Privacy Policy
How we collect, use, and protect your personal information
Last Updated: January 2, 20261. Introduction
This Privacy Policy describes how LeleBot ("we," "us," or "our") collects, uses, stores, and protects your personal information when you use the LeleBot dashboard, Discord bot, and related services (collectively, the "Service").
By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and use of your information as described herein. If you do not agree with our practices, please do not use the Service.
Our Commitment: We are committed to protecting your privacy and handling your personal information with transparency. We only collect information necessary to provide and improve the Service.
2. Information We Collect
We collect several types of information to provide and improve the Service. The information we collect depends on how you interact with the Service.
2.1 Discord Information
When you use the Service through Discord, we collect:
- Discord User ID: Your unique numerical identifier
- Discord Username: Your username and display name (retrieved via API, not stored permanently)
- Discord Server ID: The Guild ID where you use the Service
- Role Data: Information about roles assigned through the Service
2.2 Kick.com Information
When you link your Kick.com account via OAuth, we collect:
- Kick Username: Your Kick.com display name (stored in
linkstable askick_name) - Kick User ID: Your unique Kick identifier
- OAuth Tokens: Access and refresh tokens for API authentication (stored encrypted)
- Token Expiration: When your OAuth tokens expire
We request the following OAuth scopes from Kick.com:
user:read- Read your profile informationchat:write- Send messages on your behalf (for timed messages)events:subscribe- Subscribe to channel events
2.3 Chat Activity Data
Through Kick.com Pusher WebSocket integration, we monitor:
- Message Timestamps: When you send messages (for watchtime calculation)
- Username: To associate activity with your linked account
Important: We do NOT store the content of your chat messages. Only timestamps and usernames are processed for watchtime tracking.
2.4 Service-Generated Data
Through your use of the Service, we generate and store the following data:
| Data Type | Database Table | Purpose | Retention |
|---|---|---|---|
| Account Links | links |
Discord-Kick account association | Until unlink request |
| Watchtime | watchtime |
Track viewing engagement (minutes) | Until deletion request |
| Raffle Tickets | raffle_tickets |
Ticket balances for monthly raffles | Until period end or deletion |
| Ticket Transactions | raffle_ticket_log |
Audit trail of ticket awards/deductions | Indefinite (audit) |
| Points Balance | user_points |
Virtual currency for point shop | Until deletion request |
| Purchase History | point_sales |
Point shop transaction records | Indefinite (records) |
| Slot Requests | slot_requests |
Viewer slot game requests | Until cleared by admin |
| Giveaway Entries | giveaway_entries |
Participation in giveaways | Until giveaway ends |
| GTB Guesses | gtb_guesses |
Guess the Balance game entries | Until session ends |
| Raffle Winners | raffle_draws |
Provably fair winner records | Indefinite (public) |
| OAuth Tokens | kick_oauth_tokens |
API authentication | Until expiration/revocation |
2.5 Optional Gambling Platform Data
If you choose to link a Shuffle.com account for additional raffle tickets:
- Shuffle Username: Your gambling platform username
- Campaign Code: Affiliate tracking code
- Wager Amount: Total wagered (USD) for ticket calculation
This data is stored in raffle_shuffle_links and raffle_shuffle_wagers tables.
3. How We Use Your Information
We use the information we collect for specific, legitimate purposes related to operating the Service.
3.1 Primary Service Functions
- Link and verify your Discord and Kick.com accounts
- Track your watchtime based on Kick chat activity
- Assign Discord roles based on watchtime thresholds
- Calculate and award raffle tickets (from watchtime, gifted subs, wagers)
- Execute provably fair raffle draws and giveaways
- Manage your point balance and process shop purchases
- Process slot requests submitted via Kick chat
- Display public leaderboards (watchtime, tickets, points)
- Send notifications about purchases and wins
3.2 What We Do Not Do
Our Data Practices
We are committed to responsible data handling. We do not:
- Sell, rent, or trade your personal information to third parties
- Use your information for advertising, marketing, or profiling
- Share your data with unauthorized parties
- Read, store, or analyze the content of your chat messages
- Track your activity outside of the Service
- Use your OAuth tokens for any purpose other than Service functionality
4. Provably Fair & Public Data
Transparency is fundamental to our provably fair systems. To ensure verifiable fairness, certain data is intentionally made public.
