Privacy Policy

Last Updated: April 15, 2026 Version 1.4 GDPR Compliant

Summary: We collect only the minimum data necessary to provide our service. We do NOT sell your data. You can request deletion of your data at any time.

1. Data Controller

The data controller for Levlix is:

  • Operator: Atraxo - Levlix
  • Country: Switzerland
  • Email: [email protected]
  • Service: Levlix Discord Bot

2. Data We Collect

2.1 Data Collected Automatically

When you interact with Levlix, we automatically collect:

Data Type Purpose Retention
Discord User ID Identify users across sessions Until deletion request
Discord Username Display in leaderboards Updated on each interaction
Server (Guild) ID Associate data with servers Until bot removal
Activity Metrics Message counts, voice channel durations, reactions, and invite tracking for points and leaderboards Up to 365 days (aggregated, no message or audio content stored)
Action Histories Logs of shop purchases, mini-game wagers, and RPG character progression for support and moderation Until deletion request
Last Active Timestamp Track user activity for server administration Updated on each interaction
Points Balance Core bot functionality Until deletion request
2.2 Data We Do NOT Collect
  • Message content (we only count messages)
  • Direct messages (DMs)
  • Voice conversations (audio)
  • IP addresses (via the Discord Bot)
  • Payment or financial information
2.3 Web Dashboard Data & Analytics

When using our web dashboard, we additionally process:

  • OAuth2 tokens (for Discord authentication, stored securely)
  • Session cookies (for login persistence)
  • Browser user agent (for security/analytics)
  • IP Addresses & Security Logs: We temporarily process and log your IP address to protect our infrastructure from automated attacks (using Rate Limiters and Fail2Ban). These logs are automatically purged.
2.4 Web Beacons, Cookies & Google Analytics

Our website uses "Cookies" — small text files stored on your device. We separate these into two categories:

  • Essential Cookies: Used to keep you logged in to the dashboard securely. These cannot be disabled.
  • Analytics Cookies (Google Analytics 4): Used to measure website traffic and improve our services. These are disabled by default.

Google Analytics 4 (GA4): If you provide your explicit consent via our Cookie Banner, we use GA4 (provided by Google Ireland Limited). We have activated the anonymize_ip feature, which means your IP address is truncated and anonymized before being stored by Google.

Revoking Consent: You can revoke your consent at any time by clicking the "Cookie Settings" link in the footer of our website, or by clearing your browser cookies.

3. Legal Basis for Processing (GDPR Art. 6 / nDSG Art. 6)

We process your data based on the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (nDSG):

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide the Bot's services you requested
  • Legitimate Interest (Art. 6(1)(f)): Security, fraud prevention, and service improvement
  • Consent (Art. 6(1)(a)): For optional features and analytics

4. How We Use Your Data

Your data is used exclusively to:

  • Provide core Bot functionality (points, leaderboards, games)
  • Track activity for rewards and milestones
  • Prevent abuse and ensure fair gameplay
  • Provide server administrators and owners with aggregated member activity overviews (e.g. levels, points, last active status) via the web dashboard, limited to their own server's data
We do NOT: Sell your data, share it with third parties for marketing, or use it for purposes other than described above.

5. Data Storage & Security

5.1 Storage Location

Your data is stored on servers located in:

  • Primary Database: European Union (Germany, Hetzner)
  • CDN & Security: Global Edge Network (Cloudflare)
5.2 Security Measures
  • Encrypted database connections (TLS/SSL)
  • Parameterized queries (SQL injection prevention)
  • Rate limiting and DDoS protection
  • Automated backups with encryption
5.3 Data Retention
  • User data: Retained until deletion request or account inactivity (2 years)
  • Server data: Deleted 30 days after bot removal
  • Logs: Retained for 30 days for security purposes

6. Your Rights (GDPR)

Under GDPR, you have the following rights:

Right to Access

Request a copy of all data we hold about you.

Right to Erasure

Request deletion of all your data ("Right to be Forgotten").

Right to Rectification

Correct inaccurate personal data.

Right to Portability

Receive your data in a machine-readable format.

Right to Object

Object to processing based on legitimate interest (Art. 21 GDPR).

Right to Restriction

Request restriction of processing under certain conditions (Art. 18 GDPR).

How to Exercise Your Rights
  1. Send an email to [email protected] with your Discord User ID
  2. Or contact us via our official Discord server and open a support ticket

We will respond within 30 days as required by GDPR. The exercise of your rights is free of charge.

7. Data Processors & Sharing

We share data only in these limited circumstances with our trusted providers (Data Processors):

  • Discord API: Required for bot functionality (governed by Discord's Privacy Policy)
  • Hosting Provider (Hetzner): Our secure server infrastructure located in Germany
  • Cloudflare: Used for DDoS protection, CDN, and cookieless Web Analytics
  • Legal Requirements: If required by law or valid legal process

8. Contact & Complaints

For privacy-related questions or concerns:

Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For Switzerland, the competent authority is:

  • FDPIC (EDÖB)
  • Federal Data Protection and Information Commissioner
  • Feldeggweg 1, 3003 Bern, Switzerland
  • www.edoeb.admin.ch

For EU residents, you may also contact your local data protection authority.

9. International Data Transfers

Your data is primarily stored in the European Union (Germany). However, some of our service providers (e.g., Cloudflare) may process data outside the EU/EEA. In such cases, data transfers are protected by:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable (Switzerland is recognized as providing adequate protection)
  • Provider-specific DPAs (Data Processing Agreements) with all sub-processors

10. Children's Privacy

Levlix is not intended for use by anyone under the age of 13, in accordance with Discord's Terms of Service. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us immediately at [email protected] and we will promptly delete it.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via:

  • The Bot's announcement system
  • Our official Discord server
  • This webpage (with an updated "Last Updated" date)

Continued use of the Bot after changes constitutes acceptance of the updated Privacy Policy.

12. Automated Decision-Making

Levlix does not use automated decision-making or profiling that produces legal or similarly significant effects on users. All game mechanics, point calculations, and leaderboard rankings are based on transparent, rule-based systems with no AI-driven profiling.

Terms of Service Back to Home

Your Privacy

We use essential cookies and Google Analytics to continually analyze and improve our services. Do you consent?

Privacy Policy