Privacy Policy

We collect information that you provide directly, information generated through your use of the Service, and information automatically sent by your devices. The categories of information we collect include:

a) Discord Data from Ticket Channels

When a ticket is created in a Discord server where Ticket King is installed, we collect and persistently store the following data from designated ticket channels to provide ticket management functionality, including real-time message display on the web dashboard and transcript generation:

• Message content (text) sent within ticket channels
• Images and file attachments uploaded by users within ticket channels
• Discord user IDs, usernames, display names, and avatar images
• Message IDs and timestamps
• Channel and server identifiers

To provide this functionality, the Bot uses Discord's Message Content privileged intent, which allows it to read message content in ticket channels. This intent is used exclusively for collecting ticket messages and is not used to monitor or read messages in non-ticket channels.

This data is stored persistently on our servers. While a ticket is open, message data may be displayed in real time to authorized server staff through the authenticated web dashboard. After a ticket is closed, message data is compiled into ticket transcripts (as pre-rendered HTML files) that are accessible through our Website. All ticket data, including messages from both open and closed tickets, is retained indefinitely unless deletion is requested. To request deletion, email [email protected] with the subject line "Data Deletion Request." See Section 8 for details on the deletion process and any limitations.

b) Server Configuration Data

When a server administrator installs and configures the Bot, we store server configuration data including server IDs, channel IDs, role IDs, custom message templates, webhook URLs, and other settings configured through our dashboard. This data is associated with the Discord server, not with individual users.

c) Authentication Data

When you access the Service, your Discord authorization token is transmitted to our API. We use this token solely to verify your identity by retrieving your Discord user ID from Discord's API. We store only a cryptographic hash of the token paired with your Discord user ID, temporarily in memory on our own infrastructure, to maintain your authenticated session. We do not persistently store your Discord authorization token, email address, or any other OAuth data. No credentials or tokens are written to permanent storage at any time.

d) Automatically Collected Data

• Web server logs: Our web server infrastructure may automatically collect standard operational log data, which can include IP addresses, request timestamps, URLs accessed, HTTP status codes, and user-agent strings. This data is collected and managed by the underlying server software and is retained only for a limited period for operational and diagnostic purposes.
• Cookies and similar technologies: Information collected through cookies as described in Section 15 below.
• Analytics data: We use Google Analytics 4 (GA4) to collect aggregated usage data to help us understand how users interact with our Website. GA4 collects data such as pages visited, session duration, and general interaction patterns. GA4 does not collect full IP addresses by default. We may also use a Twitter (X) conversion tracking pixel to measure the effectiveness of our social media presence; this pixel collects page visit data for conversion measurement purposes.

Ticket King is a general-purpose ticket management service and is not designed, intended, or authorized for the collection, storage, or processing of sensitive categories of personal data, including but not limited to health or medical information, financial account numbers, government-issued identification numbers, racial or ethnic origin, religious or philosophical beliefs, biometric data, or data concerning a person's sex life or sexual orientation (as described in Article 9 of the GDPR and similar categories under other applicable laws).

Because ticket channels are used for free-form communication, users may voluntarily include sensitive information in their messages. Ticket King does not actively monitor, filter, or classify the content of messages for sensitive data categories. We process all ticket content uniformly as described in this Privacy Policy.

Server Administrator Responsibility: Server administrators who install the Bot are responsible for instructing their community members not to submit sensitive personal data in ticket channels unless the administrator has established an appropriate legal basis and safeguards for such processing. Ticket King disclaims all liability arising from the voluntary submission of sensitive personal data by users in ticket channels.

