Privacy Policy — SX2 Nexus

01.Overview

SX2 Nexus ("the bot", "the service", "we", "us") is a Discord bot and web dashboard operated by Team Sam Develops. This Privacy Policy explains what data is collected when you use SX2 Nexus, why we collect it, how long we keep it, and the rights you have over your data.

By adding SX2 Nexus to your Discord server or using its commands, you acknowledge this policy.

Short version: We store Discord IDs and server configuration needed to run the bot. We do not read or store your messages (except moderator-provided reasons on mod actions), we do not sell your data, and we do not share it with advertisers.

02.Data We Collect

The following data is stored in our database (Supabase, EU region — eu-central-1, Frankfurt, Germany).

Category	What is stored	Purpose
Server Configuration	Guild ID, channel IDs, role IDs, command prefix, feature settings, welcome and goodbye messages	Operate per-server bot features
Moderation Records	Target user Discord ID, moderator Discord ID, action type, reason text provided by moderator, timestamp	Maintain moderation history for server admins
Warnings	User Discord ID, guild ID, warning reason, moderator ID, timestamp	Track member infractions within a server
Temporary Bans	User Discord ID, guild ID, ban reason, moderator ID, ban and unban dates	Schedule automatic unbans
Verification Settings	Guild ID, verified/unverified role IDs, verify channel ID, log channel ID, min account age, verification count	Power the member verification system
Command Usage	Command name, guild ID, usage count, last used timestamp	Service analytics and improvement
Custom Commands	Guild ID, trigger phrase, response text (configured by admins)	Store admin-configured bot responses
Role Menus, Polls, Giveaways	Guild ID, channel ID, message ID, configuration options, titles, entries	Power interactive Discord features
Notification Configs	Guild ID, Twitch or YouTube channel identifier, Discord notification channel ID	Send live stream and upload alerts
Dashboard Access	Discord user ID (OAuth2 login), audit log of settings changes (user ID, action, timestamp)	Authenticate dashboard users and maintain a change log
Premium Subscription	Patreon email (verification only), Discord user ID of activating admin, guild ID, activation and expiry timestamps	Verify active Patreon subscription and enable premium features
Server Logs	IP address and standard HTTP access logs (Render infrastructure)	Security monitoring and debugging — retained ≤30 days

03.What We Don't Collect

SX2 Nexus is designed to operate without reading your conversations. The following is not collected or stored:

Message content — the bot does not read or store what members type in chat. The sole exception: when a moderator issues a warning, ban, kick, or timeout and provides a reason, that reason text is stored as part of the moderation record.
Direct message (DM) content
Voice activity — who joins/leaves voice channels or what is said
Usernames or display names — unless typed by a moderator as a moderation reason
Email addresses — except the Patreon email used solely to verify premium subscription status
Payment card or banking details — billing is handled entirely by Patreon; we never receive payment instrument data
Location data

04.How We Use Your Data

Service operation — to run bot features: moderation, welcome messages, role menus, notifications, custom commands, polls, and giveaways
Dashboard authentication — to verify your identity via Discord OAuth2 when you log into sx2nexus.com
Premium access management — to confirm Patreon subscription status and gate premium features
Service improvement — aggregated command usage data helps us understand feature adoption
Abuse prevention — moderation records support server admins in maintaining community standards
Legal compliance — premium payment records are retained for tax and accounting obligations

We do not use your data for advertising, profiling, or any purpose beyond operating SX2 Nexus.

05.Legal Basis for Processing (GDPR)

We process personal data under the following legal bases as defined in GDPR Article 6:

Legitimate interests (Art. 6(1)(f)) — moderation records, command analytics, audit logs, and security monitoring. Our interest is providing a functional moderation and community management service.
Performance of a contract (Art. 6(1)(b)) — data required to provide the bot's features to guilds that have installed it; premium subscription management.
Consent (Art. 6(1)(a)) — Twitch/YouTube notification subscriptions configured by guild admins; dashboard login via Discord OAuth2.
Legal obligation (Art. 6(1)(c)) — retaining premium payment records for tax and accounting obligations.

