Lunalith
|
Back to home

Privacy Policy

Last updated: May 2026.

How Lunalith collects, uses, and protects your data.

Overview

Lunalith is a Discord bot and web dashboard. This policy explains what data we collect, why we collect it, and how we protect it. We comply with the GDPR (EU) and the CCPA (California).

Data We Collect

We only collect data necessary to operate the bot and dashboard. This includes:

Your Discord public profile (ID, username, avatar) when you log in via Discord OAuth.
Your Discord OAuth access token, stored in Redis for up to 7 days to fetch your server list and permissions.
A session cookie to keep you logged into the dashboard.
Server-level data you configure: XP, stats, moderation cases, tickets, announcements, and permission settings. This data belongs to the server, not to you personally.
Ban appeal text and associated Discord user ID when a banned user submits an appeal.
Bot activity logs, error reports, and SmartEyes moderation logs tied to Discord user IDs for moderation purposes.

We do not collect payment information, browsing history outside our site, or personal contact details beyond what Discord provides.

SmartEyes AI Moderation

When the SmartEyes module is enabled on a server, message text and image attachments may be sent to an external AI moderation provider for real-time content analysis.

This data is processed for content classification only. We do not store the analyzed content beyond moderation logs. Images are transmitted as URLs or binary data depending on the provider. If you are an EU user, ask your server admin whether SmartEyes is enabled.

Cookies & Tracking

We use essential cookies only. There are no analytics, marketing, or third-party tracking cookies on the public website.

Session cookie — required to keep you logged into the dashboard.
Temporary security cookies during Discord login — required for authentication security.

We do not use Google Analytics, Facebook pixels, or similar tracking technologies.

Third-Party Services

We rely on the following third-party services:

Cloudflare — CDN and DDoS protection. May process IP addresses and request metadata.
Discord — OAuth authentication and bot API. Data handling is governed by Discord's Terms of Service and Privacy Policy.
AI moderation provider (outside the EU, if SmartEyes is enabled) — processes message text and images for content classification. Server admins control whether this module is active.

Data Retention

We retain data only as long as necessary:

Discord Token

Discord access tokens: up to 7 days.

Cache

Guild and permission cache: up to 10 minutes.

Ban Appeals

Ban appeals: 90 days, then automatically anonymized. After anonymization, the appeal text remains but PII is replaced.

Server Data

Server-level data (XP, stats, moderation, tickets): retained as long as the bot is in the server. Deleted on server reset or when the bot is removed.

Your Rights

Depending on your jurisdiction, you have the following rights:

Access — request a copy of the personal data we hold about you.
Deletion — clear your session, cached tokens, and guild cache from the Profile page. Server-level data must be requested through the server admin.
Portability — server data is exportable by server admins via the dashboard.
Objection — you can object to SmartEyes scanning by asking your server admin to disable the module or add your role to the immune list.

To exercise your rights, visit your Profile page or contact us. Server-level data requests must go through the server administrator because we act as a processor, not a controller, for that data.

Security

We encrypt data in transit (TLS 1.2+). Redis and database credentials are never exposed. Access tokens are stored in Redis with TTL expiration. Role-based permissions restrict who can modify server settings. We regularly review logs for abuse.

Changes to This Policy

We may update this policy to reflect new features or legal requirements. Changes will be posted on this page with an updated date.

Contact Us

If you have questions about this policy or want to exercise your rights, reach out via our Discord support server.