Privacy Policy

CrossTalk ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Discord translation bot and web dashboard.

1. Data Collection

1.1 Information You Provide

We collect information you provide directly:

• Discord Account Information: When you authenticate with Discord, we receive your Discord user ID, username, avatar, and list of servers where you have management permissions
• Configuration Data: Translation routes, channel mappings, language preferences, and bot settings you configure
• Payment Information: If you subscribe to a paid tier, our payment processor collects billing information (we do not store credit card numbers)

1.2 Automatically Collected Information

We automatically collect certain information:

• Usage Data: Character counts, translation counts, API requests, and feature usage statistics
• Log Data: IP addresses, browser type, access times, pages viewed, and error logs
• Device Information: Device type, operating system, and unique device identifiers
• Cookies: We use essential cookies for authentication and optional analytics cookies (with your consent)

1.3 Message Data

Important: CrossTalk processes message content in real-time for translation but does NOT permanently store message text. We may temporarily cache message IDs and relationships for up to 30 days to enable deletion synchronization features.

2. Data Usage

2.1 How We Use Your Data

We use collected data to:

• Provide and maintain the translation service
• Process and deliver translations between Discord channels
• Authenticate users and manage sessions
• Monitor usage limits and enforce tier restrictions
• Improve service quality and develop new features
• Detect and prevent abuse, fraud, or security issues
• Communicate with you about service updates and support
• Comply with legal obligations and enforce our Terms of Service

2.2 Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process data based on:

• Contract Performance: Processing necessary to provide the Service you requested
• Legitimate Interests: Improving our Service, preventing fraud, and ensuring security
• Consent: Analytics cookies and marketing communications (you can withdraw consent anytime)
• Legal Obligations: Compliance with applicable laws and regulations

3. Data Sharing and Disclosure

3.1 Third-Party Service Providers

We share data with trusted service providers:

• Discord: For authentication and bot functionality
• DeepL: For translation processing (message content only, no user data)
• AWS: For hosting, database, and infrastructure services
• Payment Processors: For subscription billing (if applicable)
• Analytics Providers: For usage analytics (only with your consent)

3.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

3.3 Business Transfers

If CrossTalk is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

3.4 No Selling of Data

We do NOT sell, rent, or trade your personal information to third parties for marketing purposes.

4. Data Retention

4.1 Retention Periods

• Account Data: Retained while you use the Service and for 90 days after account deletion
• Configuration Data: Retained while the bot is installed in your servers
• Usage Statistics: Aggregated data retained indefinitely for analytics
• Message Relationships: Cached for up to 30 days, then automatically deleted
• Log Data: Retained for 90 days for security and debugging purposes
• Backups: Retained for 30 days for disaster recovery

4.2 Data Deletion

You can request deletion of your data at any time by contacting support. We will delete your data within 30 days, except where retention is required by law.

5. Your Rights

5.1 Access and Portability

You have the right to access your personal data and request a copy in a portable format. Contact us to request your data export.

5.2 Correction and Update

You can update your configuration data through the dashboard. For other corrections, contact support.

5.3 Deletion and Erasure

You have the right to request deletion of your personal data. Remove the bot from your servers or contact support for immediate deletion.

5.4 Objection and Restriction

You can object to certain data processing activities or request restriction of processing. Contact us to exercise these rights.

5.5 Withdraw Consent

For processing based on consent (e.g., analytics cookies), you can withdraw consent at any time through your browser settings or dashboard preferences.

6. GDPR and CCPA Compliance

6.1 GDPR (European Users)

If you are located in the European Economic Area, you have additional rights under GDPR including the right to lodge a complaint with your local data protection authority.

6.2 CCPA (California Users)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose
• Request deletion of your personal information
• Opt-out of the sale of personal information (we do not sell data)
• Non-discrimination for exercising your privacy rights

6.3 International Data Transfers

Your data may be transferred to and processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers.

7. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in transit (TLS/SSL) and at rest
• Secure authentication with httpOnly cookies
• Regular security audits and vulnerability assessments
• Access controls and principle of least privilege
• Automated backups and disaster recovery procedures

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Children's Privacy

CrossTalk is not intended for users under 13 years of age (or 16 in the EEA). We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website or sending an email. The "Last Updated" date at the top indicates when the policy was last revised.