SysMODBeta

Privacy Policy

Last updated: April 10, 2026

This Privacy Policy explains how PROCOMM SYSTEMS SRL ("we", "us", "our"), operating the SysMOD Discord bot and web dashboard (the "Service"), collects, uses, stores, and protects your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Romanian and EU data protection laws.

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY. IF YOU DO NOT AGREE WITH OUR DATA PRACTICES, YOU MUST NOT USE THE SERVICE.

1. Data Controller

PROCOMM SYSTEMS SRL
Website: procomm.ro
Contact: privacy@procomm.ro

2. Data We Collect

2.1 Data from Discord OAuth

When you authenticate via Discord, we receive and store the following data provided by Discord Inc.:

  • Your Discord user ID (unique numeric identifier)
  • Your Discord username and display name
  • Your Discord avatar URL
  • Your email address (if provided by Discord)
  • List of servers (guilds) you have access to, including your permissions in each
  • OAuth access tokens (used to verify your identity and guild permissions)

2.2 Data from Bot Usage

When SysMOD is active in your Discord server, the following data may be processed. The specific data collected depends on which modules you enable:

  • Server (guild) ID, name, icon, and member count
  • Channel IDs and names (for module configuration and event routing)
  • Message content: Processed in real-time for auto-moderation filtering only. Message content is not permanently stored unless it triggers a moderation action, in which case a log entry is created.
  • Moderation action logs: actor ID, actor tag, target ID, target tag, action type, reason, and timestamp
  • Analytics data: message counts, member join/leave events, voice channel activity duration, command usage statistics (may include user IDs unless privacy mode is enabled)
  • Ticket content, messages, and HTML transcripts
  • Form/application submissions and review decisions
  • Giveaway entries and participation data
  • Reaction role configurations and interaction logs
  • Welcome/farewell configuration and template data
  • Clan membership, roles, and management data
  • Rust+ integration data: server connection credentials, pairing tokens, FCM registration data (if Rust+ module is enabled)

2.3 Data from the Web Dashboard

  • Module configuration settings per server
  • Session data (JWT tokens, stored in HTTP-only cookies)
  • IP addresses (collected for security, rate limiting, and abuse prevention via the IP firewall system)
  • Browser user-agent strings (for session security)
  • Dashboard usage patterns (pages visited, actions taken)

2.4 Data We Do NOT Collect

  • We do not read or store private/direct messages between users
  • We do not collect payment or financial information (the Service is currently free)
  • We do not sell, rent, or trade your personal data to third parties

2.5 Cookies and Local Storage

We use the following categories of cookies and browser storage:

  • Strictly necessary cookies: Authentication session tokens (JWT), CSRF protection tokens, theme preference. These are required for the Service to function and cannot be disabled.
  • Analytics cookies: Help us understand how the dashboard and website are used (page views, feature usage). Only set with your explicit consent.
  • Marketing cookies: Used for measuring the effectiveness of our communications. Only set with your explicit consent.

You can manage your cookie preferences at any time using the cookie settings banner on our website. Your preferences are stored in your browser's local storage.

3. How We Use Your Data

We process your data for the following purposes:

  • Service delivery: Operating the SysMOD bot and web dashboard, executing bot commands, processing moderation actions
  • Authentication: Verifying your identity and managing access permissions
  • Module functionality: Providing analytics, tickets, forms, giveaways, and other enabled module features
  • Security: Detecting and preventing abuse, unauthorized access, and service disruption (including IP firewall, rate limiting, and user blocking)
  • Service improvement: Analyzing usage patterns to improve features, performance, and user experience
  • Communication: Sending service-related notifications (e.g., status updates, breaking changes)

4. Legal Basis for Processing (GDPR Article 6)

  • Consent (Art. 6(1)(a)): For analytics and marketing cookies, and for optional data processing features you explicitly enable
  • Contract performance (Art. 6(1)(b)): To provide the bot and dashboard services you requested by adding the bot to your server
  • Legitimate interest (Art. 6(1)(f)): For security, fraud prevention, abuse detection, and service improvement. Our legitimate interest is balanced against your rights and does not override your fundamental freedoms.
  • Legal obligation (Art. 6(1)(c)): Where required by applicable law (e.g., responding to lawful data access requests)

5. Data Sharing

We do not sell your personal data. We may share data only in the following circumstances:

  • With Discord Inc.: As necessary for the bot to function (API calls, command execution, message delivery)
  • With hosting/infrastructure providers: Our servers process and store data. These providers act as data processors under GDPR.
  • With your server staff: Moderation logs, analytics, and ticket data are visible to authorized server administrators and moderators as configured by you
  • Legal requirements: If required by law, court order, or governmental authority, we may disclose data as legally obligated
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction

6. Data Retention

  • User profiles: Retained while your account is active (i.e., you have authenticated at least once). Deleted within 30 days of a deletion request, or automatically after 12 months of inactivity.
  • Moderation logs: Retained for up to 12 months, or as configured per server by the server administrator.
  • Analytics data: Aggregated (anonymized) data retained for up to 24 months. Individual event-level data deleted after 90 days.
  • Tickets and transcripts: Retained until manually deleted by server administrators, or automatically upon bot removal from the server (within 30 days).
  • Form submissions: Retained until manually deleted by server administrators.
  • Session cookies: Expire when the browser session ends or after 30 days, whichever comes first.
  • IP firewall logs: Retained for up to 90 days for security purposes.
  • Server data after bot removal: When the bot is removed from a server, all associated data (configurations, logs, analytics) may be deleted within 30 days.

7. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15): Request a copy of all personal data we hold about you.
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten"). Note: some data may be retained where we have a legal obligation or legitimate interest.
  • Right to restriction (Art. 18): Request that we limit the processing of your data in certain circumstances.
  • Right to data portability (Art. 20): Request your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interest or for direct marketing purposes.
  • Right to withdraw consent (Art. 7(3)): Withdraw your consent at any time (e.g., cookie preferences). Withdrawal does not affect the lawfulness of processing before withdrawal.
  • Right not to be subject to automated decision-making (Art. 22): The auto-moderation system makes automated decisions (e.g., deleting messages, issuing timeouts). These are configured by your server administrator and you may contact them to contest specific decisions.

To exercise any of these rights, contact us at privacy@procomm.ro. We will respond within 30 days as required by GDPR. We may request identity verification before processing your request.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Encryption of sensitive data at rest (e.g., API keys, credentials)
  • Access controls and authentication for all systems
  • IP-based firewall and rate limiting
  • Regular security reviews and updates

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security. You acknowledge that you provide your data at your own risk.

9. Third-Party Services

The Service integrates with and depends on the following third-party services that may process your data under their own privacy policies:

  • Discord Inc. (San Francisco, USA): Authentication, bot functionality, message delivery. Privacy policy: discord.com/privacy
  • Facepunch Studios (UK): Rust game integration data (if Rust+ module is enabled)
  • Infrastructure providers: EU-based hosting and database services acting as data processors under GDPR-compliant data processing agreements

We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.

10. International Data Transfers

Your data is primarily processed within the European Economic Area (EEA). However, certain data transfers outside the EEA may occur:

  • Discord Inc. (USA): Bot interactions with the Discord API necessarily involve data transfer to Discord's servers. This transfer is covered by Discord's own GDPR compliance measures including EU Standard Contractual Clauses.

Where data is transferred outside the EEA, we ensure appropriate safeguards are in place as required by GDPR Chapter V, including EU Standard Contractual Clauses (SCCs) or adequacy decisions.

11. Server Administrator Responsibilities

If you are a Discord server administrator who has added SysMOD to your server, you may act as a joint data controller or independent data controller for the data processed about your server members. You are responsible for:

  • Informing your server members that SysMOD is active and what data it processes
  • Ensuring you have a valid legal basis (under GDPR or applicable law) for the data processing performed by the modules you enable
  • Responding to data subject requests from your server members regarding data processed in your server context
  • Properly configuring privacy settings (e.g., analytics privacy mode) as appropriate for your community

12. Children's Privacy

The Service is not directed at children under 13 years of age (or 16 in EU member states where applicable, in accordance with GDPR Article 8). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without appropriate consent, we will take steps to delete that data promptly. If you believe a child has provided us with personal data, please contact us at privacy@procomm.ro.

13. Automated Decision-Making and Profiling

The Service uses automated processing in the following ways:

  • Auto-moderation: Messages may be automatically analyzed for spam, prohibited content, excessive caps, unauthorized links, and toxicity (including AI-powered analysis). Automated actions may include message deletion, user warnings, timeouts, kicks, or bans based on server administrator configuration.
  • Analytics aggregation: User activity data may be automatically aggregated for server analytics dashboards.

These automated systems are configured and enabled by server administrators. We provide the tools; the configuration and resulting actions are the responsibility of the server administrator. If you are a server member affected by automated decisions, please contact your server administrator.

14. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33
  • Notify affected users without undue delay where required by GDPR Article 34
  • Document all breaches, their effects, and remedial actions taken

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. The "Last updated" date at the top reflects the most recent revision. We will make reasonable efforts to notify users of material changes through the dashboard or Discord bot, but it is your responsibility to review this policy periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.

16. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

  • The Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP): dataprotection.ro
  • Your local EU/EEA data protection authority, if you reside in a different member state

17. Disclaimer of Liability for Data Processing

To the maximum extent permitted by applicable law, PROCOMM SYSTEMS SRL shall not be liable for any damages arising from:

  • Unauthorized access to or alteration of your data due to security vulnerabilities beyond our reasonable control
  • Data loss or corruption resulting from third-party service failures (including Discord API outages or hosting provider issues)
  • Actions taken by server administrators using data collected through the Service
  • Your failure to properly configure privacy settings or obtain consent from your server members
  • Inaccuracies in AI-powered content analysis or automated moderation decisions

This limitation applies to the maximum extent permitted by GDPR and applicable law. It does not affect your statutory rights under the GDPR.

18. Contact

For any questions about this Privacy Policy, to exercise your data protection rights, or to report a data protection concern, contact:
PROCOMM SYSTEMS SRL
Email: privacy@procomm.ro
Website: procomm.ro

We aim to respond to all legitimate requests within 30 days. If your request is particularly complex, we may extend this period by an additional 60 days, in which case we will notify you.