PRIVACY POLICY

Project Automod
Effective Date: March 7, 2026
Document Version: 1.0.0

Overview

Project Automod is a Discord moderation bot operating as an experimental service. This policy describes what data is collected during bot operation, how it is stored, and how it is used. This document is based on the actual implementation as of the effective date.

All statements in this policy reflect what the system currently does. Features described as "planned" or "intended" are explicitly marked as not implemented.

What We Collect

User Data

Discord Identity:

• User ID (numeric identifier from Discord)
• Username (display name from Discord)
• Discriminator (when applicable)
• User flags (developer, staff, premium, blacklisted, global banned)

User Preferences:

• Language setting
• Timezone setting
• Notification preferences (DM, mentions, warnings)
• Privacy settings (profile visibility, stats visibility, history visibility)
• Custom command preferences
• Embed color preferences

User Statistics:

• Commands used (count)
• Messages scanned by automod (count)
• XP total and level (when XP system is enabled in guild)
• Total offenses (cross-guild aggregate)
• Total warnings, bans, kicks (cross-guild aggregate)
• Guilds joined count
• Reports received and issued count

Cross-Guild Tracking:

• Offense count by guild
• Ban count by guild
• Trust score (numeric value calculated from behavior)

Activity Metadata:

• Last seen timestamp
• Last guild interacted in
• Last action performed

Offense Records (Per-User, Per-Guild):

• Offense timestamp
• Guild ID where offense occurred
• Category of offense (e.g., "slurs", "spam", "harassment")
• Severity level assigned
• Detected words or patterns
• Message content snapshot (if message triggered automod)
• Moderator ID (if manually issued)

Guild Data

Guild Identity:

• Guild ID (numeric identifier from Discord)
• Guild name
• Owner ID
• Bot join timestamp
• User who invited the bot
• Setup completion timestamp
• User who completed setup

Guild Current State:

• Owner ID (current)
• Guild name (current)
• Member count
• Icon hash
• Banner hash
• Discord features array (e.g., "COMMUNITY", "VERIFIED")
• Premium tier
• Verification level
• Last update timestamp

Guild History:

• Change events tracking owner changes, name changes, icon changes, etc.
• Each entry contains: timestamp, field changed, old value, new value
• Keeps last 100 change events

Guild Configuration:

• Bot command prefix
• Language and timezone
• Automod settings (enabled status, banned word lists, action thresholds)
• Verification settings (enabled, channel ID, role ID, mode)
• Logging settings (enabled, channel ID, event types)
• Anti-raid settings (enabled, mode, thresholds)
• Anti-nuke settings (enabled, whitelist, protections)
• Member gate settings (enabled, mode, requirements)

Guild Feature Flags:

• Premium status
• XP system enabled
• Applications enabled
• Surveys enabled
• Vault enabled

Guild Statistics:

• Offense count
• Verification failures
• Audit events count
• Commands executed count
• Messages scanned count
• Members joined/left count
• Bans/kicks/warns issued count

Guild Premium Status:

• Active/inactive status
• Tier level
• Premium features enabled
• Card ID used to activate premium
• Activation timestamp
• Expiration timestamp
• Auto-renew setting
• Usage metrics (AI requests, tokens used, storage used)

Moderation Data

Moderation Actions (Per-Guild):

• Ban records: target user ID, moderator ID, timestamp, case ID, reason, silent flag
• Kick records: target user ID, moderator ID, timestamp, case ID, reason
• Mute records: target user ID, moderator ID, timestamp, duration, reason
• Warn records: target user ID, moderator ID, timestamp, reason, warning count
• Timeout records: target user ID, moderator ID, timestamp, duration, reason
• Unban records: target user ID, moderator ID, timestamp, reason
• Unmute records: target user ID, moderator ID, timestamp, reason

Global Ban System:

• Global incidents: case ID, accused user ID, reporting guild ID, reporting user ID, category, summary, evidence URLs, review status, grace period end date, escalation level
• Global bans: user ID, case ID(s), ban date, categories, enforcement date, trust impact, appeal status
• Global guild bans: guild ID, category, ban date, description, evidence
• Appeal records: case ID, user ID, appeal text, timestamp, status, reviewer notes

Message Automod:

• Detection signals: category, confidence level, detected words/patterns, explanation
• Severity scores: base severity, escalation factors, final score
• Enforcement actions: message deletion, user warning, user mute, user ban
• Guild-specific word lists
• Global word category packs

Media Moderation:

• Perceptual hashes of flagged images
• Image category (scam, phishing, malicious, NSFW)
• Report metadata (guild ID, user ID, timestamp)
• Escalation level

AI Data (EatherAI)