06.Data Retention

Data Type	How Long We Keep It
Guild configuration and feature settings	Retained while the bot is in the guild; deleted within 30 days of bot removal
Moderation records, warnings, tempbans	Retained while the bot is in the guild; deletable on request by a guild admin or affected user
Command usage statistics	Aggregated data retained indefinitely; purged with guild data on bot removal
Dashboard audit log	Retained while the bot is in the guild; deleted with guild data on removal
Premium subscription records	Retained for the longer of: (a) the active subscription period, or (b) 7 years for tax and accounting purposes
Patreon email	Deleted when subscription ends, unless required for payment dispute resolution (max 1 year post-cancellation)
Server access logs (Render)	Up to 30 days, per Render's standard log retention
Dashboard OAuth2 sessions	Expire within 7 days per Discord's token lifecycle; not persisted server-side after expiry

07.Third-Party Services

The following third-party services are used to operate SX2 Nexus:

Supabase — PostgreSQL database hosting. Data is stored in eu-central-1 (Frankfurt, Germany). Supabase is GDPR compliant. Supabase Privacy Policy ↗
Render — Application and dashboard hosting. Render processes connection metadata as part of standard hosting operations. Render Privacy Policy ↗
Discord — The platform on which the bot operates. Your use of Discord is subject to Discord's Privacy Policy ↗. We receive only the data Discord provides via its bot API and OAuth2 flow.
Patreon — Payment processing for premium subscriptions. We receive payment confirmation and a Patreon email address via Patreon's webhook to verify active subscriptions. Patreon Privacy Policy ↗
Twitch / YouTube — Public APIs used to check streamer live status and publish alerts. No personal data about your server's members is shared with these services.

We do not sell, rent, or trade personal data. We do not use advertising networks or data brokers.

08.Your Rights

If you are in the EU, EEA, or UK, you have the following rights under GDPR / UK GDPR:

Access — request a copy of the personal data we hold about you
Deletion ("right to be forgotten") — request deletion of your personal data
Rectification — request correction of inaccurate data
Portability — request your data in a structured, machine-readable format (JSON)
Restriction — request that we limit processing of your data
Objection — object to processing based on legitimate interests
Withdraw consent — where processing is based on consent, you may withdraw at any time without affecting prior processing

To exercise any right, email developssam@gmail.com or contact us in the Discord support server. We will respond within 30 days.

You also have the right to lodge a complaint with your local supervisory authority (e.g. the ICO in the UK, or your EU member state's data protection authority).

Note: deleting moderation records at your request may affect a server's ability to maintain a consistent moderation history. We will inform you of any limitations before proceeding.

09.Children's Privacy

SX2 Nexus is intended for users aged 13 and over, consistent with Discord's minimum age requirements. Discord itself prohibits users under 13 from creating accounts.

We do not knowingly collect personal data from children under 13. If you believe a child under 13 has used the service and data has been collected, contact us at developssam@gmail.com and we will delete that data promptly.

10.California Residents (CCPA)

California residents have the following rights under the California Consumer Privacy Act (CCPA):

Right to Know — request disclosure of the personal information we collect, use, and share
Right to Delete — request deletion of personal information we hold
Right to Opt Out of Sale — opt out of any sale of personal information

We do not sell personal information. We do not share personal information for cross-context behavioural advertising.

To exercise CCPA rights, contact developssam@gmail.com. We will respond within 45 days.

11.Security

We use the following technical measures to protect your data:

Database Row-Level Security (RLS) enabled on all tables in Supabase
Database access uses a service role key; no public or anonymous access is configured
Dashboard login uses Discord's OAuth2 — no passwords are stored by us
All connections to the database use TLS encryption in transit
Production infrastructure access is restricted to the operator

No system is perfectly secure. In the event of a data breach affecting personal data, we will notify affected users via the Discord support server and, where required by law, the relevant supervisory authority within 72 hours.

12.Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page and post an announcement in the Discord support server.

For material changes (what data we collect, how we use it, or who we share it with), we will provide at least 30 days notice before the change takes effect. Continued use of SX2 Nexus after the effective date constitutes acceptance.

13.Contact

For privacy requests, data rights, or questions:

Email: developssam@gmail.com
Discord: discord.gg/FWChhsVG4r

Operator: Team Sam Develops, operating SX2 Nexus from Scotland.

Data is stored in the EU (eu-central-1, Frankfurt, Germany).