party tracking cookies are set.
Lawful basis (Art. 6 GDPR)
- Performance of a contract (Art. 6(1)(b)) — processing required to run the moderation, tickets, knowledge-base, and dashboard features the server owner opted into.
- Legitimate interest (Art. 6(1)(f)) — audit logging, cost metering, and basic abuse prevention.
- Consent (Art. 6(1)(a)) — for the explicit "remember about user" feature, which only fires when a user asks the bot to remember something.
Sub-processors
We use the following processors to deliver the service. Each has its own privacy policy; we contract with them on standard GDPR-compliant terms.
| Processor | Purpose | Region |
|---|---|---|
| Discord Inc. | Source platform; OAuth sign-in | USA |
| Cloudflare, Inc. | Hosting, Workers, Durable Objects, Vectorize, D1, R2 | EU edge |
| Google LLC | AI reasoning + intent classification (Gemini) | USA / EU |
| OpenAI, L.L.C. | Content moderation pre-filter; text embeddings | USA |
| Anthropic PBC | Optional reasoning provider (currently disabled by default) | USA |
| Stripe Payments Europe Ltd. | Subscription billing (only when a paid plan is purchased) | Ireland |
Transfers to processors outside the EEA rely on the European Commission's Standard Contractual Clauses (SCCs) and, where available, the EU–US Data Privacy Framework. Message content sent to AI providers is processed transiently for the duration of the call and is not used to train provider models, per the providers' enterprise terms.
Retention
- Profile facts and audit-event history are retained for the lifetime of the bot's presence in the server. They are removed when the bot is kicked, when a user requests erasure, or when the owner clears the data from the dashboard.
- Ticket transcripts are retained as configured per category (default: kept while the ticket exists; deleted when the ticket is deleted).
- Usage-event records (for billing accuracy and abuse investigation) are retained for 13 months and then anonymised.
- Session cookies expire at logout or after 30 days of inactivity, whichever comes first.
Your rights (Art. 12-22 GDPR)
You have the right to access, correct, delete, restrict, port, or object to the processing of your personal data. To exercise any of these rights, email impressum@ayo-service.de from the address associated with your Discord account, or send a Discord DM to the head-mod bot mentioning the right you wish to exercise. You also have the right to lodge a complaint with your local data-protection authority.
Cookies
head-mod uses only strictly-necessary cookies — an encrypted OAuth session cookie used for dashboard sign-in. No analytics, advertising, or third-party tracking cookies are set, so no cookie banner is shown. We may add an opt-in analytics cookie in the future; if so, this section will be updated and a banner will be added BEFORE such cookies are set.
Updates to this policy
We may update this policy as the service evolves. Material changes will be communicated by updating the "Last updated" date at the top, and where appropriate, via a notice in the dashboard.