Privacy Policy

Effective Date: September 7, 2025 Last Updated: September 7, 2025 Version: 1.0

1. Introduction

Welcome to Megami ("we," "our," "us"), an anime card collection Discord bot. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Discord bot services, website, and related features (collectively, the "Service").

By using Megami, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described in this Privacy Policy, please do not use our Service.

2. Information We Collect

2.1 Information Automatically Collected

When you interact with Megami, we automatically collect certain information:

Discord User Data:

• Discord User ID (unique identifier)
• Discord Username and Display Name
• Discord Avatar URL
• Discord Server (Guild) IDs where you use Megami
• Discord Channel IDs where commands are executed
• Message timestamps and command usage statistics
• Voice channel participation data (if applicable to bot features)

Technical Information:

• IP addresses (for security and rate limiting purposes)
• Device information and browser type (when accessing our website)
• Operating system information
• Interaction timestamps and frequency
• Command execution logs and error reports
• Performance metrics and usage analytics

Game Data:

• Card collection progress and inventory
• Battle statistics and win/loss records
• Achievement and progression data
• In-game currency and transaction history
• Trading history and marketplace activity
• User preferences and settings
• Favorite cards and wishlist items
• Guild/server-specific configurations

2.2 Information You Provide

Voluntary Information:

• Custom profile information you choose to set
• Feedback, suggestions, and support requests
• Bug reports and error descriptions
• Contest entries and submissions
• Community forum posts and comments
• Survey responses

Financial Information:

• Payment method information (processed through third-party payment processors)
• Purchase history and transaction records
• Subscription status and billing information
• Refund requests and dispute records

2.3 Information from Third Parties

Discord Platform:

• Information provided by Discord's API in accordance with Discord's Terms of Service
• Server membership information
• Role and permission data
• Integration data from other Discord bots (where applicable)

Payment Processors:

• Transaction confirmation data
• Payment method verification
• Fraud prevention information

3. How We Use Your Information

3.1 Primary Uses

We use the collected information for the following purposes:

Service Operation:

• Provide and maintain the Megami bot functionality
• Process commands and execute bot features
• Maintain user accounts and game progress
• Enable card collection, trading, and battle systems
• Provide customer support and respond to inquiries
• Send service-related notifications and updates

Personalization:

• Customize your gaming experience
• Recommend cards, battles, or activities
• Display personalized statistics and achievements
• Maintain user preferences and settings
• Provide targeted content and features

Security and Fraud Prevention:

• Monitor for suspicious activity and bot abuse
• Prevent cheating, exploitation, and unauthorized access
• Implement rate limiting and anti-spam measures
• Detect and prevent fraudulent transactions
• Maintain system security and integrity

3.2 Analytics and Improvement

Performance Analysis:

• Monitor bot performance and uptime
• Analyze user engagement and feature usage
• Identify and fix bugs and technical issues
• Optimize database queries and response times
• Measure feature adoption and user satisfaction

Product Development:

• Develop new features and improvements
• Conduct A/B testing for feature optimization
• Analyze user feedback and feature requests
• Plan future updates and expansions
• Research market trends and user behavior

3.3 Communication

Service Communications:

• Send maintenance notifications and downtime alerts
• Provide feature announcements and updates
• Deliver important policy changes and terms updates
• Send security alerts and account notifications

Marketing Communications (with consent):

• Newsletter and promotional content
• Special event announcements
• Contest and giveaway notifications
• Community highlights and featured content

4. Information Sharing and Disclosure

4.1 We Do Not Sell Personal Information

We do not sell, rent, or trade your personal information to third parties for commercial purposes.

4.2 Limited Disclosure Scenarios

We may share your information only in the following circumstances:

Service Providers:

• Hosting and infrastructure providers (server maintenance, database management)
• Payment processing services (for premium features and purchases)
• Analytics and monitoring services (performance tracking, error reporting)
• Customer support platforms (ticket management, user communication)
• Security services (fraud detection, abuse prevention)

Legal Requirements:

• Compliance with applicable laws, regulations, or legal processes
• Response to valid legal requests from law enforcement
• Protection of our rights, property, or safety
• Protection of users' rights, property, or safety
• Investigation of potential violations of our Terms of Service

Business Transactions:

• Merger, acquisition, or sale of assets (with user notification)
• Bankruptcy or liquidation proceedings
• Due diligence processes for potential business partners

Consent-Based Sharing:

• Third-party integrations you explicitly authorize
• Community features you choose to participate in
• Public leaderboards and competitions (with your consent)

4.3 Data Processing Agreements

All third-party service providers are contractually obligated to:

• Maintain appropriate security measures
• Use your information only for specified purposes
• Comply with applicable privacy laws and regulations
• Notify us of any data breaches or security incidents
• Delete or return data upon contract termination

5. Data Retention

5.1 Retention Periods

Active User Data:

• Account information: Retained while your account is active
• Game progress and statistics: Retained indefinitely for continuity
• Command logs: Retained for 90 days for debugging purposes
• Error reports: Retained for 1 year for system improvement

Inactive User Data:

• Accounts inactive for 2+ years may be subject to data archival
• Archived data is anonymized and aggregated where possible
• Critical game data (collections, achievements) preserved for account recovery

Transaction Data:

• Payment records: Retained for 7 years for legal compliance
• Purchase history: Retained indefinitely for account management
• Refund records: Retained for 7 years for dispute resolution

5.2 Data Deletion

Automatic Deletion:

• Temporary logs and cache data: 30 days
• Session data: 24 hours after session end
• Failed authentication attempts: 7 days
• Temporary files and uploads: 30 days

User-Requested Deletion:

• Account deletion requests processed within 30 days
• Some data may be retained for legal compliance
• Anonymized statistical data may be retained for service improvement

6. Data Security

6.1 Security Measures

We implement comprehensive security measures to protect your information:

Technical Safeguards:

• End-to-end encryption for data transmission
• Advanced encryption standards (AES-256) for data at rest
• Secure database configurations with access controls
• Regular security audits and penetration testing
• Multi-factor authentication for administrative access
• Intrusion detection and prevention systems
• Regular software updates and security patches

Operational Safeguards:

• Strict access controls and employee background checks
• Regular security training for all personnel
• Incident response procedures and breach protocols
• Data backup and disaster recovery systems
• Vendor security assessments and compliance verification

Physical Safeguards:

• Secure data centers with 24/7 monitoring
• Biometric access controls and security cameras
• Environmental controls and redundant power systems
• Secure disposal of hardware and storage media

6.2 Data Breach Response

In the event of a data breach:

• Immediate containment and investigation procedures
• User notification within 72 hours of discovery
• Coordination with relevant authorities and regulators
• Comprehensive remediation and prevention measures
• Regular updates on investigation progress and resolution

7. Your Privacy Rights

7.1 Access and Control Rights

Depending on your jurisdiction, you may have the following rights:

Right to Access:

• Request a copy of all personal information we hold about you
• Receive information about how your data is processed
• Obtain details about data sharing and retention practices

Right to Correction:

• Request correction of inaccurate or incomplete information
• Update your profile and preference settings
• Modify your communication preferences

Right to Deletion:

• Request deletion of your personal information
• Close your account and remove associated data
• Withdraw consent for optional data processing

Right to Portability:

• Request your data in a structured, machine-readable format
• Transfer your data to another service provider
• Export your game progress and statistics

Right to Restriction:

• Limit how we process your information
• Object to certain types of data processing
• Opt out of automated decision-making processes

7.2 Exercising Your Rights

To exercise any of these rights:

• Use the in-bot privacy commands (e.g., /privacy export, /privacy delete)
• Contact our support team through our official Discord server
• Email us at legal@megami.dev with your request
• Submit a request through our website's privacy portal

We will respond to all requests within 30 days and may require identity verification for security purposes.

8. Children's Privacy

8.1 Age Restrictions

Megami is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13 without parental consent. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take immediate steps to delete such information.

8.2 Parental Rights

If you are a parent or guardian and believe your child has provided personal information to us:

• Contact us immediately to request account review
• We will verify the account holder's age
• We will delete the account and associated data if the user is under 13
• We will implement additional safeguards to prevent future underage registration

8.3 Teen Privacy Protection

For users aged 13-17:

• Enhanced privacy settings by default
• Limited data collection and processing
• Parental notification for certain features
• Additional consent requirements for data sharing
• Special protections for sensitive information

9. International Data Transfers

9.1 Data Processing Locations

Your information may be processed in countries other than your own, including:

• United States (primary data centers)
• European Union (GDPR compliance servers)
• Other countries where our service providers operate

9.2 Transfer Safeguards

For international data transfers, we ensure:

• Adequacy decisions or appropriate safeguards are in place
• Standard contractual clauses with all international vendors
• Compliance with applicable data protection laws
• Regular monitoring of international data processing activities

9.3 Regional Compliance

European Union (GDPR):

• Lawful basis for processing clearly identified
• Enhanced consent mechanisms and withdrawal options
• Data Protection Officer contact information provided
• Regular Data Protection Impact Assessments conducted

California (CCPA):

• Consumer privacy rights clearly disclosed
• Opt-out mechanisms for data sales (not applicable as we don't sell data)
• Non-discrimination policies for privacy rights exercise
• Regular privacy policy updates and notifications

10. Cookies and Tracking Technologies

10.1 Website Cookies

Our website uses cookies and similar tracking technologies:

Essential Cookies:

• Authentication and session management
• Security and fraud prevention
• Basic site functionality and navigation

Analytics Cookies:

• Website usage statistics and performance metrics
• User behavior analysis and optimization
• Error tracking and bug identification

Preference Cookies:

• Language and regional settings
• Theme and display preferences
• Personalization settings

10.2 Cookie Management

You can control cookies through:

• Browser settings and preferences
• Website cookie consent banners
• Third-party opt-out tools and extensions
• Direct contact with our support team for assistance

10.3 Do Not Track Signals

We currently do not respond to Do Not Track browser signals, but we provide comprehensive privacy controls and opt-out mechanisms for all users.

11. Third-Party Services

11.1 Discord Integration

Megami operates as a Discord bot and integrates with Discord's services:

• Discord's Privacy Policy and Terms of Service apply
• We only access Discord data necessary for bot functionality
• Discord user data is processed in accordance with Discord's API terms
• Users can control bot permissions through Discord's settings

11.2 Payment Processors

For premium features, we use third-party payment processors:

• Stripe: Payment processing and fraud detection
• PayPal: Alternative payment method processing
• These services have their own privacy policies and security measures
• We do not store full credit card information on our servers

11.3 Analytics Services

We use analytics services to improve our bot:

• Google Analytics: Website usage and performance tracking
• Sentry: Error monitoring and performance optimization
• Custom analytics: Bot usage statistics and feature adoption
• All analytics data is anonymized where possible

12. Data Subject Rights by Jurisdiction

12.1 European Union - GDPR Rights

Under the General Data Protection Regulation, you have:

• Right to be informed about data processing
• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision making and profiling

Legal Basis for Processing:

• Contract performance: Providing bot services and features
• Legitimate interests: Service improvement and security
• Consent: Marketing communications and optional features
• Legal obligations: Compliance with applicable laws

12.2 California - CCPA Rights

Under the California Consumer Privacy Act, you have:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of the sale of personal information (not applicable)
• Right to non-discrimination for exercising privacy rights

Categories of Information Collected:

• Identifiers (Discord ID, username)
• Commercial information (purchase history)
• Internet activity (bot usage, commands)
• Geolocation data (general location for localization)

12.3 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate, including:

• Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
• Australia's Privacy Act 1988
• Brazil's Lei Geral de Proteção de Dados (LGPD)
• Other applicable regional and national privacy laws

13. Business Changes

13.1 Ownership Changes

In the event of a merger, acquisition, or sale of assets:

• Users will be notified at least 30 days in advance
• The new privacy policy will be clearly communicated
• Users will have the option to delete their data before the transfer
• Existing privacy commitments will be honored during transition

13.2 Service Changes

For significant changes to our services:

• Privacy impact assessments will be conducted
• Users will be notified of material changes
• Opt-in consent will be obtained for new data uses
• Legacy data handling procedures will be clearly communicated

14. Contact Information

14.1 Privacy Officer

For privacy-related inquiries, contact our Privacy Officer:

• Email: legal@megami.dev
• Discord: Join our official support server
• Response time: Within 48 hours for urgent matters, 7 days for general inquiries

14.2 Data Protection Officer (EU)

For GDPR-related matters:

• Email: dpo@legal@megami.dev
• Postal address: [To be filled with actual address]
• Phone: [To be filled with actual phone number]

14.3 Regulatory Contacts

To lodge complaints with supervisory authorities:

• EU: Contact your local Data Protection Authority
• California: California Attorney General's Office
• Canada: Office of the Privacy Commissioner of Canada
• Australia: Office of the Australian Information Commissioner

15. Policy Updates

15.1 Notification of Changes

We will notify you of material changes to this Privacy Policy through:

• Discord bot announcements in servers where Megami is active
• Email notifications (if you've provided an email address)
• Website banners and notifications
• In-bot notifications and command responses

15.2 Effective Date of Changes

• Minor updates: Effective immediately upon posting
• Material changes: 30-day notice period before taking effect
• Changes affecting minors: Enhanced notification and consent procedures
• Legal requirement changes: May take effect immediately with explanation

15.3 Version Control

This Privacy Policy is version-controlled with:

• Clear version numbers and dates
• Change logs available upon request
• Archive of previous versions maintained
• Side-by-side comparison tools available

This Privacy Policy was last updated on September 7, 2025. For questions about this Privacy Policy, please contact us using the information provided above.

By continuing to use Megami after the effective date of any changes to this Privacy Policy, you agree to be bound by the modified policy.