AI Interaction Logs:

• User ID
• User tag (username#discriminator)
• Timestamp of request
• User message content (the question/prompt sent to AI)
• AI response content (the answer generated)
• Model used (e.g., "gpt-4o")
• Prompt tokens consumed
• Completion tokens consumed
• Total tokens consumed
• Estimated cost in USD
• Premium status at time of request
• Query types used (e.g., "guild_config", "user_lookup")

AI Memory Store:

• User ID
• Short-term context (recent conversation snippets for continuity)
• User preferences (conversation style, topics discussed)
• Session metadata
• Stored for active conversation only; cleared after inactivity

AI Usage Ledger:

• Per-user rate limits (timestamps of recent requests)
• Daily token budget tracking (global limit)
• Cost tracking per user
• Premium vs standard usage breakdown

AI Superuser List:

• User IDs with elevated AI access (rate limit exemptions)
• Loaded from environment variable

OAuth & Website Data

Status: Not found in implementation.

Dashboard files exist but OAuth routes, session handling, and authentication middleware were not found during code review.

Analytics Data

Guild-Level Analytics:

• Command execution frequency
• Message scanning volume
• Offense patterns over time
• Feature usage metrics
• Member gate analytics (accept/deny rates, reasons)
• Survey response aggregates (anonymous)

Project-Level Analytics:

• Total guilds using bot
• Total users interacting with bot
• Total commands executed (global)
• Total messages scanned (global)
• Total bans issued (global)
• Total offenses detected (global)
• Bot uptime metrics
• Error rate tracking
• Rate limit hit tracking
• Memory and CPU usage tracking

Premium Analytics:

• Active premium cards count
• Active premium guilds count
• Active premium users count
• Total AI requests by premium users
• Total tokens consumed by premium users
• Total estimated cost
• Card issuance/expiration/revocation counts
• Conversion and retention rates

XP System (When Enabled):

• Per-user XP totals and levels (per-guild)
• XP cooldown timestamps
• Leaderboard rankings

How Data Is Collected

Automatic Collection

Bot Events:

• Guild join/leave events
• Guild update events (name change, owner change, etc.)
• Member join/leave events
• Message create events (for automod scanning)
• Message delete events
• Channel create/delete events
• Role create/delete/update events
• Member update events
• Interaction create events (slash commands, buttons, modals)

Moderation Commands:

• When moderators execute /ban, /kick, /warn, /mute, /timeout commands
• Target user, moderator, reason, and timestamp are logged

Automod Triggers:

• When message content matches banned word lists or patterns
• Message content, detected words, user ID, channel ID, and timestamp are logged

AI Interactions:

• When users send direct messages to EatherAI
• Full message content and AI response are logged
• Token usage and cost are tracked

User-Initiated Collection

Setup Commands:

• When guild administrators run /setup command
• Configuration choices are stored

Application Submissions:

• When users submit applications via /apply command
• Submission data (responses to questions) is stored with case ID

Survey Responses:

• When users respond to surveys
• Responses are stored with survey ID and user ID
• Individual responses are linked to user accounts

Premium Card Activation:

• When users activate premium cards with /premium activate
• Card ID, user ID, guild ID, activation timestamp are stored

Vault Interactions:

• When users store data in vault via /vault store
• Encrypted data and metadata are stored

XP System:

• When users send messages in guilds with XP enabled
• XP gain timestamps and amounts are recorded

How Data Is Stored

Main Database

Location: database/ directory on filesystem

Structure:

database/
├── guilds/{guild_id}/
│   ├── data.json            # Guild identity and history
│   ├── config.json          # Guild configuration
│   ├── metadata.json        # Guild statistics
│   ├── premium.json         # Premium status
│   ├── audit_logs/          # Daily audit logs
│   ├── anti_raid/           # Anti-raid configuration
│   ├── msgautomod/          # Automod offense logs
│   ├── applications/        # Application configs
│   ├── application_submissions/ # User submissions
│   ├── xp/                  # XP data
│   └── msgoffenses/         # Message offense records
├── users/{user_id}/
│   ├── profile.json         # User profile and settings
│   ├── metadata.json        # Cross-guild data and stats
│   ├── premium.json         # Premium status
│   ├── offenses/            # Per-guild offense records
│   └── xp/                  # Per-guild XP data
└── project/
    ├── config.json          # Project configuration
    ├── metadata.json        # Global statistics
    ├── premium-metrics.json # Premium analytics
    ├── staff.json           # Staff and developer IDs
    ├── health.json          # System health status
    ├── audit_logs/          # Project-wide audit logs
    ├── eatherai/            # AI memory, history, ledger
    ├── global_ban/          # Global ban system data
    ├── anti_raid/           # Global raid event history
    ├── msgautomod/          # Global word category packs
    ├── cards/               #Premium card data
    ├── surveys/             # Survey definitions and responses
    ├── vault/               # Vault mappings and status
    └── membergate/          # Member gate queue and analytics