4.1 Publicly Accessible Information
The following information is publicly viewable:
- Leaderboards: Kick usernames with watchtime, ticket counts, or point balances
- Raffle Winners: Kick username of winners
- Giveaway Winners: Kick username of winners
- Provably Fair Data: Server seeds, client seeds, nonces, proof hashes
- Slot Pick Winners: Username and reward received
4.2 Verification Data
For each provably fair selection, we publicly store:
- 64-character server seed (revealed after selection)
- Client seed (deterministic from context)
- Nonce value
- SHA-256 proof hash
- Random value and resulting outcome
This data is viewable at /provably-fair/winners.
Important: By participating in raffles, giveaways, or slot requests, you acknowledge and consent to your Kick username being publicly displayed if selected.
5. Data Storage and Security
We implement security measures to protect your personal information.
5.1 Technical Security Measures
- Database: PostgreSQL with SSL/TLS encrypted connections
- Hosting: Railway.app infrastructure
- OAuth Security: PKCE (Proof Key for Code Exchange) for Kick OAuth flow
- Link Signing: HMAC-SHA256 signed URLs that expire after 1 hour
- Token Refresh: Automatic proactive refresh of OAuth tokens expiring within 30 minutes
- Access Control: Authentication required for all administrative functions
- Multi-Server Isolation: Data is isolated per Discord server (guild)
5.2 Real-Time Communication
- Redis: Pub/Sub messaging between dashboard and bot
- Pusher: WebSocket connection to Kick.com for chat monitoring
- Server-Sent Events: Real-time updates to dashboard and overlays
5.3 Data Retention
We retain your personal information only as long as necessary for Service functionality:
- Account links: Until you unlink or request deletion
- Watchtime/Points: Until deletion request
- OAuth tokens: Until expiration, revocation, or account unlink
- Provably fair records: Indefinitely for transparency
- Purchase history: Indefinitely for records
7. Your Rights and Choices
You have certain rights regarding your personal information.
7.1 Available Rights
| Right | How to Exercise |
|---|---|
| View Your Data | Use !watchtime, !points, !tickets, !raffleboard commands |
| Unlink Account | Use !unlink command in Discord |
| Request Data Deletion | Contact server administrator |
| Correct Information | Unlink and relink with correct account |
| Opt-Out | Stop using the Service and request deletion |
7.2 Data Deletion
Upon a valid deletion request, we will remove:
- Account links (Discord-Kick association)
- Watchtime statistics
- Point balances
- Ticket balances
- OAuth tokens
Note: Provably fair winner records and purchase history may be retained for transparency and audit purposes.
8. Third-Party Services
The Service integrates with third-party platforms governed by their own privacy policies:
- Discord: Privacy Policy
- Kick.com: Privacy Policy
- Shuffle.com: Privacy Policy (if using wager tracking)
- Railway.app: Privacy Policy
We are not responsible for the privacy practices of these third-party services.
9. Legal Compliance
We strive to comply with applicable data protection laws.
9.1 GDPR Rights (EU Users)
If you are in the European Union, you have additional rights under GDPR:
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
9.2 CCPA Rights (California Users)
If you are a California resident, you have rights under CCPA:
- Right to know what personal information is collected
- Right to request deletion
- Right to opt-out of sale (we do not sell data)
- Right to non-discrimination
9.3 Children's Privacy
The Service is not intended for users under 13 years of age. We do not knowingly collect personal information from children.
9.4 International Transfers
Your data may be transferred to and stored in countries outside your residence. By using the Service, you consent to such transfers.
9.5 Cookies and Session Data
- Session cookies for dashboard authentication
- OAuth state tokens for security (temporary)
- No third-party tracking cookies
9.6 Changes to This Policy
We may update this Privacy Policy periodically. Changes will be posted with an updated "Last Updated" date. Continued use constitutes acceptance.
10. Contact Information
For privacy-related questions or requests:
General Inquiries
Contact the server administrator in the Discord server where the bot is deployed.
Data Subject Requests
To exercise your privacy rights, contact a server administrator with "Manage Server" permissions.
Related Documents
Please also review our Terms of Service, which govern your use of the Service.