Riff SupremoRiff-Off
Legal
Privacy Policy
Effective and last updated: July 16, 2026
This Privacy Policy explains how Riff Supremo accesses, uses, stores, shares, and deletes information when operating in the Riff-Off Discord community.
1. Who operates the Service
Riff Supremo is operated by the Riff-Off server owner and authorized administrators (the “Operator,” “we,” or “us”). This policy applies to the Discord bot and its associated web dashboard. Discord separately processes information under Discord’s own Privacy Policy.
2. Information we process
Depending on the enabled features and how you interact with the Service, we may process:
- Discord identifiers and profile data: user, server, role, channel, thread, message, event, and application IDs; usernames; display names; avatars; role membership; and server membership status.
- Commands and interactions: slash-command input, prefix commands, buttons, menus, modal submissions, command timestamps, permissions, and success or failure status.
- Community feature records: leaderboard scores, bump activity, streak dates, queue entries and state, polls and votes, statistics rosters, temporary-role timers, event subscriptions, reminder preferences, scheduled posts, checklists, and related configuration.
- Message activity: qualifying activity dates, counts, channel or category identifiers, timestamps, and limited message text when necessary to process prefix commands, prevent duplicate streak messages, provide moderation or knowledge features, or operate another explicitly enabled message-based feature.
- Voice activity: voice or Stage channel identifiers, join and leave times, session duration, exclusions, and derived rankings or reward eligibility. The Service does not record voice audio.
- Moderation and audit information: authorized staff actions, role changes, command usage, configuration changes, failures, and technical diagnostic records.
- Dashboard information: authorized staff Discord identity, access role, login timestamps, necessary session cookies, OAuth state, and standard web request or security logs. The Service does not receive your Discord password.
- Files and images: banners, graphics, or other files intentionally uploaded by authorized staff for bot displays. Some scheduled-post files are retained only until Discord publishes the post.
The optional Message Context and AI features may process more message text when explicitly enabled by the Operator. When disabled, those features do not create their optional searchable message store or send prompts to an AI provider.
3. How information is used
We use information to:
- Respond to commands and provide requested Discord features.
- Calculate points, streaks, statistics, voice activity, rankings, and eligibility.
- Deliver reminders, event subscriptions, moderation logs, and configured automated role actions.
- Authenticate authorized dashboard users and enforce staff permissions.
- Prevent abuse, investigate errors, secure the Service, recover interrupted jobs, and maintain reliable operation.
- Comply with Discord requirements, applicable law, and valid legal requests.
4. Legal bases where applicable
Where privacy law requires a legal basis, processing may rely on performance of the Service requested by users or server administrators, legitimate interests in operating and securing community tools, consent for optional actions such as reminder subscriptions, and compliance with legal obligations. You may withdraw consent for an optional feature, but prior lawful processing remains unaffected.
5. Sharing and service providers
We do not sell personal information and do not use it for third-party advertising. Information may be disclosed only as reasonably necessary:
- Discord: commands, messages, embeds, role actions, and other output are transmitted through Discord’s platform.
- Hosting and infrastructure providers: providers such as Railway may process stored data and technical traffic solely to host and operate the Service.
- Optional AI providers: if an AI feature is enabled, the text submitted to that feature and necessary context may be transmitted to the AI provider configured by the Operator.
- Legal and safety reasons: information may be disclosed when required by law or reasonably necessary to protect users, the Operator, Discord, or the Service.
Public bot outputs are visible to users who can access the Discord channel where they are posted. Private or ephemeral outputs are subject to Discord’s visibility controls.
6. Data retention
Information is retained only as long as reasonably necessary for the feature that collected it, server administration, security, dispute resolution, or legal compliance. Retention varies by feature:
- Configuration, leaderboards, statistics, streaks, and active automation records may remain while the feature is enabled and the server continues to use the Service.
- Completed, cancelled, expired, or deleted records may be removed, anonymized, aggregated, or retained for a limited period for operational integrity and auditing.
- Message Context retention, when enabled, follows its configured retention window.
- Temporary scheduled-post image bytes are cleared after publication, deletion, or permanent failure where the feature supports that cleanup.
- Backups and infrastructure logs may persist temporarily until they rotate or expire.
We will delete Discord API data when it is no longer necessary for permitted bot functionality, when the relevant user or Discord validly requests deletion, when the Service stops operating, or when required by law.
7. Your choices and requests
You may stop using optional features, cancel reminder subscriptions with their provided controls, leave the Discord server, or ask authorized staff to correct or delete eligible bot records associated with your Discord user ID.
To request access, correction, or deletion, contact the Riff-Off server owner or authorized staff through the community’s official Discord channels. Include your Discord user ID and identify the records or feature involved. We may verify your identity and may retain information where required for security, legal compliance, or the rights of others.
You may also use Discord’s own privacy controls or contact Discord regarding information controlled by Discord.
8. Security
We use reasonable administrative and technical measures such as restricted dashboard access, permission checks, encrypted HTTPS connections, protected credentials, and database controls. No online service can guarantee absolute security. If we identify unauthorized access that requires notice, we will notify Discord and affected users as required.
9. International processing
Discord and the Service’s infrastructure providers may process information in countries other than your own. Where required, the Operator relies on applicable provider safeguards and contractual protections for international transfers.
10. Children’s privacy
The Service is not intended for anyone below Discord’s minimum permitted age or the higher minimum age required in their jurisdiction. We do not knowingly seek information from children who are not eligible to use Discord. Contact the Operator if you believe ineligible information has been processed.
11. Policy changes
We may update this policy when features, providers, Discord requirements, or applicable laws change. The date at the top identifies the current version. Material changes may also be announced through the community where appropriate.
12. Contact
For privacy questions or data requests, contact the Riff-Off server owner or authorized staff through the community’s official Discord channels. Requests should include your Discord user ID so the Operator can locate the relevant records without requesting your password or other credentials.