Privacy Policy

Last Updated: December 23, 2025

ZMN Bot ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Discord bot and dashboard services in compliance with the Personal Data Protection Law (PDPL) of the Kingdom of Saudi Arabia and its Implementing Regulations issued by the Saudi Data & Artificial Intelligence Authority (SDAIA).

Governing Law: This Privacy Policy and all data processing activities are governed by the laws of the Kingdom of Saudi Arabia, including but not limited to the Personal Data Protection Law (Royal Decree No. M/19 dated 9/2/1443H) and its Implementing Regulations.

1. Information We Collect

1.1 Discord Account Information

When you authenticate with our dashboard using Discord OAuth, we collect:

• Discord User ID
• Username and discriminator
• Avatar URL
• Access tokens (stored securely and validated periodically)

1.2 Server (Guild) Information

When ZMN Bot is added to your Discord server, we collect and store:

• Server ID, name, and icon
• Server owner ID
• Channel IDs and names (for configured features)
• Role IDs and names (for permission management)
• Member IDs (for leveling, moderation, and other features)
• Join and leave timestamps

1.3 Configuration Data

We store your server's configuration settings including:

• Module settings (Security, Logging, AI Moderation, Ticketing, etc.)
• Welcome/leave messages and auto-role configurations
• Leveling system settings and XP data
• Reaction role panels and configurations
• Custom bot appearance settings
• Dashboard access permissions

1.4 Usage and Analytics Data

We collect aggregate statistics such as:

• Total messages processed
• Command usage statistics
• Feature engagement metrics
• Server activity timestamps

1.5 Audit Logs

For security and accountability, we maintain logs of administrative actions performed through the dashboard, including who made changes and when.

2. Legal Basis for Processing Personal Data

In accordance with Article 6 of the PDPL, we process your personal data based on the following lawful grounds:

• Consent: You provide explicit consent when authenticating with Discord OAuth and configuring bot features
• Contractual Necessity: Processing is necessary to provide the bot services you have requested
• Legitimate Interests: We process data for security monitoring, fraud prevention, and service improvement, which are within your reasonable expectations
• Legal Obligations: We may process data to comply with applicable laws and regulations in the Kingdom of Saudi Arabia

Right to Withdraw Consent: You may withdraw your consent at any time by removing the bot from your server or contacting us. Upon withdrawal, we will cease processing your data without undue delay, except where we have another legal basis for processing or are required to retain data by law.

3. How We Use Your Data

We use the collected information for the following purposes:

• Provide Bot Services: Deliver all bot features including security monitoring, logging, moderation, leveling, ticketing, and other modules
• Dashboard Access: Authenticate users and provide secure access to server management features
• Feature Functionality: Enable configured features such as welcome messages, reaction roles, reminders, and giveaways
• Security & Protection: Detect and prevent malicious activities, spam, and server attacks through our anti-nuke system
• AI Moderation: Process messages for content moderation when the AI Moderation module is enabled (requires explicit consent)
• Analytics: Generate server statistics and insights for server administrators
• Service Improvement: Analyze usage patterns to improve bot performance and features
• Support: Provide technical support and troubleshoot issues

We process personal data only for the purposes specified above and will not use your data for any purpose incompatible with these purposes without obtaining your prior consent.

4. Data Storage and Security

In compliance with Article 22 of the PDPL, we implement appropriate technical and organizational security measures to protect your personal data:

• Encryption: All data is stored in secure databases with encryption at rest and in transit
• Access Control: Role-based access control ensures only authorized personnel can access personal data
• Authentication: Dashboard access is protected with Discord OAuth authentication and token validation
• Token Management: Access tokens are validated every 5 minutes and automatically expire to prevent unauthorized access
• Security Monitoring: We continuously monitor for security threats and unauthorized access attempts
• Data Minimization: We collect and retain only the minimum data necessary to provide our services
• Regular Audits: We conduct regular security assessments and audits of our data processing activities

Data Breach Notification: In the event of a personal data breach that may cause harm to your data or rights, we will notify the Saudi Data & Artificial Intelligence Authority (SDAIA) within 72 hours of becoming aware of the breach. If the breach poses a risk to your rights and interests, we will also notify you without undue delay in clear and simple language.

