1. DATA COLLECTION / THU THẬP DỮ LIỆU
1.1 User Data / Dữ Liệu Người Dùng
Automatically Collected / Tự động thu thập
Discord User ID (String, 17-19 digits) —
Purpose: Unique identifier for users — Storage: MongoDB
users collection
Discord Username (String, max 32 characters)
— Purpose: Display name in commands and transactions —
Storage: MongoDB users collection
Last Active Timestamp (Date) — Purpose: Track
user activity for cleanup — Storage: MongoDB
users collection
Optional User Data / Dữ liệu tùy chọn
Email Address (String, optional) — Purpose:
Account verification and notifications — Storage: MongoDB
users collection — Note: Not required,
user-provided only
Economy Data / Dữ liệu kinh tế
Lpoint Balance (Number, default: 0)
Cashback Amount (Number, default: 0)
Coins Sent / Received (Number) — Track totals
Premium Status & Security Data
isPremium (Boolean), premiumExpiry (Date, nullable)
isBanned, banReason, loginAttempts, lockUntil — Security / abuse prevention
1.2 Guild (Server) Data / Dữ Liệu Server
Guild settings include IDs, locale, server economy fields, disabled commands, feature toggles (welcome/leave/autorole/boost), premium status, welcome/leave/boost embed configuration, auto-role config, voice channel settings, and more.
1.3 Transaction Data / Dữ Liệu Giao Dịch
Storage: PostgreSQL via Prisma
Transaction log fields: Transaction ID (CUID), senderId, recipientId, amount, reason, status, balance snapshots, context (guildId, channelId, messageId), confirmation fields, and timestamps. Indexed by createdAt DESC, senderId, recipientId.
1.4 Giveaway Data / Dữ Liệu Giveaway
Storage: MongoDB giveaways collection.
Fields include message/channel/guild IDs, timestamps, prize
configuration, participation rules, display settings, host
information, etc.
1.5 Temporary Voice Channels / Kênh Voice Tạm
Storage: MongoDB tempChannels — Stores
guildId, channelId, ownerId, channel name, createdAt/updatedAt.
1.6 Message Data / Dữ Liệu Tin Nhắn
Snipe feature stores deleted messages in a temporary in-memory cache for a short retention time; data: message content, author, timestamp.
1.7 Cache Data / Dữ Liệu Cache
Storage: Redis for cooldowns, static data, temporary stores (button states, modal data). TTL varies from seconds to 15 minutes.
2. DATA STORAGE / LƯU TRỮ DỮ LIỆU
2.1 Database Systems
MongoDB (Primary) — Mongoose ODM. Connection pool: max 50 / min 10. Timeout settings included. Collections: users, guildsettings, giveaways, welcomesettings, leavesettings, boostsettings, autorolesettings, voicechannels, tempchannels.
PostgreSQL (Transaction Ledger) — ORM: Prisma Client. Immutable transaction logging.
Redis — Cache & Sessions. Connect timeout: 10,000ms. Max retries: 3.
2.2 Data Security
Database connections use TLS/SSL. Environment variables stored in .env. No hardcoded credentials. Input validation (Discord ID regex, email RFC-style) and sanitization are applied.
3. DATA PROCESSING / XỬ LÝ DỮ LIỆU
3.1 Purpose of Data Use
Economy system, giveaway management, server customization, voice management, analytics & monitoring.
3.2 Automated Processing
Scheduled tasks: premium expiry checks, inactive user cleanup (30+ days), empty voice channel deletion, cache expiration. Real-time processing: transaction validation, atomic balance updates, cooldown enforcement, permission checks.
4. THIRD-PARTY SERVICES / DỊCH VỤ BÊN THỨ BA
4.1 Discord API
Data shared: User IDs, usernames, discriminators, guild/channel/role IDs, message content (for commands), voice state info. Purpose: Bot functionality and event handling. Discord privacy policy applies.
4.2 PayOS Payment Gateway
Data shared: transaction amounts, external reference IDs, user identifiers for order linking. Purpose: process payments for virtual currency. Config via environment variables (PAYOS_CLIENT_ID, PAYOS_API_KEY, PAYOS_CHECKSUM_KEY). Example payment limits noted.
4.3 Database Hosting
MongoDB may be hosted on Atlas or self-hosted; PostgreSQL may use managed services. Data location depends on deployment.
5. DATA RETENTION / LƯU GIỮ DỮ LIỆU
5.1 Permanent Storage
Transaction logs retained indefinitely in PostgreSQL for audit purposes.
5.2 Active Storage
User data retained while actively using the bot; cleaned after 30 days inactivity. Guild settings retained while bot is in server and removed on bot removal.
5.3 Temporary Storage
Redis cache TTLs (seconds to minutes), snipe messages stored only in-memory for minutes, voice channels removed when empty.
6. USER RIGHTS / QUYỀN CỦA NGƯỜI DÙNG
6.1 Access Rights
Commands for users to access data: /cash,
/transactions, /user.
6.2 Modification Rights
Users cannot modify transaction logs or economy balances directly. Users (admins) can modify guild settings and voice channel names where permitted.
6.3 Deletion Rights
Users may request deletion of personal account data. Transaction logs remain permanent. Requests via Discord support server, email or GitHub issues.
7. SECURITY MEASURES / BIỆN PHÁP BẢO MẬT
7.1 Technical Security
// Discord ID validation
/^^\d{17,19}$/
// Email validation
/^[^\s@]+@[^\s@]+\.[^\s@]+$/
// Atomic transactions
session.withTransaction()
7.2 Access Control
Permission levels: User, Premium User, Guild Admin, Bot Owner. Command permissions enforced programmatically.
7.3 Error Handling
Error notification via webhooks; try-catch and no sensitive data exposed in messages.
8. DISCORD PERMISSIONS / QUYỀN DISCORD
8.1 Required Bot Permissions
Gateway intents include Guilds, GuildMembers, GuildMessages, GuildVoiceStates, Reactions, DirectMessages, MessageContent. Partials enabled for message/channel/reaction/guildMember/user.
8.2 Required Server Permissions
Minimum bot permissions: View Channels, Send Messages, Embed Links, Attach Files, Read Message History, Add Reactions, Use External Emojis. Voice features require Connect/Speak/Manage Channels/Move Members.
9. CONTACT & SUPPORT / LIÊN HỆ & HỖ TRỢ
Privacy requests: Discord support server, Email, GitHub issues. Response times: data access/deletion within 30 days; security issues within 24-48 hours.
10. COMPLIANCE / TUÂN THỦ
Bot operates under Discord Terms, GDPR (EU) and CCPA (California) where relevant. No intentional collection from children under 13.
11. UPDATES & CHANGES / CẬP NHẬT & THAY ĐỔI
Users are notified of policy changes via Discord announcements and support server. New data-collecting features require notice and consent when necessary.
12. DATA SUMMARY TABLE / BẢNG TÓM TẮT DỮ LIỆU
| Data Type | Storage | Retention | Purpose | Can Delete |
|---|---|---|---|---|
| User ID | MongoDB | Active use + 30 days | Identification | Yes* |
| Username | MongoDB | Active use + 30 days | Display | Yes* |
| MongoDB | Active use + 30 days | Optional verification | Yes | |
| Economy Balance | MongoDB | Active use + 30 days | Virtual currency | Yes* |
| Transaction Logs | PostgreSQL | Permanent | Audit trail | No |
| Guild Settings | MongoDB | While in server | Customization | Yes |
| Giveaway Data | MongoDB | 7 days after end | Feature | Yes |
* Except transaction logs which remain for audit purposes
13. KEY POINTS FOR PRIVACY POLICY / ĐIỂM CHÍNH CHO PRIVACY POLICY
- What data we collect — IDs, usernames, optional emails, economy/transaction, server config, voice activity, message data for snipe.
- Why we collect it — bot functionality, economy, giveaways, customization, voice management, performance.
- How we store it — MongoDB, PostgreSQL, Redis, encrypted connections.
- How long we keep it — active data while used, 30 days cleanup, transactions permanent.
- Who has access — bot owner, authorized devs, third parties.
- Your rights — access, request deletion (with limitations).
- Security measures — validation, rate limiting, encrypted storage.
14. RECOMMENDED PRIVACY POLICY STRUCTURE / CẤU TRÚC PRIVACY POLICY ĐỀ XUẤT
# Privacy Policy for Luryon Bot ## 1. Introduction ## 2. Information We Collect ## 3. How We Use Your Information ## 4. Data Storage and Security ## 5. Third-Party Services ## 6. Data Retention ## 7. Your Rights and Choices ## 8. Children's Privacy ## 9. International Data Transfers ## 10. Changes to This Policy ## 11. Contact Us