Privacy Policy
Last updated: July 2026
SpookyPulse is a Discord bot operated by SpookyCodes. This policy explains what data we collect when you add the bot or use the dashboard, why we collect it, how long we keep it, and the rights you have over it. We try to collect as little as possible and keep it only as long as it is useful to you.
1. Who we are
The service is provided by SpookyCodes ("we", "us", "our"), the data controller for the personal data described below. For any privacy question you can reach us at info@spookycodes.com.
2. What we collect
We collect only what the bot needs to work in your server and on your dashboard:
- Discord identifiers — user IDs, server (guild) IDs, role and channel IDs. We store IDs, not your Discord password, which we never see.
- Server configuration — the settings you choose in the dashboard: enabled features, ticket categories, leveling rules, automod thresholds and similar preferences.
- Ticket messages and transcripts — when a ticket is opened, the messages exchanged inside that ticket are stored so the transcript can be archived and searched later. We do not read or store the general message content of your server outside of tickets.
- Usage data — command usage, feature activity, XP counts and basic diagnostic logs (timestamps, error traces) that help us keep the service stable.
- Account and billing data — for paid plans, the email tied to your dashboard login and the subscription status. Card details are handled by our payment processor and never touch our servers.
3. Why we use it
We process this data to:
- Provide the service — run the features you enabled, archive your tickets, keep your leveling and moderation working.
- Provide support — answer your requests and investigate issues you report.
- Keep the service secure and reliable — detect abuse, prevent fraud and fix bugs.
- Manage subscriptions — process payments and apply the plan you chose.
We do not sell your data, and we do not use it for advertising.
4. Legal basis (GDPR)
Where the GDPR applies, we rely on:
- Performance of a contract — to deliver the service you and your server admins signed up for, including any paid plan.
- Legitimate interest — to keep the bot secure, prevent abuse, and improve reliability, in a way that does not override your rights.
- Consent — where a feature is optional (for example optional AI features, as they roll out), so you stay in control of whether it runs.
5. Data retention
We keep data only as long as it is needed. Retention of ticket transcripts depends on your plan:
- Free — ticket transcripts are retained for 14 days, then automatically deleted.
- Pro — transcripts are retained for 90 days and stay searchable.
- Business — transcripts will be retained for up to 1 year when the Business plan becomes available (coming soon), so support teams can look back further.
Message content is only ever stored inside tickets. We do not log, archive or read the everyday messages of your server. When a transcript reaches the end of its retention window it is deleted from our systems.
Server configuration is kept while the bot is in your server. If you remove SpookyPulse, configuration and stored transcripts are scheduled for deletion after a short grace period so an accidental removal can be undone. Diagnostic logs are rotated on a rolling basis.
6. Third parties we share with
We use a small number of trusted providers to run the service. Each receives only the data it needs:
- Discord — the platform the bot runs on. Interactions with your server necessarily pass through Discord under their own privacy policy.
- Stripe — handles payments for paid plans. Your card details go directly to Stripe; we receive only the subscription status, never full card numbers.
- Anthropic — powers optional AI features as they roll out (such as the AI scam shield, which is coming soon). Any content sent to process such features is not used to train models, and these AI features run only when they are available and you enable them.
We do not share your data with any other third party except where required by law.
7. Your rights
Under the GDPR and similar laws you can:
- Access — ask for a copy of the personal data we hold about you.
- Deletion — ask us to delete your data ("right to be forgotten").
- Export — request your data in a portable format, including a transcript export where available.
- Rectification and objection — correct inaccurate data or object to certain processing.
To exercise any of these, email info@spookycodes.com from the address linked to your account. We respond within the timeframes the law requires, and you have the right to complain to your local data protection authority.
8. Cookies
The marketing site uses no tracking cookies. The dashboard uses a single essential session cookie to keep you logged in after you sign in with Discord. It is strictly necessary for the dashboard to function and is not used for advertising or cross-site tracking.
9. Data location
Our servers and databases are hosted within the European Union. Where a provider such as Discord, Stripe or Anthropic processes data outside the EU, that transfer is covered by appropriate safeguards (such as Standard Contractual Clauses) under the provider's own agreements.
10. Children
SpookyPulse is not directed at children below the minimum age required to use Discord in their country. We do not knowingly collect data from anyone under that age.
11. Changes to this policy
We may update this policy as the service evolves. When we make a material change we will update the date at the top and, where appropriate, notify server admins through the dashboard. Continued use after an update means you accept the revised policy.
12. Contact
Questions about privacy or your data? Email info@spookycodes.com and we will get back to you.
This document is a plain-language template provided for transparency and is not legal advice. If you run a business that relies on SpookyPulse, consult a qualified professional to confirm your own compliance obligations.
SpookyPulse is a SpookyCodes product. Not affiliated with Discord Inc.