In the following, we would like to explain to you how your data is processed by us. We strictly adhere to the provisions of the General Data Protection Regulation (DSGVO) when collecting, processing and using your data.

Responsible

Responsible in the sense of the DSGVO is:
Niklas Mueller
Johann-Sebastian-Bach. 23
34134 Kassel
Germany
info@dszy.com

Processed data

Ⅰ. Access files and log files

When you access our website, your device automatically transmits certain data to the web server of our hoster netcup GmbH, Emmy-Noether-Straße 10, 76131 Karlsruhe, Germany, for technical reasons. This is the recipient of your personal data and acts as a processor for us. The server is located in Germany.

1. Scope of data processing

The following data is stored separately from all other data that you can transmit to us:

• - IP address
• - the address of the previously visited website (referrer request header)
• - Date and time of the request
• - Time zone difference to Greenwich Mean Time
• - Content of the request
• - HTTP status code
• - amount of data transferred
• - Website from which the request comes
• - Information about browser and operating system

2. Purpose of data processing

This is necessary to display our website, ensure stability and security, and monitor for potential misuse or attacks.

3. Legal basis for processing

The legal basis for the temporary storage of the data and the log files is Article 6 Paragraph 1 Sentence 1 lit. f GDPR (legitimate interest in the secure and stable operation of the website).

4. Duration of storage

Your IP address and other data will be stored by netcup GmbH for 14 days and then deleted.

5. Possibility of objection and elimination

The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. There is therefore no possibility of objection.

ⅠⅠ. Cookies

Here you will find all cookies that are necessary for the operation of our website and its functions (technically necessary cookies). These are usually set in response to an action you have taken. These include initiation of the payment process via Stripe. Stripe may place additional cookies during checkout to enable secure transactions, as outlined in their Privacy Policy. It is possible to deactivate these cookies in the browser. In this case, error-free functioning of our website can no longer be guaranteed.

Technically necessary cookies

Here you will find all cookies that are necessary for the operation of our website and its functions (technically necessary cookies). These are usually set in response to an action you have taken. These include, among others, registration, login or initiation of the payment process. It is possible to deactivate these cookies in the browser. In this case, error-free functioning of our website can no longer be guaranteed.

Technically unnecessary cookies

Currently, we do not use cookies that are not absolutely necessary for the operation of our website and its functions (technically unnecessary cookies). The use of such cookies constitutes data processing that is only permitted with your active consent (Art. 6 para. 1 p. 1 lit. a DSGVO). This also applies to the transfer of your personal data to third parties.

1. Scope of data processing

next-auth.session-token / __Secure-next-auth.session-token
When logging in via an external authentication provider (Discord), a cookie named next-auth.session-token (or __Secure-next-auth.session-token) is set. In this process, a temporary session is stored. This session includes, in particular:
(1) Authentication information for user recognition (e.g., user ID, login name, authentication provider)
(2) Session metadata required for the technical maintenance of the session (e.g., expiration time)
The data is processed solely to maintain the session, identify the user, and provide personalized features. No data is shared with third parties.

__stripe_sid / __stripe_mid (examples)
When accessing the payment page or initiating the payment process (e.g., via Stripe Checkout), the third-party provider Stripe sets cookies such as __stripe_sid and __stripe_mid. These are used to associate payments, detect potentially fraudulent activities, and technically manage the payment process.
The following data may be processed, among others:
(1) Session and transaction identifiers
(2) Device and browser information (e.g., IP address, user agent)
(3) Timestamps and usage data related to the payment process
This data is partially anonymized or pseudonymized by Stripe and may be used to enhance security and fraud prevention.

2. Purpose of data processing

next-auth.session-token
The processing of the session data serves to execute the login, authenticate the user, maintain the active session, and provide personalized features within the application.
__stripe_sid / __stripe_mid (examples)
The processing is carried out for the purpose of secure and smooth payment processing, fraud prevention, and the association and management of checkout sessions.

3. Legal basis for processing

next-auth.session-token
The legal basis for processing is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure execution of the login, session management, and the provision of core functionalities of our application.
__stripe_sid / __stripe_mid (examples)
The legal basis is Art. 6(1)(b) GDPR, as the processing is necessary for the performance of a contract or pre-contractual measures. Additionally, Art. 6(1)(f) GDPR may apply if there is a legitimate interest in fraud prevention and system security. Stripe processes the data independently in accordance with its privacy policies.

4. Duration of storage

next-auth.session-token
The data stored during the user session is retained for the duration of the active session and automatically deleted upon expiration (typically 30 days or when logging out).
__stripe_sid / __stripe_mid (examples)
The cookies __stripe_sid and __stripe_mid have different lifespans:
__stripe_sid is a session cookie and is deleted after the session ends,
__stripe_mid may be stored for up to one year to recognize returning users and ensure the security of the payment system.
The exact duration depends on Stripe’s security and processing policies.

5. Possibility of objection and elimination

next-auth.session-token
You can delete individual or all cookies via your browser settings. Additionally, you have the option to disable cookies entirely or restrict them to specific domains via your browser settings.
__stripe_sid / __stripe_mid (examples)
You can delete individual or all cookies via your browser settings. Additionally, you have the option to disable cookies entirely or restrict them to specific domains via your browser settings.

ⅠⅠⅠ. Payment processing via Stripe

If you make a payment using the Stripe payment service, we store data in connection with your transaction. This data has no direct personal reference, but is nevertheless mentioned here for completeness. Data processed by the third party payment provider is subject to their privacy policy.

