Skip to content

Instantly share code, notes, and snippets.

@Catbuttes

Catbuttes/Mee6Response.md

Created February 4, 2020 13:18
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Catbuttes/cb6c2cffafdf573e405613c3afcb6532 to your computer and use it in GitHub Desktop.
Save Catbuttes/cb6c2cffafdf573e405613c3afcb6532 to your computer and use it in GitHub Desktop.
Download ZIP
Mee6 GDPR response
Raw
Mee6Response.md

Hi 👋

i wasn't able to find a discord account linked to this email address 😦 underneath is the info you asked, including some extra's as you asked some stuff that isn't in the standard GDPR request email. if you can give me your Discord User ID then i can make the extract of your data. (how to get user ID: http://dis.gd/userid or on the MEE6 website, your name top right, billing, account information, field discord ID) Ps. i would be interested in knowing how many other bots provided all the needed data within 30 days. one of the previous times someone asked us all this, he told us that we where the only one to correctly answer within 30 days. curious to know how it changed over time, if you want to tell me that ofcourse)

Hi,

To avoid confusion of what data is and isn't "personal" or "end user data" within GDPR description or within the Discordapp ToS for developers, here is a breakdown of all data we have on you, including both data that classifies as "personal" or "end user data" as the data that does not classify under that name. In attachment you will also find all the information we can access about you or have stored about you.

The information we have access to contains of your basic account information (that any user of Discord can see), your email address, your list of servers and what permissions you have in those servers. This is the information listed when you logged in on the MEE6 website you agreed to us having access to when you pressed the authorize button. we lose the access to your server list and permissions in those servers for servers MEE6 is not present in when you de-authorize MEE6 from your discord account (in the discord app, user settings, authorized apps). we lose the access to your nickname, join server at timestamp and roles when either you leave a server or MEE6 gets removed from that server. we lose the access to basic information (username, discrim, avatar hash) when both of the above apply.

Information we store in our database (encrypted confirm GDPR and other privacy laws) is limited to user ID + username + discrim + avatar at the time you last send a message that gave you xp in any server (to keep the leaderboard working for users that left set discord server), your user ID for all warnings you received and while you are muted in a server (to re-mute you if you leave and join back), a reference to you and your subscriptions, see part "premium and other payment stuff" lower.

Information we store in RAM cache​ is limited to your servers list (only when recently visited the website) and the information Discord sends to the client of any user that shares a server with you (id, username, discrim, avatar hash) For all servers you share with the bot this also includes: server join timestamp, nickname and roles. This info is fetch when we need it or is send together with events we receive from discord, this is kept in memory until (that part of) the bot restarts, or a garbage collection comes around.

processing data Messages you send in discord and other events you create are NOT STORED, we receive the events and process them where needed to provide the services that staff of the discord servers you are in have configured on there dashboard, but as the Discordapp ToS for developers state, we are not allowed to store it for longer as needed for the services we provide and events received from Discordapp are not considered end user data according to the Discordapp ToS for developers.

If you requested this information by email, then your email will be in our mailbox and will stay (archived) in our mailbox until you request us to delete it. If you requested this information using a chat service then your message requesting this information will stay available to us until you delete it yourself.

Premium and other payment stuff: W​e use a third party (https://www.chargebee.com/) to process payments and subscriptions, we do not store your payment info or any other info entered in the payment dialog pop-up, on our server, the third party stores and process this information. We only store a reference to the information in there system. to know how that information is stored and process, visit there site, there is a terms and a privacy button near the bottom. Transferring data to or from them is limited to Discord ID's and the ID's used by the third party's + really basic stuff like package name, status ("active", "pending cancellation" and "cancelled") and timestamps. Sending payment information and buying digital goods/subscriptions is done in your browser and send directly to there servers, this does not pass our servers. We just receive a message from them on success. OUR SERVERS NEVER SEE YOUR PAYMENT INFO!

In attachment, an export of the raw data that we can access/store: <DISCORD_ID>.json all info on your user account that we can access from discord + information stored in our system about you + information calculated on the fly ("bot", "bot_master" and "buffs" in the guilds list) if "account_id" is set to "null" then the third party used for payments does not have any of your information and the underneath file won't be included. CH_<ACCOUNT_ID>.json the information the third party for payments store about you, for as far as as they show that to us (info such as credit card number will only be partly shown), won't be present if the third party we use did not receive any information of your account yet. <DISCORD_ID>-levels.json all of the levels you have in all servers, including the username and avatar hash used to build up the leaderboard for that server. <DISCORD_ID>-infractions.json all of the warnings you received in servers, on usage of "the right to be forgotten" we will NOT remove your user_id, create_at timestamp or guild_id (or infraction id itself) from this to avoid abuse of the system, we are also not obligated to do so within Discordapp there ToS for developers, version available on date of writing this document.

As you have requested this information, you might also be interested in: the Discordapp ToS for all users: https://dis.gd/tos the Discordapp Privacy policy: https://discordapp.com/privacy the Discordapp ToS for developers: https://discordapp.com/developers/docs/legal our ToS: https://cdn.mee6.xyz/terms.pdf​ We are fully compliant with Discordapp there ToS and privacy policy.

DISCLAIMERS: This is a generic document made for both explaining our data processing/storage as for giving a user that asks for an export of the data we store on them, you will get this if you ask a part of this, even if you did not all of this information. Within GDPR we classify as a small organisation, meaning we do not need to have access logs (which we also don't have) and can't be hold reliable for lots of stuff. We are not native English, typo's and translation errors can be present, if you find an error in this document, feel free to tell us.

i noticed you asked some stuff that isn't in the general GDPR info request mail, so here are some extra's: 2, access to this data: the admins of MEE6 (total of 3 people) have full access. our support team has limited access, just enough to be able to help you better (what servers you are in and if you can access the dashboard of that server. also read-only access to all dashboards) the third party we use for payments: stores the info you enter in the payment dialog and the invoices/transactions for you. we also gave them your email if you do a payment (this in order to inform you about trouble with your payments and to send invoices). everyone who shares a server with you can use the user-info command to get info on you, however all info shown in this command is info they can find inside discord without help from bots. no other party's have access to the data we store.

5, retention period: levels, infractions (warnings) are kept untill deleted by a admin of the server in question. and are linked to you by user ID payments and invoices are (for legal reasons) kept forever, even if you ask to delete it. email is stated above. everything else is kept for as long as need to process it (usually less then a minute)

6, data breaches: we did not have any databreaches yet and i wasn't able to find any records of databreaches in the third party's we use (also not on the dark web).

— Sil#5262 Support manager from the MEE6 team

Raw
OriginalRequest.md

Hi guys,

I am in a number of discord servers with the Mee6 bot active. As such I would like to request information from you on the following:

  1. What information does Mee6 collect about me?
  2. Who has access to this information and who has this information been shared with?
  3. What processing is performed on this information?
  4. What is the purpose of and legal basis for this processing?
  5. What is the retention period of the data that Mee6 stores?
  6. Has Mee6 ever suffered a data breach which should have resulted in notification of the data subjects under the GDPR?
  7. Finally, I would like to request a copy of all data Mee6 currently holds on me.

Kind Regards,

CatButtes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment