Privacy

Privacy policy

Last updated: 2026-05-13

What MARVIN collects

MARVIN only stores what it needs to do its job. There are no analytics SDKs, no ad trackers, no cross-site tracking. Per-guild data the bot writes to MySQL:

  • Guild metadata — guild id, name, owner id, when the bot joined, who invited it (from Discord's audit log).
  • Infractions — when a moderator runs /warn /mute /kick /ban: the target's Discord id, the actor's Discord id, reason text, duration, timestamp.
  • Filter matches — every triggered filter (anti-spam, anti-invite, NSFW, anti-scam-image) writes a row with the filter type, action taken, channel id, message id, and (optionally) the matched content snippet so admins can review false positives.
  • Ticket transcripts — when a ticket closes, its message history is rendered to HTML and stored against the ticket id.
  • Audit log — every moderator action and every automated filter trigger, for the guild's own accountability records.
  • Mass-mention events — every @everyone / @here/ mass-role-ping for retroactive review.
  • Dashboard logins — your Discord id, username, avatar hash, and last login timestamp. Used to render “welcome, <name>” in the UI.

The bot does not store: message content from unflagged messages, voice channel activity, DMs, member presence, member statuses, friend lists, or anything from servers the bot isn't in.

Where data lives

On the MySQL database the bot operator chose. By default this is on the operator's own machine (Plesk server, VPS, or local PC). MARVIN doesn't ship data to any external service — moderation models (NudeNet, OpenNSFW2, CLIP zero-shot, Tesseract OCR) run locally on the bot host.

How long it's retained

  • Per-guild data — kept for as long as the bot is in the guild. If the bot is kicked, all per-guild data enters a 30-day retention window (guilds.archived_at is set). A daily janitor task purges anything older, which cascades through every related table.
  • Filter match snippets — same as the guild they belong to.
  • Ticket transcripts — 90 days by default. Configurable per guild.
  • Bot operator logs — local files on the bot host, 14-day rotation (loguru).

Who can see it

  • Bot operator — the person/team running this MARVIN instance has full DB access. If you don't trust them, don't invite their bot.
  • Guild admins — anyone with Manage Server in your guild can see that guild's data via the dashboard. They cannot see other guilds' data.
  • Members with bot_admin / bot_mod role mappings— guild owners can delegate dashboard access to specific Discord roles per guild.

Your rights (request deletion / export)

If MARVIN is in your guild and you want a specific subset of your data removed (e.g., a ticket transcript that contains personal info), contact your guild's admin team — they can delete the relevant rows from the dashboard. For per-user deletion across the whole guild, an admin can drop the guild's row entirely; the cascade removes everything.

If you can't reach the admin, the underlying bot operator is responsible for honoring GDPR / CCPA requests. Contact details for this instance's operator should be visible in the bot's profile or guild description.

Cookies on this dashboard

We use exactly one cookie: the next-auth.session-token for keeping you signed in. It's HTTP-only, Secure, SameSite=Lax, and contains a signed JWT — not your access token. No analytics or advertising cookies are set.

Changes

This policy gets updated when behavior changes. Each update bumps the “Last updated” date above. We don't silently weaken protections.