1. Scope of data processing

• - Stripe Customer ID (if available)
• - Stripe email address (for transaction confirmation)
• - Transaction ID (tx_id)
• - Currency used
• - Final payment amount

This data contains no direct personal reference and is used exclusively for:

• - Transaction verification
• - Customer support
• - Accounting purposes

2. Purpose of data processing

The processing of this data serves documentation purposes, fulfillment of our contractual obligations, and compliance with legal requirements (particularly tax regulations).

3. Legal basis for processing

Art. 6(1)(b) GDPR (contract fulfillment) for payment processing and Art. 6(1)(c) GDPR (legal obligation) for retention according to § 147 German Tax Code. Processing by Stripe is based on your consent (Art. 6(1)(a) GDPR) when using Stripe Checkout.

4. Duration of storage

Transaction data is stored for 10 years according to § 147 German Tax Code (tax retention requirements). Stripe stores data according to their policies (https://stripe.com/privacy).

5. Possibility of objection and elimination

Objection to the processing of this data required for contract fulfillment and legal obligations is not possible, as the processing is necessary for compliance with our legal requirements.

IV. Bot Submission and Public Profile

When you submit a bot to our platform, we collect and process the information you provide.

1. Scope of data processing

We process the following data:
- Bot Name, ID, Description, Headline
- Images (Avatar, Background)
- Links (Invite, Support, Website, Repository)
- Your User ID (as the owner)
This information is publicly displayed on the bot's profile page.

2. Purpose of data processing

The purpose is to present your bot to other users on our platform and to enable the core functionality of the bot list.

3. Legal basis for processing

The legal basis is Art. 6(1)(b) GDPR (performance of a contract) as you request this service by submitting your bot.

4. Duration of storage

The data is stored until you delete your bot or request its removal.

5. Possibility of objection and elimination

You can edit or delete your bot at any time via the dashboard or by contacting support.

V. Transactional emails with Brevo

1. Scope of data processing

For sending transactional emails (e.g., order confirmations, cancellation policies, bot status updates), we use Brevo (provided by the German subsidiary Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin; headquarters in Paris).
The following data may be processed:
- Email address
- Order details (e.g., items, total amount)
- Bot details (e.g., name, status)
- Username (if provided)
- Technical metadata (e.g., sending time, delivery status, IP address upon opening, if available)

2. Purpose of data processing

Brevo is used to ensure reliable delivery of transactional emails (confirmation, cancellation information, bot approval/rejection notifications).

3. Legal basis for processing

The legal basis is Art. 6 (1) (b) GDPR (contract fulfillment). Sending these emails is necessary for the execution of the purchase contract.

3.1. Data processing agreement

A data processing agreement (Art. 28 GDPR) is in place with Brevo. Sendinblue GmbH processes personal data exclusively according to our instructions.

4. Duration of storage

Brevo stores delivery logs and previews for less than 10 million events indefinitely by default (configurable up to 5 years).
Starting January 1, 2025, for over 10 million email events: Events older than 24 months will be automatically deleted.
This time limit applies regardless of individual settings. Longer retention is only possible through regular exports (e.g., monthly) or via paid enterprise options (up to 10 years).
The content of the emails may be archived longer if required by commercial or tax laws.

5. Possibility of objection and elimination

Objection is not possible, as these emails are necessary for contract fulfillment or for legal reasons (Art. 6 (1) (b) GDPR).

Ⅴ. Email Support with Zoho

1. Scope of data processing

For sending and receiving emails, we use the email service Zoho Mail, provided by Zoho Corporation Pvt. Ltd., Estancia IT Park, Chennai, India, with European data centers in the Netherlands and Ireland.
The following data may be processed:
- Sender and recipient email addresses
- Email content (including any personal data)
- Technical metadata (e.g., IP address, timestamp, delivery status)

2. Purpose of data processing

Zoho Mail is used for efficient and secure email communication with customers, prospects, or other contacts.

3. Legal basis for processing

The legal basis is Art. 6 (1) (f) GDPR (legitimate interest), where our legitimate interest lies in the professional handling of email communication. If the email relates to a contract, Art. 6 (1) (b) GDPR (contract fulfillment) also applies.

3.1. Data processing agreement

A data processing agreement (Art. 28 GDPR) is in place with Zoho. Data processing takes place on European servers. Any transfer to third countries is only carried out with appropriate safeguards under Art. 44 ff. GDPR (e.g., standard contractual clauses).

4. Duration of storage

Emails are stored in accordance with legal retention periods (e.g., 6 years for business correspondence under § 257 of the German Commercial Code).

5. Possibility of objection and elimination

If processing is based on Art. 6 (1) (f) GDPR, users may object at any time (Art. 21 GDPR).

VI. Geo-Location Determination with IPinfo

To determine your approximate location and to customize currency and country information, we use the service IPinfo (IPinfo, Inc., 300 Lenora Street, #516, Seattle, WA 98121, USA).

1. Scope of data processing

Processed data:
- IP address
- Location data (country, optionally region/city)
- Assignment of country currency and country code

2. Purpose of data processing

The location data is used to provide location-based functions and to improve the user experience.

3. Legal basis for processing

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in optimized functionality).

4. Duration of storage

The data is processed for the duration of the respective session and is not stored permanently.

5. Possibility of objection and elimination

You can object to the processing by anonymizing your IP address or adjusting the relevant settings. Functionality may be limited as a result.

Your rights

You have the right to information, the right to rectification or deletion, the right to restriction of processing and the right to object to the processing of your data. If you have given us consent, you can revoke this at any time with effect for the future. Please address your objection informally to the above address. In addition, you have the right to data portability. You further have the right to complain about the processing to a supervisory authority. You can find a list of the relevant authorities at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.