Referral Monster — Privacy Policy

Effective date: 2025-09-09

This Privacy Policy explains how Referral Monster Discord Bot (the "Bot") processes information when operating in your Discord server. The Bot scans messages for URLs, resolves short links, and posts patched links using server-configured referral codes. By inviting or using the Bot, you agree to this Policy.

If you are a server owner or administrator, you are responsible for ensuring your server’s use of the Bot complies with applicable laws and Discord’s policies.

Data Controller

The Bot is operated by:

Bitmix by BM
VAT ID: IT12934340964
REA: LO2693207
Email: hello@bitmix.eu

For any questions about this Policy or to exercise your rights, please contact us at the above email.

Summary

Processes message content strictly to detect and patch links.
Stores only server configuration (e.g., affiliate codes, behavior/captions) and guild IDs in a local database.
Does not persist message content or attachments.
May log minimal technical data for operations and troubleshooting; logs avoid message content.
Exposes aggregate, non-personal metrics; Sentry.io error reporting can be enabled by the operator.
You can remove the Bot at any time; server admins can request deletion of server configuration data.

What We Process

The Bot has the Message Content Intent and required permissions in a server, it receives standard Discord gateway events. In particular, for messages it may process:

Message content and extracted URLs (processed in memory only, not stored)
Message, channel, and guild identifiers
Author/user identifier and basic message metadata (timestamps)
Attachments and embeds are ignored for storage; URLs within embeds may be parsed in memory

What We Store

The Bot uses a local database to store only server-level settings:

Guild (server) ID
Per-site referral/affiliate codes configured by server admins
Behavior and caption settings for replies/reposts

The Bot does not store message content, message history, attachments, or per-user profiles.

Purposes and Legal Bases

We process data for the following purposes under GDPR:

Provide core functionality (detect, resolve, patch links) – based on legitimate interest of server admins and users.
Store server configuration (affiliate codes, behavior settings) – based on contractual necessity with the server admins who configure the Bot.
Maintain reliability, security, and abuse prevention (logs, metrics) – based on legitimate interest.
Compliance with legal obligations, where applicable.

Metrics, Logs, and Error Reporting

Grafana Cloud: aggregate counters/gauges (e.g., messages seen, patched, guild count). These contain no personal data. Review Grafana Cloud's Privacy Policy for details.
Logs: Runtime logs include technical events and errors. Logs avoid message content; limited identifiers (e.g., guild ID, error details) may appear. Logs are rotated automatically and retained no longer than necessary (up to 30 days).
Sentry: minimal error data (stack traces, metadata) may be sent to Sentry.io. Message content is excluded. Review Sentry.io’s Privacy Policy for details.

Data Sharing and Recipients

Discord: All message events originate from Discord APIs and are subject to Discord’s terms and privacy policy.
Service providers: Hosting, logging, and monitoring services used by the operator may process operational data.

Retention

Server configuration data: Retained until the server admins reset or request deletion, or until the Bot is removed.
Logs and error data: Retained per operator’s rotation settings, not longer than 30 days.
Message content: Never persisted.

Children’s Privacy

The Bot is a utility for Discord servers and is not directed to children. We do not knowingly collect personal data from anyone under 16 years of age (or the lower age provided by local law, but never under 13).

International Transfers

The Bot and all related services are hosted and operated entirely within the European Union. Operational data (such as configuration, logs, and metrics) is processed exclusively on EU servers, including monitoring and error-tracking providers configured in EU data centers. We do not transfer personal data outside the EU/EEA.

Your Rights

Under the GDPR, you may have the right to:

Access the personal data we hold about you.
Request correction or deletion of your data.
Restrict or object to processing.
Request data portability.
Lodge a complaint with a supervisory authority (in Italy: Garante per la Protezione dei Dati Personali).

Requests should include your Discord User ID and/or Guild ID to help us identify relevant data.

Cookies

This website uses only technical cookies necessary for its operation. We do not use tracking, analytics, or profiling cookies.

Security

We implement technical measures consistent with typical Discord bot operations, including minimizing stored data, avoiding message content in logs, and securing database access.

Contact

For questions or data requests (including deletion of a server’s configuration), contact the Bot operator at hello@bitmix.eu.
Please include relevant IDs (Discord User ID and/or Guild ID) and proof of server administration when requesting configuration deletion.

Changes to This Policy

We may update this Policy to reflect changes in functionality, operations, or legal requirements. Material changes will be indicated by updating the effective date. Continued use of the Bot after changes indicates acceptance of the updated Policy.