This Privacy Policy explains how Zoe ("we", "us", "our") collects, uses, stores, and protects your information when you use our Discord bot service.

1. Information We Collect

1.1 Automatically Collected Information

Data Type	Purpose	Retention
Discord User ID	Identify users and link data	Until account deletion
Discord Username	Display purposes	Until account deletion
Server ID	Server-specific settings	Until bot removed
Message Content	AI conversation processing	20 most recent messages
Timestamps	Rate limiting and analytics	Until account deletion

1.2 User-Provided Information

• Personality Traits: The 3 traits you select during onboarding
• Pronouns: Your pronoun preference (he/him, she/her, they/them, or prefer not to say)
• Content Preference: Your choice of NSFW or SFW mode
• Custom Scenarios: Any custom roleplay scenarios you create (Premium)
• Relationship Settings: Your chosen relationship type with the bot (Premium)

1.3 Payment Information

• Payment information is processed by Stripe (we never see your card details)
• We store: Stripe Customer ID, Subscription ID, subscription status
• We do NOT store: Credit card numbers, CVV, or banking information

2. How We Use Your Information

2.1 Service Provision

• AI Conversations: Process messages through OpenAI to generate responses
• Personalization: Use traits and pronouns to customize interactions
• Memory: Store conversation history based on configured memory mode
• Rate Limiting: Track message counts to enforce limits

2.2 Service Improvement

• Analyze usage patterns (anonymized)
• Improve AI responses
• Develop new features
• Fix bugs and issues

2.3 Communication

• Send service updates (if DMs enabled)
• Respond to support requests
• Send important announcements

3. Data Sharing and Third Parties

3.1 Third-Party Services

We share data with the following services to provide our features:

Service	Data Shared	Purpose
OpenAI	Message content, conversation history	Generate AI responses
Stripe	Email (optional), Discord ID	Process payments
ElevenLabs	Text content for TTS	Generate voice notes (Premium)
Top.gg	Bot statistics, vote data	Bot listing and voting
MongoDB	All user data	Database hosting

3.2 We Do NOT

3.3 Legal Requirements

We may disclose your information if required by law or to:

• Comply with legal obligations or court orders
• Protect our rights or property
• Prevent fraud or abuse
• Protect user safety

4. Data Storage and Security

4.1 Where We Store Data

• Database: MongoDB (encrypted at rest)
• Location: [Your server location or cloud provider]
• Backups: Regular encrypted backups

4.2 Security Measures

• 🔐 Encrypted database connections
• 🔐 Secure API key management
• 🔐 HTTPS for all web endpoints
• 🔐 Regular security audits
• 🔐 Access controls and authentication

5. Data Retention

Data Type	Retention Period
Conversation History	Last 20 messages only (rolling)
User Profile Data	Until account deletion request
Premium Subscription Data	Until subscription ends + 30 days
Server Settings	Until bot is removed from server
Usage Analytics	Anonymized, kept for 90 days
Logs	30 days

6. Your Rights and Choices

6.1 Access and Control

You have the right to:

• Access: View your stored data using z!profile
• Modify: Change your settings using z!settings
• Delete: Clear your conversation history using z!clear
• Export: Request a copy of your data (contact support)
• Delete Account: Request full account deletion (contact support)

6.2 DM Preferences

• Control whether the bot can send you DMs using z!toggledm
• You can disable proactive DMs at any time
• Important service announcements may still be sent

6.3 Data Deletion

To delete your data:

• Conversation History: Use z!clear command
• Complete Account: Contact support with your Discord ID
• Processing Time: Within 30 days of request
• Note: Some data may be retained for legal/billing purposes

7. Children's Privacy

8. OpenAI Data Processing

8.1 How OpenAI Processes Your Data

• Message content is sent to OpenAI's API to generate responses
• OpenAI may use data to improve their models (subject to their policies)
• OpenAI retains data for 30 days then deletes it
• OpenAI's privacy policy: openai.com/privacy

8.2 Content Moderation

• OpenAI may filter certain content based on their usage policies
• Even in NSFW mode, some content may be restricted by OpenAI
• We have no control over OpenAI's content filtering

9. Cookies and Tracking

We do NOT use cookies or tracking technologies in the Discord bot.

Our website (if applicable) may use:

• Session cookies for authentication
• Analytics cookies (Google Analytics, etc.)
• You can control cookies through your browser settings

10. International Users

Zoe is operated from [Your Location]. If you access the service from outside this region:

• Your data may be transferred to and processed in [Your Location]
• By using the service, you consent to this transfer
• We comply with applicable international data protection laws

11. GDPR Compliance (EU Users)

11.1 Legal Basis for Processing

• Contract Performance: To provide the service you requested
• Legitimate Interest: To improve and secure our service
• Consent: For optional features like DMs and NSFW mode

11.2 Your GDPR Rights

• Right to Access: Request a copy of your data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion of your data
• Right to Restriction: Limit how we process your data
• Right to Portability: Receive your data in a structured format
• Right to Object: Object to certain types of processing

To exercise these rights, contact us at: privacy@yourdomain.com

12. California Privacy Rights (CCPA)

California residents have additional rights:

• Right to Know: What personal information we collect
• Right to Delete: Request deletion of your information
• Right to Opt-Out: Opt-out of data "sales" (we don't sell data)
• Non-Discrimination: We won't discriminate for exercising rights

13. Data Breach Notification

In the event of a data breach that affects your personal information:

• We will notify affected users within 72 hours
• Notification will include the nature of the breach and steps taken
• We will report to relevant authorities as required by law

14. Third-Party Links

The bot may contain links to third-party websites (top.gg, Stripe, etc.). We are not responsible for the privacy practices of these sites. Please review their privacy policies separately.

15. Changes to This Policy

• We may update this Privacy Policy from time to time
• Material changes will be announced in our support server
• Continued use after changes constitutes acceptance
• Policy version and date are listed at the top

16. Your Consent

17. Data Controller Information

The data controller responsible for your information is:

18. Contact Us

For any questions about this Privacy Policy or our data practices:

19. Specific Feature Data Handling

19.1 Voice Notes (Premium)

• Text is sent to ElevenLabs for voice generation
• Audio files are stored temporarily (5 seconds) then deleted
• ElevenLabs may retain data per their privacy policy

19.2 Voting System

• Vote data is received from top.gg webhooks
• We store: vote timestamp and count
• Top.gg has their own privacy policy

19.3 Server Data

• Server settings are tied to server ID, not specific users
• When bot is removed from a server, server data is retained for 30 days then deleted
• Server admins can clear server history using z!serverclear

20. Data Minimization

We practice data minimization:

• Only collect data necessary for service provision
• Limit conversation history to 20 messages
• Regularly purge old logs and temporary files
• Don't collect unnecessary personal information