GDPR Policy

Last updated: January 19, 2026 | Effective since: August 10, 2023

Thrivebot is committed to protecting your personal data and follows the principles of the General Data Protection Regulation (GDPR) in good faith. This GDPR Policy outlines how we collect, process, and protect your personal data in accordance with Regulation (EU) 2016/679.

👤 Data Controller

The individual operator is responsible for your personal data. For inquiries, please contact us via email at support@thrivebot.in or join our support server.

📊 "Personal Data" We Collect

We collect and process the following personal data when you interact with Thrivebot:

• Personal Information: Discord username, user ID, avatar hash, server ID, channel ID.
• Activity Data: Voice channel duration (for Insights), message counts, command usage statistics.
• Economy Data: Virtual currency balances, inventory items, transaction logs.
• Ticket Data: Ticket transcripts (message content, attachments, user IDs) for server admin archival.
• Verification Data: User ID, Server ID, timestamps for captcha verification.
• Giveaway Data: User ID and entry count for fair participation tracking.

⚖️ Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

• Contractual Necessity (Article 6(1)(b)): Processing is necessary to provide Thrivebot's core functionality as part of our service agreement with you.
• Legitimate Interests (Article 6(1)(f)): Processing to ensure security, moderation, analytics, and abuse prevention, provided this does not override your fundamental rights.
• Consent (Article 6(1)(a)): Used only for optional features such as AI Chatbot functionality. You may withdraw consent at any time.

🎯 Purposes of Data Processing

We process your personal data for the following purposes:

• Providing and maintaining Thrivebot’s functionality.
• Responding to your inquiries and support requests.
• Enhancing and optimizing the bot’s performance and user experience.
• Ensuring compliance with legal obligations, such as responding to data subject requests.

✅ Data Subject Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of Access (Article 15): Request a copy of your personal data.
• Right to Rectification (Article 16): Request correction of inaccurate or incomplete data.
• Right to Erasure (Article 17): Request deletion of your personal data (also known as the “right to be forgotten”).
• Right to Restrict Processing (Article 18): Request restriction of data processing under certain conditions.
• Right to Data Portability (Article 20): Receive your data in a structured, commonly used, and machine-readable format.
• Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent (Article 7(3)): Withdraw consent at any time, without affecting the lawfulness of processing prior to withdrawal.

To exercise these rights, please use one of the following methods:

• Direct message the bot owner (Username: @ocyeanic).
• Notify any staff member in our support server.
• Use our Data Request Form to access your data.
• Email support@thrivebot.in with your request, including your user ID, username, and details of the request. For security, a staff member or the bot owner will contact you for verification before processing.

We will respond to your request within one month, as required by GDPR, unless the request is complex or numerous, in which case we may extend the response time by an additional two months.

Certain data may be retained after a deletion request where necessary for:

• Fraud prevention: Detecting and preventing fraudulent activity
• Abuse prevention: Protecting platform integrity and preventing ban evasion
• Legal compliance: Meeting tax, accounting, and regulatory obligations
• Dispute resolution: Resolving conflicts and investigating claims

Data Minimization: Such data is restricted, access-limited, and retained only for as long as necessary to fulfill these specific purposes.

🌐 Data Sharing and Transfers

We may share your personal data only under the following circumstances:

• With your explicit consent.
• When required by law or to protect our legal rights, such as complying with a court order.
• With service providers acting as data processors (e.g., hosting providers), who are bound by GDPR-compliant data processing agreements.

If personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs), to protect your data in accordance with GDPR.

⏰ Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy or to comply with legal obligations. Specifically:

• AI Chatbot conversation data is stored in cache memory for 1 hour and then automatically deleted.
• Other personal data (e.g., Discord IDs, birth dates) is retained for as long as you use Thrivebot or until you request deletion.

Upon your request to delete your data, we will remove it from our systems within 30 days, unless retention is required by law.

🍪 Cookies and Tracking

Our website uses cookies and similar tracking technologies. For complete details about what cookies we use and how to manage your preferences, please see our Cookie Policy.

Analytics cookies are only set after you explicitly consent via our cookie banner.

🤖 Automated Decision-Making

In compliance with GDPR Article 22, we disclose that Thrivebot uses automated processing for:

• Captcha Verification: Automated system to verify users are human (pass/fail decision)
• Economy Anti-Cheat: Automated detection of exploits or abuse patterns

Your Rights: These automated decisions are limited in scope and are intended to support platform integrity. If you believe an automated decision has incorrectly affected you, you may request human review by contacting us.

🔒 Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, theft, or misuse. These measures include encryption, access controls, and regular security assessments.

🚨 Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms:

• Where applicable, we will make reasonable efforts to notify the relevant supervisory authority within 72 hours, as required under GDPR Article 33
• We will notify affected users without undue delay if the breach is likely to result in a high risk to their rights
• We maintain documentation of all data breaches for compliance purposes

🏢 Supervisory Authority and Complaints

If you are located in the European Union, you may have the right to lodge a complaint with a relevant supervisory authority in accordance with GDPR. However, we encourage you to contact us first at support@thrivebot.in to resolve any concerns.

List of EU Data Protection Authorities: https://edpb.europa.eu/about-edpb/about-edpb/members_en

🔄 Changes to This Policy

We may update this GDPR Policy to reflect changes in our practices or legal requirements. Updates will be posted on our website, and we will notify users of significant changes via our support server. Please review this policy periodically.

📧 Contact Us

For questions about this GDPR Policy or to exercise your data subject rights, please contact us at:

• Email: support@thrivebot.in
• Discord Support Server: https://discord.gg/bAtV2X8wba

By using Thrivebot, you acknowledge that you have read and understood this GDPR Policy and consent to the processing of your personal data as described herein.