Privacy Policy

Last updated: August 30, 2025
Data Controller: LRA, established in the EU
Contact (privacy): support@lra.one

1) What this Policy covers

This Privacy Policy explains how we collect, use, disclose, secure, and retain information when you use the LRA website, web app, and Discord bot (together, the "Service"). We operate under EU law (GDPR).

2) Summary (plain language)

• We sign you in with Discord OAuth and use only the minimum data from Discord needed to run the Service.
• We do not sell or share your data for advertising.
• We do not run third-party analytics or tracking.
• We store data in the EEA where possible.
• Discord is a separate platform and data controller. We don't control how Discord processes your data on its systems.
• You have GDPR rights (access, deletion, etc.). Write to support@lra.one.

3) What data we process

We do not collect special categories of data (e.g., health, religion) and we do not profile you for marketing. We process:

A. Discord account data (received via OAuth, strictly necessary):

• Discord user ID, username, and avatar URL
• Email (if provided by Discord and permitted by your OAuth scopes)
• Server/guild-level identifiers you connect with our bot (e.g., guild IDs, guild name, selected settings, roles/permissions required to deliver features)

B. Service metadata (generated when you use the Service):

• Timestamps of actions (e.g., when you log in, enable a feature, or invite the bot)
• Your preferences/configuration within our app/bot (feature toggles, language, limits)
• Operational event logs (e.g., error logs) that may transiently include IP and user ID for security and debugging

C. Communications:

• The content of messages/emails you send to our support address

We do not monitor your private Discord messages. The bot can only see data Discord exposes for the scopes/permissions you granted and only uses them to operate requested features.

4) Why we process data (legal bases under GDPR)

We process data only when there is a lawful basis:

• Contract (Art. 6(1)(b) GDPR): To provide and maintain the Service, authenticate you via Discord, run the bot in your server(s), store your configuration, and deliver features you request.
• Legitimate interests (Art. 6(1)(f)): To secure and improve the Service (e.g., prevent abuse, ensure reliability, debug issues). We balance these interests against your rights.
• Legal obligation (Art. 6(1)(c)): Where EU or local law requires record-keeping or responding to lawful requests.
• Consent (Art. 6(1)(a)): Only where we explicitly ask for it (e.g., optional communications). You can withdraw consent at any time.

5) How we use data

• Authentication & account management (via Discord OAuth)
• Operating features you enable in the web app or by inviting the bot (using guild/user IDs and your configuration)
• Security (rate-limiting, abuse prevention, fraud detection)
• Maintenance & support (debugging, incident response)
• Required communications (service updates, security notices)

We do not use your data for ads, behavioral profiling, or unrelated purposes.

6) Cookies and similar tech

We use only essential cookies (e.g., session cookies) needed for authentication and core functionality. We do not use advertising cookies or third-party analytics cookies.

7) Data sharing and recipients

• We do not sell personal data.
• We do not share data with third parties for marketing.
• We may use infrastructure/service providers (e.g., hosting, storage, email) acting as data processors under written agreements and limited to the EEA where feasible.
• Discord is an independent data controller. Your use of Discord is governed by Discord's own terms and policies. We only receive data from Discord necessary for OAuth and bot functionality.

8) International data transfers

We aim to store and process your data within the EEA. If an international transfer arises (e.g., for support continuity or if a processor operates outside the EEA), we will use an approved transfer mechanism (e.g., EU Standard Contractual Clauses) and implement supplementary safeguards where appropriate.

Note: Discord's processing and any transfers it performs are under Discord's control and policies.

9) Security

We apply administrative, technical, and organizational measures aligned with industry practice:

• Transport encryption (HTTPS/TLS)
• Principle of least privilege and access controls
• Segregated environments for production vs. development
• Monitoring and logging for incident detection
• Backups and continuity procedures

No system is perfectly secure. If we discover a personal-data breach, we will notify authorities and affected users when legally required.

10) Retention

We keep personal data only as long as needed for the purposes above:

• Account and configuration data: retained while your account/bot connection is active; deleted or irreversibly pseudonymized within 30 days after you disconnect, delete the account, or remove the bot (unless legal retention applies).
• Operational logs: typically 30–90 days for security/debugging.
• Backups: cyclical, typically up to 90 days; data is deleted on rotation.

If you return after deletion, the Service treats you as a new user.

11) Your rights (GDPR)

You can exercise the following rights, subject to conditions in the GDPR:

• Access your data
• Rectification (correct inaccuracies)
• Erasure ("right to be forgotten")
• Restriction of processing
• Portability (copy in a structured, commonly used format)
• Objection to processing based on legitimate interests
• Withdraw consent (where processing relies on consent)

Contact: support@lra.one. We may need to verify your identity.

You also have the right to complain to your local data protection supervisory authority in the EU.

12) Children

Our Service is intended for users who meet Discord's minimum age and any applicable local minimum age. We do not knowingly process data of children under those thresholds.

13) Independent role with respect to servers/guilds

When you add our bot to a Discord server, we act as an independent data controller for the minimal data we process to operate the bot. We do not provide the Service as your processor.

14) Changes to this Policy

We may update this Policy to reflect operational, legal, or regulatory changes. We will post the new version with a new "Last updated" date and, where appropriate, notify you through the Service.