5. Data Retention

We retain your data as follows:

• Server Configuration: Retained while the bot is in your server
• User Data: Retained while you use our services
• Leveling Data: Retained indefinitely unless you request deletion
• Audit Logs: Retained for accountability and security purposes
• Analytics: Aggregate statistics are retained for service improvement

6. Data Sharing and Third Parties

We do not sell, trade, or rent your personal information to third parties. In compliance with the PDPL, we may share data only in the following circumstances:

• Discord API: We interact with Discord's API to provide bot functionality as a necessary service provider
• AI Services (Data Processors): When AI Moderation is enabled with your explicit consent, message content may be processed by AI providers (OpenAI) acting as data processors under written agreements that ensure PDPL compliance
• Legal Requirements: If required by law, court order, or governmental authority in the Kingdom of Saudi Arabia
• Protection of Rights: To protect our legal rights, prevent fraud, or ensure the safety of our users

All third-party service providers are contractually obligated to implement appropriate security measures and process data only according to our instructions and in compliance with the PDPL.

7. Your Rights Under the PDPL

In accordance with Articles 4 and 5 of the PDPL, you have the following rights regarding your personal data:

• Right to Access: Request access to your personal data and information about how it is processed
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data when it is no longer necessary for the purposes collected or when you withdraw consent
• Right to Restriction: Request restriction of processing in certain circumstances
• Right to Object: Object to processing based on legitimate interests
• Right to Data Portability: Request a copy of your data in a structured, commonly used format
• Right to Withdraw Consent: Withdraw your consent at any time without affecting the lawfulness of processing based on consent before withdrawal
• Right to Lodge a Complaint: File a complaint with SDAIA if you believe your rights have been violated

How to Exercise Your Rights: To exercise any of these rights, please contact us through the methods provided in Section 12. We will respond to your request within 30 days as required by the PDPL. We may request additional information to verify your identity before processing your request.

8. Cookies and Tracking

Our dashboard uses local storage to maintain your authentication session. We use Discord OAuth tokens stored in your browser's local storage for authentication purposes. These tokens are validated periodically and automatically cleared upon logout.

9. Children's Privacy

Our services are intended for users who meet Discord's minimum age requirements (13+ or higher depending on your region). We do not knowingly collect data from children under the applicable age limit.

10. International Data Transfers

ZMN Bot is operated by a company based in the Kingdom of Saudi Arabia. In compliance with the PDPL Data Transfer Regulations, any transfer of personal data outside the geographical boundaries of the Kingdom will be conducted only under the following conditions:

• We have obtained your explicit consent for the transfer
• The receiving country provides an adequate level of data protection as determined by SDAIA, or
• We have implemented appropriate safeguards such as standard contractual clauses approved by SDAIA
• The transfer is necessary for the performance of our services or compliance with legal obligations

We will notify you of any international data transfers and provide information about the safeguards in place to protect your data.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Us and Data Controller Information

Data Controller: ZMN Bot is the data controller responsible for your personal data. We are registered and operate in accordance with the laws of the Kingdom of Saudi Arabia.

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

• • Through our Contact Page
• • Via our Support System
• • On our Discord server

13. Limitation of Liability

While we implement robust security measures and comply with the PDPL, we cannot guarantee absolute security of data transmitted over the internet. You acknowledge that:

• You use our services at your own risk
• We are not liable for unauthorized access to your data resulting from circumstances beyond our reasonable control
• We are not responsible for data loss resulting from Discord platform issues or third-party service disruptions
• Our liability is limited to the maximum extent permitted by Saudi Arabian law

14. Dispute Resolution and Jurisdiction

Any disputes arising from this Privacy Policy or our data processing activities shall be resolved in accordance with the laws of the Kingdom of Saudi Arabia. The competent courts in the Kingdom of Saudi Arabia shall have exclusive jurisdiction over any disputes.

Before initiating legal proceedings, you agree to first attempt to resolve any dispute by contacting us directly and, if necessary, filing a complaint with SDAIA.

15. SDAIA Contact Information

If you wish to file a complaint regarding our data processing practices or exercise your rights under the PDPL, you may contact the Saudi Data & Artificial Intelligence Authority (SDAIA):

• • Website: sdaia.gov.sa
• • Email: info@sdaia.gov.sa