Format: JSON files
Access: Filesystem I/O
Retention: Data persists until explicitly deleted or erased

Master Integrity Ledger

Purpose: Append-only, immutable audit trail

Location: database/projectautomod/master/ directory

Function:

• Every write operation to main database also appends an entry to master ledger
• Entries are NEVER physically deleted
• Erased entries are marked with erased: true flag but remain in ledger
• Each entry includes checksum for integrity verification

Entry Structure:

• Entry ID (timestamp + randomhex)
• Entity type (guild, user, transaction, audit)
• Entity ID
• Action (create, update, delete, erase)
• Data payload (copy of what was written)
• Timestamp
• Checksum (SHA256)
• Erasure metadata (erased flag, reason, timestamp, erased by user ID)

Subdirectories:

• guilds/ - Guild-related ledger entries
• users/ - User-related ledger entries
• logs/ - Audit log entries
• snapshots/ - Periodic data snapshots

Buffer System:

• Log entries are buffered in memory (100 entries max)
• Buffer is flushed every 30 seconds or when full
• Reduces filesystem write frequency

Data Retention

Audit Logs:

• Daily audit logs keep last 1000 entries per file
• Older entries are trimmed automatically
• Master ledger retains all entries permanently (marked as erased if deleted)

Offense Records:

• Retained indefinitely in operational database
• Linked to user account and guild
• Never automatically deleted

AI Interaction Logs:

• Usage ledger keeps last 10,000 records
• Older records are trimmed automatically
• Individual interaction logs are kept indefinitely

Global Ban System:

• Incidents, bans, appeals retained indefinitely
• Grace period data retained until enforcement or appeal resolution

Guild Data:

• Guild configuration and history retained while bot is in guild
• After bot leaves guild, data is soft-deleted (marked as deleted, not physically removed)
• Soft-deleted data remains in operational database until manual erasure

User Data:

• User data retained indefinitely while user interacts with bot
• No automatic deletion based on inactivity
• Manual erasure available upon request

Premium Data:

• Card records retained indefinitely
• Usage tracking retained indefinitely
• Grace period records retained indefinitely

Survey Responses:

• Individual responses linked to user ID
• Retained indefinitely
• No anonymization after submission

Data Deletion & Erasure

Soft Delete

Operational Database:

• Guild soft delete: Metadata marked as deleted, reason logged, timestamp recorded
• User soft delete: Similar marking mechanism
• Soft-deleted data remains in filesystem
• Can be recovered by staff

Hard Erasure

Master Ledger:

• eraseData() method marks entries with erased: true flag
• Reason and erasure timestamp are logged
• User ID who requested erasure is logged
• Data payload remains in ledger but marked as erased
• Checksum verification remains intact

Operational Database:

• Manual file deletion required
• No automated erasure system implemented

User Rights

Data Access:

• Users can request access to their data via support channels
• No self-service portal implemented

Data Deletion:

• Users can request deletion via support channels
• Manual processing by staff required
• Erasure is logged in master ledger

Correction:

• Users can request correction of inaccurate data
• Manual processing by staff required

Security Practices

Filesystem Storage:

• Data stored as JSON files on local filesystem
• No encryption at rest implemented for main database
• File permissions managed by operating system

Vault System:

• Vault data is encrypted before storage
• Encryption keys managed separately

Access Control:

• Staff IDs and developer IDs stored in staff.json
• No role-based access control implemented beyond Discord permissions
• Bot token stored in environment variables

Integrity Verification:

• Master ledger entries include SHA256 checksums
• Checksums can be used to verify data has not been tampered with

Backups:

• Backup strategy not found in implementation
• Users with premium can use /vault for selective data storage

Policy Changes

Update Process:

• Policy changes will be reflected in this document
• Document version number will be incremented
• Effective date will be updated

Notification:

• No automated notification system for policy changes
• Users should check this document periodically

Contact

Support Channels:

• Project Automod support server (Discord)
• Direct message to bot developers

Data Requests:

• Submit via support server
• Include user ID and specific data requested

Implementation Notes:

• OAuth and website dashboard are not operational as of this policy's effective date
• Lense cross-server trust system is partially implemented (mentioned in code but core logic not fully operational)
• Dashboard authentication and session handling were not found during code review

Document Generated: March 7, 2026
Based on Code Review: Complete codebase scan as of effective date
Schema Version: 1.0.0