Privacy Policy

Last updated: February 7, 2026

1. Introduction

Welcome to Gearling ("we", "our", or "us"). We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and Swedish data protection laws.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Discord bot service and website (collectively, the "Service").

2. Data Controller

Gearling is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Discord Data

  • Discord User ID (unique identifier)
  • Username and display name
  • Avatar URL
  • Server (Guild) membership information
  • Message activity metrics (count, not content)
  • Voice channel activity duration
  • Reaction counts

3.2 Website Data

  • IP address (anonymized for analytics)
  • Browser type and version
  • Pages visited and time spent
  • Referral source

3.3 Authentication Data

  • OAuth tokens (encrypted, for Discord authentication)
  • Session information

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Service you requested (Article 6(1)(b) GDPR)
  • Legitimate Interests: Processing necessary for our legitimate interests, such as improving the Service and preventing abuse (Article 6(1)(f) GDPR)
  • Consent: Where you have given explicit consent, such as for analytics cookies (Article 6(1)(a) GDPR)

5. How We Use Your Data

We use your personal data to:

  • Provide and maintain the Service
  • Track XP, levels, and achievements in Discord servers
  • Generate leaderboards and statistics
  • Authenticate you on the dashboard
  • Detect and prevent spam and abuse
  • Analyze website usage to improve user experience
  • Send important service notifications

6. Data Retention

We retain your personal data only for as long as necessary:

  • Active user data: Retained while you are a member of servers using Gearling
  • Server data: Deleted within 30 days after Gearling is removed from a server
  • Analytics data: Retained for 26 months (Google Analytics default)
  • Moderation logs: Retained for 90 days

7. Data Sharing and Transfers

We may share your data with:

  • Discord: As required to operate within the Discord platform
  • Cloud service providers: For hosting and infrastructure (servers located in the EU)
  • Google Analytics: For website analytics (with your consent, IP anonymization enabled)

We do not sell your personal data to third parties. When data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).

8. Your Rights Under GDPR

Under GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

9. Cookies

We use the following types of cookies:

  • Essential Cookies: Required for the website to function (authentication, preferences). These do not require consent.
  • Analytics Cookies: Google Analytics cookies to understand how visitors use our site. These are only set with your explicit consent.

You can manage your cookie preferences at any time by clearing your browser cookies and revisiting the site.

10. Children's Privacy

Our Service is not directed to children under 13 (or 16 in some EU countries). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Encryption of sensitive data at rest
  • Regular security assessments
  • Access controls and authentication
  • Regular backups

12. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with a supervisory authority. In Sweden, this is:

Integritetsskyddsmyndigheten (IMY)

Swedish Authority for Privacy Protection

Website: www.imy.se

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: [email protected]

Discord: discord.gg/WATb7fBY7B

← Back to Home