Privacy

This document details what data the Python Discord organisation ("we", "our", "us"), store on you ("you" or "your"), a member of the Python Discord community as a member of Python Discord (the "guild", "community" or "organisation"). Privacy and security of member data is one of our top priorities while managing Python Discord. This document sets out what data we store, why we need this data, who has access to this data, and how we process it.

This document is inspired by the GitHub Privacy Statement.

Table of contents

Section Overview
What data do we store? Data we collect from users as part of them being a member of the community.
What data do we not store? What data is not collected from users.
Assurance on processing Our policy for handling user data.
Services Information on the services we run and what data is stored by them.
Contact Information on contacting the Python Discord data controller with concerns or queries.

What data do we store?

This information is cleared upon exiting the guild apart from when your account has an infraction registered. User data for non-infracted users is cleared in the monthly data reviews which can be found here.

We may collect message contents tied to user accounts when a user has triggered our anti-spam system. These messages will be held for up to a month while we process the infractions and are also cleared as a part of our monthly data review.

No message content is stored outside the guild unless a service explicitly requires it, this is detailed below in the services section.

When a user breaches our rules or the code of conduct in our guild we tie an infraction record to their account. This data is persisted across leaving the guild and is essential to processing.

We store anonymous statistics which are detailed here.

What data do we not store?

We do not knowingly store the data of users under 13. On becoming aware of a user who is below the age of 13 we forward this information on to Discord who take action on the user as they find appropriate. Once this user has been deleted from Discord we remove data we hold on them.

We do not store message contents unless they are required for moderation, examples of this are the anti-spam filters. Should we feel the need to store message data for any reason once we have concluded processing of this data it is removed from our servers.

Assurance on processing

We take numerous steps to ensure data is handled carefully in the community.

Direct database access is only available to the dev-ops team, under 5 people.

Infraction data is only accessible to Moderators and Administrators and access to this information is audited.

We ensure that all data we store is critical to operation and do not store more than is needed. We aim to be as transparent as possible on what data we store and for what purpose, part of this assurance is the monthly data reviews we take to audit all information stored.

Services

Below is service specific information of what data we hold. There is an entry for at least every service we run on our servers which stores user data, and some third party services which have access to some user data.

Bot

Data How is it used?
Message contents Message contents may be cached internally in the bot, however we do not make use of this data.
User IDs Internal structures in the bot may use user IDs for management of cooldowns and temporary state data.

Site

Data How is it used?
Usernames, IDs, discriminators This data is stored in one of our tables on every member currently in the guild, and those that have left with an infraction history. It is used to display infraction information in an easier way to our administrative staff.
Infractions We use infractions to retain information on what bad actors have done while in our community, this data is persistent and does not get removed so that should users return we have an existing history on them, allowing for swift moderation.
Discord & GitHub OAuth2 data When a user logs into our site we retain Discord OAuth2 data, which includes your username, discriminator, ID, and avatar hash. If a user optionally links their GitHub to our site then we retain that data additionally. This data is used to display the currently logged in user on the site and manage access to features on the site (administrative tools, wiki, etc.).
Message contents In the event of an anti-spam trigger we record the messages deleted by the filter. This data is removed during our monthly data review as detailed above. An anti-spam trigger does lead to an infraction.

Modmail

Data How is it used?
Usernames, avatar hashes, IDs, discriminators This data is used to retain a record on which users have submitted tickets to our modmail bot and allows us to see history from a user.
Message content sent to modmail This data is stored so that moderation staff can look over previously sent in tickets which have since been removed from the Discord guild.


SeasonalBot

Data How is it used?
GitHub names and Discord user IDs If a user links their GitHub to their Discord then we retain this information. Part of our halloween functionality allows users to check PR counts for Hacktoberfest, an event run by DigitalOcean. This data can be removed at any point with the SeasonalBot in the guild or by contacting the data controller.

Grafana

Data How is it used?
GitHub usernames, emails, authorization keys for GitHub This data is used to authorize our Core Developers and Moderators to Grafana. This data is only stored for users who have successfully authorized and removal can be done by removing your account.

Postgres

Data How is it used?
Usernames, IDs, discriminators, infractions This data is used by Python Discord's site and is detailed above.


Redis

Data How is it used?
User IDs For some persistent data used by our Discord bot we store user IDs. Examples of usage for this may be retaining information that a user claimed a help channel. This data is typically removed after use (following the example, once a help channel closes).

NGINX

Data How is it used?
IP addresses, request information Our log files from NGINX are used to monitor the status of our web services. We may log IPs in here in certain situations. These logs are not indefinite and are cleared after a period of time.


Sentry

We use Sentry for managing errors within our services.

Data How is it used?
IP addresses, Discord username, and discriminator When a user experiences an error in one of our services we may report this data to Sentry, an error monitoring solution. This data is only accessible by our Core Developers team.


Contact

Any questions regarding the privacy policies we have set out for Python Discord can be addressed to the Python Discord Data Controller through Discord at joseph#1337 or email [email protected]. A Subject Access Request can be filed to [email protected], we may require evidence of ownership of the Discord account to fulfil the SAR.

You may also contact us through our ModMail system to ask any questions or concerns about privacy and the data we store.

Last updated: 2nd July 2020