Privacy Policy - Noktron

Our Policy.

1. Introduction

This Privacy Policy explains how Noktron (referred to as 'we' and 'us') collects, processes, stores, and protects data when you use the Noktron bot, the website Noktron.de, the Noktron API (api.Noktron.de), game servers operated Noktron, and any related services, collectively referred to as the 'Service'.

By using any part of the Service, you confirm that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for the processing of personal data under this Policy is:

Leandro Wrede
c/o Impressumservice Dein-Impressum
Stettiner Strasse 41
35410 Hungen
Germany
Email: support@noktron.de

3. Data We Process

We process only data that is necessary to operate, secure, and improve the Service.

3.1 Discord Bot - Identifiers

We may process the following identifiers:

Discord user IDs
Discord server (guild) IDs
Discord channel IDs

These identifiers are required to associate actions, settings, and features with the correct context.

3.2 Discord Bot - Message Content

Certain commands, moderation features, or automation systems require temporary processing of message content. Message content:

is processed only when required for a specific feature
is not permanently stored default
may be temporarily cached for up to 24 hours for security, abuse prevention, or diagnostics where necessary

3.3 Discord Bot - Server Configuration Data

We may store server-specific configuration data, such as enabled features or preferences, to ensure the Service functions correctly.

3.4 Website (Noktron.de)

When you visit Noktron.de, our servers may automatically record standard server log data, including your IP address, browser type, pages visited, and timestamps. This data is used solely for security and operational purposes and is not linked to individual Discord identities.

3.5 Noktron API (api.Noktron.de)

When you access or integrate with the Noktron API, the following data may be processed:

API keys or authentication tokens used to identify and authorize requests
IP addresses of requesting clients, for rate limiting and abuse prevention
Request metadata, including endpoints accessed, timestamps, and response codes
Any data explicitly submitted as part of API requests (e.g., Discord IDs, configuration payloads)

Discord Bot Tokens

To enable certain API features, users may voluntarily submit their own Discord bot token to the Noktron API. By submitting a bot token, you acknowledge and agree to the following:

Bot tokens are stored in encrypted form and are never stored or logged in plaintext
Bot tokens are used exclusively to perform operations you explicitly authorize via the API
Tokens are never shared with third parties, disclosed in logs, or used for any purpose outside the scope of your request
You may revoke API access and request deletion of your stored token at any time via support@Noktron.de or through the API itself
You are responsible for ensuring your bot token is valid and that you are authorized to submit it
In the event of a suspected token compromise, we will notify you immediately and invalidate the stored token on our end

We strongly recommend regenerating your Discord bot token immediately if you believe it has been compromised, via the Discord Developer Portal.

API access logs are retained for up to 90 days. Bot tokens are retained only as long as the associated API integration is active, and are permanently deleted upon revocation or account removal.

3.6 Game Servers - Minecraft

When you connect to a Noktron-operated Minecraft server, the following data may be processed:

Minecraft username and UUID (as provided Mojang/Microsoft)
IP address at time of connection
Join/leave timestamps and session duration
In-game actions relevant to moderation (e.g., chat messages, rule violations)
Any data submitted via in-game commands or forms

3.7 Game Servers - Steam

When you connect to a Noktron-operated Steam game server, the following data may be processed:

Steam ID (SteamID64)
IP address at time of connection
Join/leave timestamps and session duration
In-game actions relevant to moderation or anti-cheat enforcement
Player name as displayed via Steam

Game server data is retained for up to 90 days, or longer if required for active bans or security investigations.

4. Legal Basis for Processing (GDPR)

Where applicable under the General Data Protection Regulation (GDPR), data is processed under one or more of the following legal bases:

Art. 6(1)(b) GDPR - Processing is necessary for the performance of a service you have requested
Art. 6(1)(f) GDPR - Processing is necessary for our legitimate interests, such as preventing abuse, fraud, and ensuring service security, where these interests are not overridden your rights
Art. 6(1)(a) GDPR - Consent, where explicitly required law

5. Purpose of Processing

We process data exclusively for the following purposes:

Providing and operating all parts of the Service (bot, website, API, game servers)
Executing commands, automation logic, and API requests
Preventing abuse, fraud, cheating, and misuse
Enforcing bans and moderation decisions across game servers
Monitoring, diagnostics, and service optimization
Rate limiting and securing API access
Responding to support and administrative requests

We do not sell, rent, or use data for advertising, profiling, or marketing purposes.

6. Data Retention

Data Type	Retention Period
Temporary message processing	Up to 24 hours
Operational logs and diagnostics	Up to 90 days
API access logs	Up to 90 days
Game server session data	Up to 90 days
Bot tokens	While API integration is active; deleted upon revocation
Server configuration data	While Noktron is active on the server
Ban and moderation records	Until lifted, or permanently if required for security
Legal and security hold data	As required applicable law

After the applicable retention period, data is securely deleted or anonymized.

7. Data Sharing and Third Parties

We do not sell or share personal data with third parties for commercial purposes. Data may be disclosed:

When required applicable law or court order
To protect the integrity and security of the Service
With infrastructure and hosting providers necessary to operate Noktron (e.g., database, server, and API hosting providers)

All third-party providers are contractually required to implement appropriate data protection measures and may only process data on our behalf and in accordance with our instructions.

8. International Data Transfers

Data may be processed or stored outside the European Economic Area (EEA). Where such transfers occur, appropriate safeguards are applied in accordance with GDPR requirements, such as EU Standard Contractual Clauses (SCCs) or adequacy decisions the European Commission.

9. Security Measures

We apply reasonable technical and organizational measures to protect data against unauthorized access, loss, or misuse, including encrypted storage of API keys and access controls on infrastructure.

Discord bot tokens submitted to the API are encrypted at rest using industry-standard encryption. Access to stored tokens is strictly limited to automated systems performing user-authorized operations. No human operator can retrieve a token in plaintext.

In the event of a data breach affecting your rights, we will notify the relevant supervisory authority and, where required, affected individuals in accordance with applicable law.

10. Automated Decision-Making

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR that produces legal or similarly significant effects on individuals. Automated systems such as spam filters or anti-cheat detection may flag accounts for human review, but final decisions are made a human moderator.

11. Children's Privacy

The Service is not intended for individuals who are not legally permitted to use the platforms on which Noktron operates. In accordance with Discord's Terms of Service, users must be at least 13 years of age. Minecraft and Steam services are likewise intended only for users meeting the minimum age requirements of those platforms. If we identify that data has been collected from underage users without appropriate consent, it will be deleted without undue delay.

12. Your Rights

Depending on applicable law, in particular the GDPR, you may have the right to:

Access your personal data (Art. 15 GDPR)
Rectification of inaccurate data (Art. 16 GDPR)
Erasure - right to be forgotten (Art. 17 GDPR)
Restriction of processing (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Object to processing based on legitimate interests (Art. 21 GDPR)
Withdraw consent at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at support@noktron.de. We will respond within 30 days in accordance with Art. 12 GDPR.

You also have the right to lodge a complaint with a supervisory authority. The competent authority for North Rhine-Westphalia is:

Landesbeauftragte fur Datenschutz und Informationsfreiheit NRW (LDI NRW)
Postfach 20 04 44
40102 Dusseldorf
www.ldi.nrw.de

13. Changes to This Policy

This Privacy Policy may be updated from time to time. We will notify users of material changes updating the 'Last Updated' date and, where feasible, through an announcement via the Service. We recommend reviewing this Policy periodically. Continued use of the Service after changes have been published constitutes acknowledgment of the updated version.

14. Contact

For any privacy-related questions or requests:

Leandro Wrede
c/o Impressumservice Dein-Impressum
Stettiner Strasse 41
35410 Hungen
Germany
Email: support@Noktron.de