We collect and use your personal information for the following purposes:

• To provide the ticket management and transcript service, including storing messages and attachments from ticket channels and compiling them into viewable transcripts
• To display ticket messages in real time on the web dashboard to authorized server staff while tickets are open
• To display ticket transcripts on our Website to authorized users
• To authenticate users and manage access to transcripts and dashboard features via Discord OAuth
• To operate and maintain the Bot according to server administrator configurations
• To improve, personalize, and optimize the Service
• To respond to your inquiries and provide customer support
• To enforce our Terms of Service and other policies
• To comply with legal and regulatory requirements
• To detect, prevent, and address technical issues and security threats
• We do not use message content or any other personal data for artificial intelligence or machine learning model training
• To analyze aggregated, de-identified usage patterns (such as ticket volume trends) that cannot be associated with any individual user, for the purpose of improving the Service

We may share your personal information with the following categories of recipients:

• Service providers (sub-processors): We use third-party service providers for cloud hosting, content delivery and security, and object storage to operate the Service. These providers process personal data on our behalf under data processing agreements that impose data protection obligations equivalent to those in our Data Processing Agreement. A list of sub-processor categories is maintained in our DPA; the specific providers may be requested by contacting us.
• Analytics providers: We use Google Analytics 4 (GA4) for aggregated website analytics. Where consent is obtained, we may also use a Twitter (X) conversion tracking pixel for conversion measurement. These services process data in accordance with their own privacy policies.
• Payment processor: Subscription payments are processed by PayNow.gg. We do not share your personal data directly with PayNow.gg; your payment information is provided by you directly to PayNow.gg during the checkout process.
• Government and law enforcement: We may disclose personal data to government authorities and law enforcement as described in Section 5 below.

Ticket King does not sell personal data, does not share personal data for cross-context behavioral advertising, and does not disclose personal data to third parties for their own marketing purposes.

We may disclose your personal information to government authorities, law enforcement agencies, or other third parties if we believe in good faith that such disclosure is reasonably necessary to:

• Comply with applicable law, regulation, legal process, or enforceable governmental request
• Enforce our Terms of Service, including investigation of potential violations
• Detect, prevent, or otherwise address fraud, security, or technical issues
• Protect against harm to the rights, property, or safety of Ticket King, our users, or the public as required or permitted by law
• Respond to an emergency involving danger of death or serious physical injury to any person
• Comply with mandatory reporting obligations, including reporting child sexual abuse material (CSAM) to the National Center for Missing & Exploited Children (NCMEC) as required by 18 U.S.C. § 2258A

Where legally permitted, we will make reasonable efforts to notify affected users before or promptly after such disclosure. However, we may be unable to provide advance notice where prohibited by law, court order, or where notice would jeopardize an investigation or pose a risk to the safety of any person.

Information disclosed under this section may include account data, server configurations, ticket transcripts, IP addresses, usage logs, and any other data we hold as described in Section 1.

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we process your personal data only when we have a valid legal basis under the General Data Protection Regulation (GDPR) or UK GDPR. The legal bases we rely on include:

• Legitimate Interest (Article 6(1)(f)): We process ticket transcript data (message content, metadata, images, and attachments), server configuration data, log data, and essential cookies based on the legitimate interests of server administrators in maintaining support records, ensuring accountability, quality assurance, and dispute resolution, as well as our own legitimate interest in maintaining the security and functionality of the Service. We have conducted a balancing assessment and determined that these interests are not overridden by the rights and freedoms of data subjects, given the access controls, retention policies, and deletion mechanisms we have in place.
• Performance of a Contract (Article 6(1)(b)): We process website account data and dashboard-related information as necessary to provide the Service to server administrators who have agreed to our Terms of Service.
• Consent (Article 6(1)(a)): Where required by the ePrivacy Directive or applicable local law, we obtain consent for the use of non-essential cookies and analytics technologies.

You have the right to object to processing based on legitimate interest at any time. If you do so, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

In accordance with Article 22 of the GDPR, we inform you that Ticket King does not engage in automated decision-making that produces legal effects or similarly significant effects on individuals. We do not use personal data for profiling, scoring, or automated evaluation of personal aspects such as behavior, preferences, economic situation, health, or reliability.

