Skip to content

Instantly share code, notes, and snippets.

@Catbuttes

Catbuttes/AtlasResponse.md

Created February 4, 2020 16:24
Show Gist options
  • Save Catbuttes/a47ca19184ee3f0fdc804f52f346bebe to your computer and use it in GitHub Desktop.
Save Catbuttes/a47ca19184ee3f0fdc804f52f346bebe to your computer and use it in GitHub Desktop.
Download ZIP
Atlasbot GDPR response
Raw
AtlasResponse.md

Massive reminder that these answers are only according to my knowledge and I cannot currently verify if they are accurate answers. Sorry for the incoming DM spam!

  1. What information does Atlas collect about me?

The only information that Atlas collects and stores about you directly, that I am aware of, is your publicly available Discord username, discriminator, avatar, and ID, as well as what servers you are currently in (in order to display what servers you can edit the configuration of on the dashboard). The information we request from you is shown the very first time you log into the Atlas Dashboard - https://i.imgur.com/p6ngIEv.png - however it is also collected even if you don't directly authorize with the dashboard itself. The immediate uses of this information that comes to mind are:

  • Displaying who you are when logged into the dashboard (when authorized)
  • Displaying your position on a particular server's leaderboard, if the plugin is enabled (if the plugin was enabled at one point but disabled at a later point, during which time you sent a message in a channel that the Levels plugin was either whitelisted or NOT blacklisted in, your data is still stored so that it could still be shown on the leaderboard at a future stage if the plugin is reenabled).
  • Displaying the last user to edit an action

Messages you send in a channel that Atlas also has access to are not logged or displayed in any possible output. There are two exceptions to this - the first being if you make use of the "transcript" feature of the "Tickets" plugin. This is not enabled by default (transcripts are only created when requested through the command a!ticket transcript). If a transcript is created, any messages sent in the Ticket channel are stored and displayed on the dashboard, which can only be seen by users with authentication to do so, unless the option to make the transcript public is requested explicitly when the command is executed. To my knowledge, these users who are required to authenticate to view a non-public ticket are anyone who had access to view the channel at the time of the transcript's creation.

The second exception is not controlled by us - it is possible for users to create "actions" (custom commands) through Atlas' dashboard. A system for creating persistent custom variables exists with the names {perset} (to set a key with a name and value) and {perget} (to get the value of a key by its name). If a user has created an action that makes use of {perset} to store a user's message(s), it is possible that your message has been stored in this regard. Again, this is not controlled by us.

  1. Who has access to this information and who has this information been shared with?

I'm not sure this question can particularly apply to Discord bots. Your username (and discriminator) and avatar are shown publicly on Discord if you are a user of Discord's service (which is the only place we can get the above information from), hence this information can't be considered confidential or private. However, we don't share your username, avatar, discriminator or ID with any external service whatsoever.

  1. What processing is performed on this information?

Your data is only stored and retrieved for necessary uses. I am not personally knowledgeable on the full meaning of GDPR so I'm not sure what constitutes "processing" of data.

  1. What is the purpose of and legal basis for this processing?

As with question 3, your data is only stored and retrieved for necessary uses. This includes but is not limited to the uses outlined above.

  1. What is the retention period of the data that Atlas stores?

To the best of my knowledge, most of the data related to you is stored indefinitely. Login access tokens (provided to us by Discord through logging into the dashboard with your Discord account) are stored for ~7 days and then deleted if they are not refreshed. I am not aware of any other "lifespans" of data that relates to you.

  1. Has Atlas ever suffered a data breach which should have resulted in notification of the data subjects under the GDPR?

It should be important to note that to the best of my comprehension, Atlas is not required to comply to the GDPR, for a few reasons:

  • We are not a company. Atlas is created by one person. All other staff hold voluntary positions and are not considered "employees", nor do any of the staff receive payment for being staff.
  • We do not hold any personally identifiable or confidential information of European citizens. GDPR also does not benefit citizens of the United States - only citizens of countries in the European Union.

That being said, to the best of our knowledge we have never suffered a data breach at any time. To the best of my knowledge, we would not be required to notify any data subjects in the event of a breach, as, again, we do not hold any personally identifiable or confidential information of any persons, nor would such a breach result in unauthorized access of your Discord account (if your Discord account was accessed in an unauthorized manner, through a data breach that occurred on Atlas' end (which I must stress is impossible), we absolutely would notify you in this instance.)

  1. Finally, I would like to request a copy of all data Atlas currently holds on me.

I must again stress that, to the absolute best of my knowledge, Atlas is not required to comply with the GDPR as we do not meet the criteria for following the regulations set forth by the European Union. However, if it is possible for us to generate a log of any data we hold on you, we will absolutely let you know and generate one for you. I cannot speak for whether or not it is possible as I am not the one with access to do so, nor has it been done before, to my knowledge.

Raw
OriginalRequest.md

Hi node,

I am in a number of discord servers with the Atlas bot active. As such I would like to request information from you on the following:

1. What information does Atlas collect about me?
2. Who has access to this information and who has this information been shared with?
3. What processing is performed on this information?
4. What is the purpose of and legal basis for this processing?
5. What is the retention period of the data that Atlas stores?
6. Has Atlas ever suffered a data breach which should have resulted in notification of the data subjects under the GDPR?
7. Finally, I would like to request a copy of all data Atlas currently holds on me.

If you could pass that on to the appropriate people it would be much appreciated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment