Platypus

Privacy Policy

Last Updated: May 27, 2026

Important: This template is provided for operational drafting support only and is not legal advice. Have qualified counsel review and customize this policy before production use.

This Privacy Policy explains how [[Company Legal Name]] (Company, we, us, or our) collects, uses, stores, discloses, and protects personal data when you use the Platypus services (Service), including Discord-integrated features.

1. Scope

This policy applies to personal data processed through the Service, including data obtained from Discord APIs and data provided directly by users and administrators.

2. Data We Collect

Depending on features used, we may process:

  1. Account and organization data
  2. Account identifiers, organization or guild identifiers, role and permission metadata.
  3. Discord integration data
  4. Discord user IDs, guild IDs, channel IDs, message IDs, server metadata, and bot interaction metadata.
  5. Service operation data
  6. Audit logs, configuration settings, entitlement records, and panel state data.
  7. Technical and security data
  8. IP address, device/browser metadata, event logs, and security telemetry.
  9. Billing and commercial data
  10. Subscription status and transaction metadata from payment providers.
  11. We do not intentionally store full payment card numbers; card processing is handled by payment processors.

3. How We Use Data

We use personal data to:

  1. Provide, maintain, and secure the Service.
  2. Operate Discord-based features requested by users and administrators.
  3. Enforce permissions, prevent abuse, and investigate incidents.
  4. Process billing, support requests, and account administration.
  5. Comply with legal obligations and enforce our contractual terms.
  6. Improve the Service using aggregated or de-identified information where possible.

4. Legal Bases for Processing

Where required by law (for example GDPR/UK GDPR), we rely on one or more of:

  1. Performance of a contract.
  2. Legitimate interests (for example security, fraud prevention, and service improvement).
  3. Consent (where required).
  4. Compliance with legal obligations.

5. Data Sharing

We may share personal data with:

  1. Service providers (for example cloud hosting, monitoring, customer support, and payment processing) under contractual controls.
  2. Platform providers required for integration functionality (for example Discord).
  3. Professional advisors and auditors under confidentiality obligations.
  4. Law enforcement or regulators where legally required.
  5. Successors in a merger, acquisition, financing, or asset transfer.

We do not sell personal data as that term is defined under applicable privacy law unless explicitly disclosed and legally permitted.

6. Data Retention

We retain personal data only as long as needed for the purposes described in this policy, including legal, security, and accounting requirements.

Suggested baseline retention schedule (customize with counsel):

  1. Operational account and configuration data: retained while account is active and up to [[X]] months after termination.
  2. Audit and security logs: [[X]] to [[Y]] months.
  3. Billing records: as required by tax and accounting law.
  4. Backup data: rolling retention of [[X]] days.

7. User Rights and Choices

Depending on your jurisdiction, you may have rights to:

  1. Access, correct, delete, or port your personal data.
  2. Restrict or object to certain processing.
  3. Withdraw consent where processing is consent-based.
  4. Appeal denial of privacy requests.

To submit a request, contact [[Privacy Contact Email]]. We may need to verify identity before fulfilling requests.

Discord-related note: Where we process data obtained from Discord APIs, we also honor Discord platform requirements for data updates and deletion requests.

8. International Data Transfers

We may process data in countries other than your own. Where required, we use appropriate safeguards such as contractual transfer mechanisms and supplementary technical controls.

9. Security

We implement administrative, technical, and physical safeguards designed to protect personal data, including access controls, encryption where appropriate, and incident response procedures. No method of transmission or storage is completely secure.

10. Children and Age Restrictions

The Service is not directed to children under 13 or below the minimum age required in their jurisdiction. If we learn we have collected personal data in violation of age-related requirements, we will take appropriate remedial action.

11. Third-Party Services

The Service may link to or integrate with third-party services. Their privacy practices are governed by their own policies.

12. Policy Changes

We may update this Privacy Policy from time to time. Material changes will be communicated through reasonable notice (for example email or in-product notice).

13. Contact

[[Privacy Contact Name or Team]]

[[Privacy Contact Email]]

[[Mailing Address]]

If required by law, also include:

  1. Data Protection Officer: [[DPO Name/Email]]
  2. EU/UK Representative: [[Representative Details]]