ButzeBotButzeBotPrivacy Policy
← Back to Home

Privacy Policy

Last updated: April 8, 2026 · In accordance with GDPR

1. Controller

The data controller responsible for this service is:

Julian Facklam

Winterhuder Weg 29, 7th Floor

22085 Hamburg, Germany

Email: [email protected]

2. Data We Collect

We collect and process the following data:

Discord OAuth (Web Panel Login)

When you log in to the ButzeBot web panel via Discord OAuth2, we receive and temporarily store:

  • Discord User ID
  • Username and discriminator
  • Avatar hash
  • List of Discord servers you are in

This data is stored in an encrypted session cookie (AES-256) on the server for up to 30 days. It is used solely to authenticate you and display your server list. We do not share this data with third parties.

Bot Data (Economy, Pets, etc.)

When you use ButzeBot commands in a Discord server, the following data may be stored in an SQLite database on the host server:

  • Discord User ID (for economy balances, XP, pet ownership)
  • Discord Server ID (for per-server configuration)
  • Economy data: coin balances, XP, transaction history
  • Pet data: pet names, stats, inventory
  • Leaderboard data: rankings per server

This data is stored on a private server. No User IDs are linked to real identities. Data is stored per-server and is not shared across servers.

Feedback Form

When you submit feedback via the feedback button, we collect:

  • First name
  • Email address
  • Discord username (optional)
  • Your message

This data is used solely to process your request and send a reply. It is forwarded via Brevo's transactional email API and received at [email protected]. We do not store feedback form submissions permanently after processing.

Europaletten-Rechner (Calculator Tool)

The Europaletten-Rechner available at butzebot.com/rechner is a purely client-side calculation tool. It does not collect, transmit, or store any data whatsoever.

  • All calculations are performed entirely within your browser using JavaScript
  • No data is sent to our servers or any third party
  • No cookies, local storage, or session data are written
  • No login or account is required
  • When you close or leave the page, all entered values are discarded immediately

This tool is provided as a standalone utility. It is technically impossible for us to access any values you enter into the calculator.

Omen Account (Rhythm Game)

When you register an account for the Omen rhythm game at butzebot.com/omen, we collect and store:

  • Username (chosen by you)
  • Email address (stored encrypted using AES-256-GCM on the server; never stored in plain text)
  • Password (stored as a bcrypt hash; we cannot recover your plaintext password)
  • Account ID (auto-generated numeric identifier)
  • Session tokens (random strings used to authenticate API requests from the game client)

Providing a username, email, and password is required to create an Omen account. Without this data, account creation and score submission are not possible. Email is used only for account verification and password reset. We do not use your email for marketing purposes.

Omen Game Data

When you submit scores or interact with the Omen game client or website, the following data is stored server-side in an SQLite database and associated with your account:

  • All submitted scores per map and difficulty (score value, accuracy, grade, max combo, PP, mods, stars, judgement breakdown, song length, total notes, date)
  • Total play count and all-time score (aggregated from submissions)
  • Replay files (.replay) for top-ranked plays, if submitted by the game client
  • Song metadata at time of submission (song ID, title, artist) as part of each score entry
  • Daily rank history snapshots (global rank and country rank per day)

Game data is stored on a private server and is publicly visible on the Omen leaderboard (scores, grade, accuracy, rank, level, achievements) under your chosen username. Your email address and password are never exposed publicly.

Omen Profile Content

You may optionally upload the following content to your Omen profile:

  • Profile picture (avatar) — max 500 KB, stored as PNG/JPG/WebP on the server
  • Profile banner — max 5 MB, stored as PNG/JPG/WebP on the server
  • Profile description — free-text, max 10,000 characters

This content is publicly visible on your Omen profile page. You can delete your avatar, banner, or description at any time through your account settings.

Omen Social Features

Omen provides the following social features, each of which stores data associated with your account:

  • Follow system — who you follow is stored and your follower/following counts are publicly visible on your profile
  • Song comments — comments you post on songs are publicly visible with your username and can be voted on by other users. You can delete your own comments at any time.
  • Song favorites — which songs you have favorited is stored. Aggregate favorite counts per song are publicly visible.
  • Achievements — calculated in real time from your scores and activity. Unlocked achievements are publicly visible on your profile.

Omen Online Status & Activity

When you are logged in to the Omen website or playing the game client, the following activity data is collected:

  • Last seen timestamp — updated periodically (every 30 seconds while active on the website, or on each score submission from the game client)
  • Last seen source — whether your last activity was from the website or the game client
  • Daily challenge participation — which daily challenges you played and your scores on them

Your online status (online/offline) and approximate last seen time are publicly visible on your profile and on the leaderboard. This data is used to show other players when you are actively playing.

Omen Discord Linking

When you use the /omen link Discord command, your Discord User ID is associated with your Omen username. This link is stored in the bot's database and is used solely to identify your Omen account when you use Omen Discord commands. You can unlink your account at any time using /omen unlink.

Omen Bug Reports

When you submit a bug report via the "Report Bug" button on the Omen page, we collect:

  • Your message (required)
  • Your username (automatically included if you are logged in; otherwise "Anonymous")

Bug reports are stored in a text file on the server and are used solely to identify and fix issues in the game. They are not shared publicly.

ButzeBot AI Chat (when you mention the bot or DM it)

ButzeBot includes a chat AI that activates when you @mention the bot in a Discord channel or send it a direct message. To provide context-aware replies, we store the recent messages of your conversation with the AI on our own server (channel ID, your Discord user ID, the message content, and a timestamp).