The Service may employ automated systems for operational purposes, such as spam detection, rate limiting, and enforcement of our Terms of Service. These systems are used to maintain service integrity and do not constitute automated individual decision-making within the meaning of Article 22 GDPR. Any enforcement action that materially affects your access to the Service (such as account termination) involves human review and determination.

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected. Specific retention periods are as follows:

• Ticket data (messages, metadata, images, and attachments): Retained indefinitely unless deletion is requested. To request deletion, email us at [email protected] with the subject line "Data Deletion Request" and include your Discord user ID. We will process your request within 30 days. We can delete transcripts where you are the author. If you participated in transcripts created by others, we may not be able to selectively remove your individual messages from those multi-author transcripts without affecting the integrity of the record; we will inform you of any such limitations. Server administrators may request deletion of all ticket data (including messages from both open and closed tickets) associated with their server at any time.
• Server configuration data: Retained after the Bot is removed from a server to allow for re-installation without loss of settings and to support continued access to existing transcripts. Server administrators may request immediate deletion of their configuration data at any time by contacting us at [email protected].
• Web server log data: Standard operational logs generated by our web server infrastructure are retained for a limited period and managed according to the default retention behavior of the underlying server software. We do not maintain custom or extended log archives.
• Authentication session data: Token hashes and associated Discord user IDs are retained temporarily in memory for the duration of your authenticated session and are purged upon logout, session expiration, or server restart.
• Audit and action logs: Logs of user actions within the Bot, API, and dashboard are retained indefinitely for security, accountability, and abuse prevention purposes.
• Backup data: Backups are performed daily and retained on a 30-day rotation cycle. Backup copies containing deleted data will be purged at the next rotation.
• Cookies: Retention varies by cookie type as described in Section 15 below.
• Discord API Termination: Discord's Developer Terms of Service obligate developers to delete all cached and stored API Data if Discord terminates or revokes their API access. Although we do not anticipate any disruption to the Service, we include this disclosure for transparency regarding that obligation. In the unlikely event that Discord terminates or revokes Ticket King's access to the Discord API, we may be required to delete data obtained through the API in accordance with Discord's Developer Terms of Service. We will notify affected users and server administrators if such deletion is ever necessary and provide reasonable advance notice where possible.
• Cessation of Service: If Ticket King permanently ceases operations, all API Data obtained through Discord's API will be deleted in accordance with Discord's Developer Terms of Service. We will provide reasonable advance notice to users and server administrators where possible and make reasonable efforts to allow data export before deletion occurs.

We may retain certain information beyond these periods where required by applicable law, or to resolve disputes, enforce our agreements, and protect our legal rights.

Justification for Indefinite Retention: In accordance with the storage limitation principle under Article 5(1)(e) of the GDPR, ticket transcript data and server configuration data are retained indefinitely by default because: (a) the primary purpose of the Service is to provide persistent, long-term access to support transcripts for accountability, dispute resolution, and record-keeping; (b) server administrators rely on historical transcript availability as an ongoing function of the Service; (c) there is no practical mechanism to determine when individual transcripts are no longer needed, as this varies by server and use case; and (d) deletion is available at any time upon request from the data subject or server administrator. We believe this approach balances the legitimate interests of server administrators against the rights of data subjects, particularly given the deletion mechanisms available. If you no longer wish for your ticket data to be retained, you may request deletion at any time using the process described above, and we will process your request within 30 days.

Discord Developer Policy Compliance: This retention approach is consistent with Discord's Developer Policy requirement that API Data be promptly deleted when no longer necessary for an application's stated functionality. Because the stated functionality of the Service is to provide persistent, long-term transcript access, transcript data remains necessary for the Service's stated purpose for as long as it is retained. When data is no longer necessary — such as when a user or server administrator requests deletion, when the Service ceases operations, or when Discord requests deletion — it is promptly deleted as described above and in our Data Processing Agreement.

