GDPR Compliance

This page summarizes user rights and the legal bases for processing used by ChellOS. It complements the privacy protocol and reflects the real state of the service in April 2026.

1. General Framework

ChellOS is hosted in France and operated with a data minimization approach. Processing activities are limited to what is needed for commands, moderation, server administration, and community features explicitly enabled by administrators.

2. Legal Bases for Processing

We process your personal data on the following legal bases:

• Performance of the service: to answer commands and provide requested features
• Legitimate interest: for security, moderation, abuse prevention, and technical stability
• Consent or voluntary action: when an administrator enables certain community features or a user triggers an optional command
• Legal obligations: when retention or disclosure is required by applicable law

3. Categories of Data Concerned

Depending on the modules enabled on a server, ChellOS may process:

• Discord identifiers: user, channel, role, server, message
• server configuration data
• moderation data: warnings, sanctions, automod logs, blacklist
• community data: tickets, suggestions, levels, giveaways, reminders, notes
• a limited and temporary AI history when Chell AI is used
• minimal technical data needed for operation and diagnostics

4. Your Rights

Right of access

You may request a copy of the personal data concerning you that is actually retained by the service.

Right to rectification

You may request correction of inaccurate, incomplete, or outdated data.

Right to erasure

You may request deletion of your data when retention is no longer necessary, subject to legal obligations or a legitimate security interest.

Right to restriction

You may request a temporary suspension of certain processing activities when your situation justifies it.

Right to portability

Where applicable, a structured export of the data may be provided.

Right to object

You may object to certain processing activities based on legitimate interest. For processing strictly necessary to operation on a given server, objecting may require that you stop using the service or leave the relevant server.

5. Retention Periods

Warnings, notes, sanctions	12 months maximum
AI history	30 days maximum
Giveaways	7 days after the end
Strikes automod	Configurable auto-reset
Snipe	Volatile memory only
Server configuration	Until the bot is removed
XP, tickets, suggestions	12 months maximum

Data is deleted automatically once the retention period expires or on request when no legal or technical constraint prevents it.

6. Security and Hosting

We implement reasonable technical and organizational measures to limit access to data and protect the infrastructure:

• primary hosting in France
• restricted access for project owners only
• structured storage in MySQL with fallback mechanisms
• no data sale and no commercial profiling

7. External Services and Transfers

Chell AI runs locally and does not send your exchanges to a third-party provider. Some optional commands may still rely on external services such as ImgBB, GitHub, Short.io, OpenWeatherMap, Google Speech, or Twitch GQL. In those cases, only the data required to execute the command is transmitted.

Those services have their own privacy policies. Their use depends on the command or enabled module.

8. Personal Data Breaches

If a personal data breach is likely to create a high risk to your rights and freedoms, we will take the measures required under the GDPR, including informing affected individuals and, where appropriate, the competent supervisory authority.

9. Supervisory Authority

You have the right to lodge a complaint with the competent supervisory authority if you believe the processing of your personal data infringes the GDPR.