GDPR Compliance

1. Overview

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to all EU residents. At Hexify, we are committed to protecting your privacy and ensuring compliance with GDPR requirements.

2. Your Rights Under GDPR

As an EU resident, you have the following rights regarding your personal data:

3. Data We Collect

Personal Data Categories

• Identity Data: Discord User IDs, usernames, and server memberships
• Technical Data: IP addresses, device information, and usage logs
• Usage Data: Command history, feature usage, and interaction patterns
• Communication Data: Support tickets, feedback, and correspondence
• Financial Data: Payment information for premium subscriptions

Legal Basis for Processing

• Legitimate Interest: Service operation and improvement
• Contract: Providing premium services
• Consent: Marketing communications and analytics
• Legal Obligation: Compliance with applicable laws

4. Data Protection Measures

Technical Safeguards

• End-to-end encryption for sensitive data
• Secure cloud infrastructure with regular security audits
• Access controls and authentication systems
• Regular security updates and vulnerability assessments
• Data anonymization and pseudonymization where possible

Organizational Measures

• Privacy by design principles in system development
• Regular staff training on data protection
• Data protection impact assessments for new features
• Clear data retention and deletion policies
• Incident response procedures for data breaches

5. Data Transfers

International Transfers

When we transfer your personal data outside the EU, we ensure adequate protection through:

• Adequacy Decisions: Transfers to countries with adequate protection
• Standard Contractual Clauses: EU-approved contract terms
• Binding Corporate Rules: Internal data protection policies
• Certification Schemes: Industry-recognized privacy certifications

6. Data Retention

Retention Periods

• User Account Data: Retained while account is active + 30 days
• Server Configuration: Retained while bot is in server
• Support Communications: Retained for 3 years
• Financial Records: Retained for 7 years (legal requirement)
• Analytics Data: Anonymized and retained for 2 years

Automated Deletion

We have implemented automated systems to delete personal data when retention periods expire, ensuring compliance with data minimization principles.

7. Exercising Your Rights

How to Submit a Request

To exercise any of your GDPR rights, please use the form below or contact our Data Protection Officer directly.

8. Response Timeline

Processing Time

We will respond to your GDPR request within one month of receipt. In complex cases, this may be extended by two additional months with prior notification.

Verification Process

To protect your privacy, we may need to verify your identity before processing certain requests. This may include:

• Confirming your Discord account ownership
• Verifying access to the email address on file
• Additional security questions if necessary

9. Complaints and Supervision

Internal Complaints

If you're not satisfied with how we've handled your request, you can file a complaint with our Data Protection Officer.

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority. You can find contact information for EU data protection authorities at:

European Data Protection Board

10. Data Protection Officer

11. Updates to GDPR Compliance

We regularly review and update our GDPR compliance measures. Any significant changes will be communicated through:

• Updates to this page with change notifications
• Email notifications to users where required
• Discord announcements for major policy changes