  • 100% local processing: the AI runs on hardware operated by us. No third-party AI provider, no cloud API, no external company processes your messages.
  • Retention: conversations are automatically deleted after 30 days. A daily background sweep removes any older entries.
  • Manual deletion: you can wipe your AI conversation history with the bot at any time by sending the bot the command !reset.
  • Scope: AI memory is per channel + per user, so DM conversations are not visible inside server channels.
  • Don't share secrets: please don't send credentials, passwords, or personal data you wouldn't want briefly stored. The AI is not designed for sensitive information.

Server Logs & Rate Limiting

The web server may retain standard access logs (IP address, timestamp, requested path) for security and debugging purposes. These logs are kept for a maximum of 30 days and are stored encrypted. We do not use IP addresses to identify individual users.

IP addresses may be temporarily held in server memory for rate limiting purposes (e.g., to prevent spam on bug report submissions). This data is never persisted to disk and is automatically cleared when the server restarts.

3. Legal Basis (GDPR Art. 6)

  • Art. 6 (1)(b) – Processing necessary for the performance of a service you requested (Discord OAuth login, bot functionality, Omen account operation and score submission)
  • Art. 6 (1)(f) – Legitimate interests: ensuring the security and integrity of our services, preventing abuse and spam, maintaining server stability, and retaining access logs for debugging purposes
  • Art. 6 (1)(a) – Consent (feedback form submission; Omen account registration)

Where processing is based on consent (Art. 6 (1)(a)), you have the right to withdraw your consent at any time by contacting us. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

We do not use automated decision-making or profiling as defined in Art. 22 GDPR.

4. Data Retention

  • Discord session data: up to 30 days, or until you log out
  • Bot data (economy, pets): retained until the bot is removed from your server or you request deletion
  • Feedback submissions: processed and not permanently stored
  • Server access logs: up to 30 days
  • Omen account data (username, encrypted email, password hash): retained until you request account deletion
  • Omen game data (scores, stats, replays): retained as long as your account exists, or until you request deletion
  • Omen profile content (avatar, banner, description): retained until you delete it or request account deletion
  • Omen social data (follows, comments, favorites): retained until you remove them or request account deletion
  • Omen bug reports: retained until processed and resolved
  • Omen session tokens: invalidated on logout; expire automatically after 90 days of inactivity
  • Omen online status: last seen timestamp is overwritten on each activity; no history is retained
  • Omen Discord link: retained until you unlink or request deletion

5. Your Rights (GDPR Art. 15–22)

Under GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15) – Request a copy of data we hold about you
  • Right to rectification (Art. 16) – Request correction of inaccurate data
  • Right to erasure (Art. 17) – Request deletion of your data ("right to be forgotten")
  • Right to restriction (Art. 18) – Request restricted processing of your data
  • Right to data portability (Art. 20) – Receive your data in a structured format
  • Right to object (Art. 21) – Object to processing based on legitimate interests

To exercise any of these rights, please contact us at [email protected]. We will respond within one month. This period may be extended by two further months where necessary due to the complexity or number of requests, in which case we will inform you within the first month.

You also have the right to lodge a complaint with a supervisory authority. The responsible authority for Hamburg is: Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit (HmbBfDI), Ludwig-Erhard-Str. 22, 20459 Hamburg, Germany — [email protected].

6. Recipients of Your Data & Third-Party Services

The following third parties may receive or process your personal data:

  • Discord Inc. (USA) – Receives your Discord credentials during OAuth2 login. Discord is based in the United States and is certified under the EU-US Data Privacy Framework (adequacy decision per Art. 45 GDPR, adopted July 2023). Please refer to Discord's Privacy Policy for details on how Discord processes your data.
  • Brevo SAS (France) – Receives email addresses and message content for sending transactional emails (feedback replies, Omen account verification, password reset). Brevo is based in the EU. A Data Processing Agreement (Art. 28 GDPR) is in place.
  • osu! / ppy Pty Ltd (Australia) – Song cover images and audio previews displayed on the Omen song browser are fetched from osu!'s public CDN (assets.ppy.sh). No user data is sent to osu! in this process.
  • Cloudflare Inc. (USA) – Our website is proxied through Cloudflare for DDoS protection and performance. Cloudflare may process your IP address and request metadata as part of their service. Cloudflare is certified under the EU-US Data Privacy Framework. Please refer to Cloudflare's Privacy Policy for details.
  • Omen Game Client – Omen is a third-party rhythm game developed independently. The game client communicates with our API to submit scores, manage accounts, and sync data. All data transmitted by the game client is covered by this privacy policy.

All data is stored on a private server located in Germany. We do not sell or share your personal data with any other third parties.

7. Data Security

Session data is encrypted using AES-256 and stored on a private server located in Germany. Omen account email addresses are encrypted at rest using AES-256-GCM. Passwords are stored exclusively as bcrypt hashes (cost factor 12) and cannot be recovered by us. Session tokens are cryptographically random and invalidated on logout. The server is not publicly accessible except through the web application. We apply reasonable technical and organizational measures to protect your data.

8. Children's Data

Our services are not directed at children under 16 years of age. If you are under 16, you may only use our services with verifiable parental consent. We do not knowingly collect personal data from children under 16 without appropriate consent. If we become aware that we have collected data from a child under 16 without parental consent, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Where changes materially affect the legal basis of processing, we will notify you via email or a prominent notice on the website and seek renewed consent where required.

10. Contact

For privacy-related inquiries, contact us at [email protected] or see our Impressum.