1. Scope and controller
This policy applies to the SynSecurity website, any Discord bot or moderation workflow operated under the SynSecurity name, and any support channels or dashboards that are offered alongside those services. The exact controller may vary depending on how the service is deployed, who operates the server, and what data is being processed.
For the public website itself, SynSecurity Systems is the controller of the information submitted through the site. For server-specific installations, the relevant server owner or operator may also have controller responsibilities for the data they choose to collect or send to the service. Where SynSecurity processes data on behalf of a server owner, the arrangement should be documented clearly.
2. Information we may process
Depending on how the service is used, SynSecurity may process the following categories of information:
- Discord user IDs, usernames, display names, avatars, and server membership details.
- Reports submitted by users, including message content, screenshots, links, and moderation notes.
- Sanctions, reputation points, appeal outcomes, and case history connected to the moderation workflow.
- Support requests, contact messages, and any context needed to answer a question safely and accurately.
- Technical data such as timestamps, device or browser information, IP addresses, and server logs where the hosting setup records them.
- Any information voluntarily provided in a report that may include personal data or special category data.
We try to limit the information we process to what is needed for moderation, safety, auditing, and service operation. If a report includes more data than is necessary, staff should avoid using or retaining that extra information unless it is required for the case.
3. Why we use your information
SynSecurity uses personal data to operate the service, review reports, keep communities safe, support appeals, prevent abuse, and maintain accurate records. In UK GDPR terms, the likely lawful bases may include consent, contract, legitimate interests, legal obligation, and in rare cases vital interests.
Contract
To provide the bot, dashboard, or support service requested by a server owner or user.
Legitimate interests
To keep communities safe, prevent abuse, investigate reports, and improve service quality.
Legal obligation
To comply with applicable law, preserve evidence where needed, or respond to lawful requests.
Consent
For optional features or communications where consent is the appropriate legal basis.
We do not use personal data for unrelated advertising or sell it to third parties. If the purpose of processing changes, this policy should be updated before the change goes live.
4. Sharing, processors, and transfers
We may share information with trusted service providers that help us host the website, operate the bot, store logs, or manage support channels. These providers should only process data on documented instructions and should be subject to appropriate security and confidentiality controls.
Information may also be shared with Discord, with the relevant server owner, or with a law enforcement body if a report indicates unlawful activity, a serious safeguarding concern, or another issue that requires escalation. We may also disclose data where we are required to do so by law or where disclosure is necessary to protect rights, safety, or property.
If personal data is transferred outside the United Kingdom, we should use an appropriate safeguard such as an adequacy regulation, standard contractual clauses, or another permitted transfer mechanism under UK GDPR. The transfer approach should be documented in the operational records for the service.
5. Retention and deletion
We keep information only for as long as it is needed for moderation, appeals, security, and legal compliance. Report logs and moderation records may be retained longer than ordinary support messages because they are used to protect the community and to explain enforcement outcomes later if needed.
When information is no longer needed, it should be deleted or anonymised where possible. If a backup system retains data for a short period after deletion, that should be explained in the technical notes for the service and removed on the next practical cycle.
A sensible retention schedule should be written for each data type. For example, routine support messages can often be deleted more quickly than case logs or records that are required for safety or legal defence.
6. Your rights under UK GDPR
Depending on the lawful basis being used and the circumstances of the request, you may have the right to access, correct, delete, restrict, object to, or move your personal data. You may also be able to withdraw consent where consent is the lawful basis. Some rights may be limited where the law requires us to keep the data or where deletion would undermine a valid moderation record.
- Right of access to the data we hold about you.
- Right to rectification if a record is inaccurate or incomplete.
- Right to erasure in appropriate circumstances.
- Right to restriction or objection in the situations set out by UK GDPR.
- Right to data portability where the law gives that right.
- Right to complain to the Information Commissioner's Office if you remain unhappy after contacting us.
Requests should be made through the support route listed by SynSecurity. We may need to verify identity before actioning a request, especially if the request relates to moderation logs or other sensitive records.
7. Children, special category data, and safety
SynSecurity is not intended to be used as a service for children who are too young to use Discord or who are otherwise restricted by local law or platform rules. We do not knowingly target children, and if a report reveals that a child may be at risk we may preserve the relevant evidence and escalate the matter.
Special category data, such as health, racial or ethnic origin, religion, or sexual orientation, should only be processed when it is genuinely necessary for moderation or safeguarding and when appropriate safeguards are in place. Users should avoid including unnecessary sensitive data in a report unless it is essential to explain the concern.
8. Cookies, logs, and technical data
The public website can be operated without marketing cookies. If functional cookies, analytics, or similar tracking are introduced later, the notice should be updated to explain what is used and why. Any browser-side settings should be described clearly so users understand what is stored locally.
Hosting systems may automatically record standard server logs, such as request timestamps, IP addresses, user agents, and error information. We use those logs for security, troubleshooting, and abuse prevention, and we keep them only for as long as necessary for that purpose.
9. Complaints and contact
If you want to exercise your rights, correct a record, or ask a question about this policy, use the support route published by SynSecurity. Please provide enough detail for us to identify the relevant record and respond accurately.
If you believe we have not handled your information properly, you can also raise a complaint with the UK supervisory authority, the Information Commissioner's Office. More information is available at ico.org.uk and via the ICO helpline on 0303 123 1113.
10. Related legal framework
This policy is written with the following UK legal framework in mind. It is not an exhaustive legal statement and should be checked against the actual service configuration before publication.
UK GDPR
Sets the rules for lawful, fair, transparent, and secure processing of personal data.
Data Protection Act 2018
Works alongside the UK GDPR and provides the domestic framework for data protection in the UK.
Privacy and Electronic Communications Regulations 2003
Relevant where electronic marketing, cookies, or similar tracking technologies are used.
Online Safety Act 2023
Relevant to the handling of illegal content, harmful content, and platform safety responsibilities.