Privacy

This document details what data the Python Discord organisation store on you as a member of the Python Discord community. Privacy and security of member data is one of our top priorities while managing Python Discord. This document sets out what data we store, why we need this data, who has access to this data, and how we process it. Please see the terminology section to better understand this document.

This document is inspired by the GitHub Privacy Statement.

Table of contents

Section Overview
What data do we store? Data we collect from users as part of them being a member of the community.
What data do we not store? What data is not collected from users.
Assurance on processing Our policy for handling user data.
Services Information on the services we run and what data is stored by them.
Voice Information on how moderation and reporting of voice incidents is handled
Contact Information on contacting the Python Discord data controller with concerns or queries.

What data do we store?

This information is cleared upon exiting the guild apart from when your account has an infraction registered. User data for non-infracted users is cleared in the monthly data reviews which can be found here.

We may collect message contents tied to user accounts when a user has triggered our anti-spam system. These messages will be held for up to a month while we process the infractions and are also cleared as a part of our monthly data review.

No message content is stored outside the guild unless a service explicitly requires it, this is detailed below in the services section.

When a user breaches our rules or the code of conduct in our guild we tie an infraction record to their account. This data is persisted across leaving the guild and is essential to processing.

We store anonymous statistics which are detailed here.

What data do we not store?

We do not knowingly store the data of users under 13. On becoming aware of a user who is below the age of 13 we forward this information on to Discord who take action on the user as they find appropriate. Once this user has been deleted from Discord we remove data we hold on them.

We do not store message contents unless they are required for moderation, examples of this are the anti-spam filters. Should we feel the need to store message data for any reason once we have concluded processing of this data it is removed from our servers.

Assurance on processing

We take numerous steps to ensure data is handled carefully in the community.

Direct database access is only available to the dev-ops team, under 5 people.

Infraction data is only accessible to Moderators and Administrators and access to this information is audited.

We ensure that all data we store is critical to operation and do not store more than is needed. We aim to be as transparent as possible on what data we store and for what purpose, part of this assurance is the monthly data reviews we take to audit all information stored.

Services

Below is service specific information of what data we hold. There is an entry for at least every service we run on our servers which stores user data, and some third party services which have access to some user data.

Bot

Data How is it used?
Message contents Message contents may be cached internally in the bot, however we do not make use of this data.
User IDs Internal structures in the bot may use user IDs for management of cooldowns and temporary state data.

Site

Data How is it used?
Usernames, IDs, discriminators This data is stored in one of our tables on every member currently in the guild, and those that have left with an infraction history. It is used to display infraction information in an easier way to our administrative staff.
Infractions We use infractions to retain information on what bad actors have done while in our community, this data is persistent and does not get removed so that should users return we have an existing history on them, allowing for swift moderation.
Discord & GitHub OAuth2 data When a user logs into our site we retain Discord OAuth2 data, which includes your username, discriminator, ID, and avatar hash. If a user optionally links their GitHub to our site then we retain that data additionally. This data is used to display the currently logged in user on the site and manage access to features on the site (administrative tools, wiki, etc.).
Message contents In the event of an anti-spam trigger we record the messages deleted by the filter. This data is removed during our monthly data review as detailed above. An anti-spam trigger does lead to an infraction.

Modmail

Data How is it used?
Usernames, avatar hashes, IDs, discriminators This data is used to retain a record on which users have submitted tickets to our modmail bot and allows us to see history from a user.
Message content sent to modmail This data is stored so that moderation staff can look over previously sent in tickets which have since been removed from the Discord guild.


SeasonalBot

Data How is it used?
GitHub names and Discord user IDs If a user links their GitHub to their Discord then we retain this information. Part of our halloween functionality allows users to check PR counts for Hacktoberfest, an event run by DigitalOcean. This data can be removed at any point with the SeasonalBot in the guild or by contacting the data controller.

Grafana

Data How is it used?
GitHub usernames, emails, authorization keys for GitHub This data is used to authorize our Core Developers and Moderators to Grafana. This data is only stored for users who have successfully authorized and removal can be done by removing your account.

Postgres

Data How is it used?
Usernames, IDs, discriminators, infractions This data is used by Python Discord's site and is detailed above.


Redis

Data How is it used?
User IDs For some persistent data used by our Discord bot we store user IDs. Examples of usage for this may be retaining information that a user claimed a help channel. This data is typically removed after use (following the example, once a help channel closes).

NGINX

Data How is it used?
IP addresses, request information Our log files from NGINX are used to monitor the status of our web services. We may log IPs in here in certain situations. These logs are not indefinite and are cleared after a period of time.


Sentry

We use Sentry for managing errors within our services.

Data How is it used?
IP addresses, Discord username, and discriminator When a user experiences an error in one of our services we may report this data to Sentry, an error monitoring solution. This data is only accessible by our Core Developers team.


Metricity

We use Metricity, an application built by us, to collect some more advanced statistics on how the Discord server is being used.

Data How is it used?
User data (username, ID, join date, created date, avatar hash) We use this information to better understand our user base and observe trends such as increased joins. We also use this data to increase security in the server by spotting patterns amongst malicious users which help us to identify bad actors.
Message IDs As part of our measurement of how the Discord server is used we retain information such as which channel you send a message in. This allows us to identify which channels are high volume and may require additional staffing and which channels are inactive (for example, we frequently review our selection of topical channels to ensure they are up to date and current)

To opt out of message collection you can send the message m!opt_out in our #bot-commands channel, to opt-in again after that you can run m!opt_in.


Forms

While handling sign ups for events, surveys or other questionnaires we may ask you to complete a form on our in-house forms solution or a platform like Google Forms. A subset of the staff team, known as the Events Team, may have access to any information submitted through these forms. We do not collect any information other than the questions on the form, so no metadata or tracking data is collected. If the in-house form solution system does not require you to login with Discord then we will not be tracking that information. In the event we do require Discord logins a disclaimer will be provided on the form warning you that your responses will be tied to your Discord account, this will be necessary for event signups where we need to know who registered.

This information may be retained indefinitely to aide future events. Removal of a form submission can be achieved by contacting the data controller at [email protected] however if a form was submitted anonymously we will not remove this information since we do not have the methods to trace down your response.

Hastebin

We run a Hastebin server at paste.pythondiscord.com which stores code uploads from our bot and our users. We retain paste data for a period for a maximum of 3 months after it was last viewed by a user.

We do not process deletion requests unless there is evident personal data in the upload, this is reviewed case by case but examples may include addresses, financial details or otherwise sensitive data which can be proven as such. We will also handle DMCA takedowns in the same way for copyright infringing content hosted on the Python Discord Hastebin.

To file a sensitive data takedown or a DMCA takedown request for content that has been uploaded to the Python Discord Hastebin server please contact [email protected] where we will proceed with the takedown as quickly as possible.

Contact

Any questions regarding the privacy policies we have set out for Python Discord can be addressed to the Python Discord Data Controller through Discord at joe#6000 or email [email protected]. A Subject Access Request can be filed to [email protected], we may require evidence of ownership of the Discord account to fulfil the SAR.

You may also contact us through our ModMail system to ask any questions or concerns about privacy and the data we store.

Terminology

Python Discord organisation:
• we
• our
• us

Python Discord server:
• guild
• discord server
• community

A member of the Discord server:
• member
• you
• your
• user

Last updated: 6th September 2020