Yvonne Privacy Policy
Last updated: July 2, 2026
This Privacy Policy explains how Yvonne ("the Bot", "we", "our") collects, uses, stores, and protects data when the Bot is used in a Discord server. Yvonne is a server security and anti-raid moderation bot. Its privileged Discord data access is used to provide safety features configured by server administrators.
Data We Collect
- Server configuration: Guild IDs, channel IDs, role IDs, feature toggles, action rules, allowlists, detection thresholds, verification settings, and alert-channel settings configured by server administrators.
- Member and moderation data: Discord user IDs, usernames or tags at the time of an event, role and permission information needed for safety checks, moderation actions, trigger reasons, timestamps, and audit records.
- Message safety data: Message text, mentions, links, attachment counts, and limited message metadata may be processed in real time to detect unauthorized invites, mass mentions, spam patterns, attachment raids, and other configured safety events.
- Safety event records: When a safety event triggers, the Bot may store guild ID, channel ID, user ID, trigger category, reason, action taken, and timestamp so administrators can review incidents and handle appeals.
- Threat intelligence data: Discord user IDs, violation categories, reasons, expiry data, and related safety metadata submitted by participating servers for cross-server defense.
- Operational statistics: Aggregate counters such as processed message counts, enforcement counts, anti-raid detections, and optional AI chat usage counts.
- License or tool access data: Discord user IDs, license codes, entitlement records, and related timestamps when users voluntarily redeem or use connected software tools.
How We Use Data
- To run server safety features selected by server administrators, including anti-nuke defense, invite filtering, mention monitoring, cross-channel spam detection, member screening, verification, alert reports, and cross-server threat checks.
- To verify whether a member is exempt from enforcement through role allowlists, channel/category exemptions, permissions, or bot hierarchy checks.
- To provide administrators with security reports, moderation audit context, and recovery information after a safety incident.
- To operate optional tools, licensing, and support features requested by users or administrators.
- To maintain reliability, detect abuse, debug failures, and improve safety protections.
Message Content
Message content is primarily processed in memory for real-time safety decisions. The Bot does not build a general archive of server conversations and does not provide searchable chat-history storage.
When a configured safety rule is triggered, the Bot may display limited evidence in Discord alert reports, such as detected invite codes, mention patterns, attachment counts, message metadata, the action taken, and the reason for enforcement. The Bot does not store message content in an off-platform message archive. Short-lived behavioral fingerprints used for spam and raid detection automatically expire after approximately 10 minutes.
Server administrators can disable message-monitoring modules, configure channel/category exclusions, configure role exemptions, or remove the Bot from channels where monitoring is not desired.
Server Members Data
The Bot uses Discord member data to detect new-member raid patterns, screen suspicious accounts, apply role allowlists, verify permissions, avoid acting on server owners or exempt administrators, and ensure the Bot only attempts moderation actions when it has the required hierarchy and permissions.
When an administrator enables existing-member scans, member data may be enumerated for that server to apply the configured safety checks. The Bot does not sell or share member lists for advertising or profiling.
Machine Learning and AI
The Bot's security and moderation detections are rule-based or statistical, such as invite-link matching, mention detection, cross-channel fingerprinting, attachment-count checks, and join-rate analysis. Privileged message-monitoring data is not used to train machine learning or AI models.
The Bot may include an optional AI chat feature that responds when users explicitly mention the Bot or submit supported inputs. To generate those replies, relevant prompt text, attachments, and nearby conversation context may be sent to configured AI service providers. AI chat can be disabled or restricted by server administrators. We do not use this data to train our own models.
Third-Party Services
We do not sell, rent, or share user data with advertising networks or data brokers. Data may be processed by infrastructure and service providers necessary to operate the Bot, such as Discord, hosting providers, PostgreSQL database infrastructure, Cloudflare services, webhook logging destinations, and optional AI providers used only when AI chat features are invoked.
Data Storage and Security
Persistent Bot data is stored on infrastructure managed by the Bot operator, including PostgreSQL and Cloudflare services where applicable. We use access controls, secret-based internal API authentication, parameterized database queries, transport encryption where available, and least-necessary logging practices to reduce unauthorized access and accidental disclosure.
Data Retention and Deletion
- Behavioral fingerprints used for spam and raid detection expire after approximately 10 minutes.
- Server configuration remains stored until administrators change it, clear it, remove the Bot, or request deletion.
- Moderation and safety records are retained as needed for security auditing, appeal handling, abuse prevention, and operational reliability.
- Threat intelligence records may expire automatically according to their configured threat expiry or be removed after review.
- Server administrators can clear server configuration and many server-specific safety records through the dashboard initialization function.
- Users or administrators may request deletion of personal data by contacting the developer. Requests are reviewed and processed within 30 days unless retention is required for security, abuse prevention, or legal obligations.
User and Administrator Controls
- Server administrators control whether major safety modules are enabled, including invite filtering, mention monitoring, behavior detection, member screening, verification, and AI chat categories.
- Administrators may configure role allowlists, channel exclusions, category exclusions, and action rules.
- Users can stop optional AI chat processing by not mentioning or invoking the Bot. Server-wide moderation monitoring is controlled by server administrators according to server rules.
- Removing the Bot from a server stops future processing for that server.
Children's Privacy
The Bot is not directed at children under the age of 13, and we do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided personal data, please contact us so we can review and delete it where appropriate.
Policy Updates
This Privacy Policy may be updated from time to time. Material changes may be announced through the support server or other reasonable channels. Continued use of the Bot after changes means the updated policy applies.
Contact
For privacy-related inquiries, appeal-related data questions, or deletion requests, please join the support server or contact the developer via GitHub.