Ticket data, including both real-time messages from open tickets and transcripts from closed tickets, is subject to the following access controls:

• All ticket data is accessible only through authenticated access using Discord OAuth login.
• Ticket data (including real-time messages and transcripts) is viewable only by: (a) the user who created or participated in the ticket, and (b) server staff members who are authorized to view the ticket as configured by the server administrator.
• Ticket data is not publicly accessible, is not indexed by search engines, and is not accessible via guessable URLs.
• Server administrators may configure ticket data visibility settings through the dashboard, including which roles have access to view ticket messages and transcripts.

Ticket King is operated from the United States. Our server infrastructure is hosted in the United States, with content delivery and security services operating globally. If you are accessing the Service from outside the United States, please be aware that your personal data may be transferred to, stored, and processed in the United States.

For transfers of personal data from the European Economic Area (EEA), the United Kingdom (UK), or Switzerland to the United States, we rely on the following lawful transfer mechanisms. For direct transfers to Ticket King, our Data Processing Agreement incorporates the Standard Contractual Clauses (Module 2: Controller to Processor). For onward transfers to our sub-processors:

• Standard Contractual Clauses (SCCs): Our third-party service providers (sub-processors) maintain Data Processing Agreements that incorporate the European Commission's Standard Contractual Clauses (adopted pursuant to Commission Implementing Decision (EU) 2021/914) for personal data transfers from the EEA. Module 2 (Controller to Processor) applies where Ticket King processes data on behalf of server administrators.
• UK International Data Transfer Addendum: For transfers from the United Kingdom, our sub-processors' agreements incorporate the UK International Data Transfer Addendum to the EU SCCs, as approved by the UK Information Commissioner's Office.
• Swiss Transfers: For transfers from Switzerland, our sub-processors' agreements incorporate the European Commission's SCCs as recognized by the Swiss Federal Data Protection and Information Commissioner (FDPIC).

You may request further information about the applicable transfer mechanisms by contacting us at [email protected].

Depending on your location, you may have the following rights with respect to your personal information:

• Right of Access: You have the right to request a copy of the personal information we hold about you.
• Right to Rectification: You have the right to request correction of inaccurate personal information.
• Right to Erasure: You have the right to request deletion of your personal information, subject to certain legal exceptions. This includes the right to request deletion of your transcript data.
• Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal information in certain circumstances.
• Right to Data Portability: Where required by applicable law, you have the right to receive your personal information in a structured, commonly used, and machine-readable format. We will endeavor to accommodate such requests where technically feasible.
• Right to Object: You have the right to object to the processing of your personal information based on legitimate interest.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. To verify your identity, we may require you to authenticate via Discord OAuth or provide your Discord user ID. Requests are processed free of charge. Under GDPR, we may charge a reasonable fee or refuse to act on manifestly unfounded or excessive requests. We are committed to providing easily accessible mechanisms for data requests and may introduce additional methods (such as bot commands or dashboard features) in the future to supplement the email-based process.

Response Timeframes: We will respond to your request without undue delay and within one month of receipt. This period may be extended by up to two additional months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt.

Right to Lodge a Complaint: If you believe that our processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with a supervisory authority. You may do so in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement. UK residents may contact the Information Commissioner's Office (ICO).

Ticket King does not sell personal information, does not share personal information for cross-context behavioral advertising, and does not derive revenue from the sale of personal data. While we may not meet the applicability thresholds of the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), we are committed to transparency and will honor reasonable privacy requests from California residents to the extent they relate to data we hold.

In the preceding 12 months, we have collected the categories of personal information described in Section 1 above. We collect this information from the sources and for the purposes described in Sections 1 and 3. We share personal information with the categories of third parties described in Section 4. We have not sold or shared personal information for cross-context behavioral advertising in the preceding 12 months. If you are a California resident, you may contact us to request information about the categories of personal information we have collected about you, to request deletion of your personal information, or to exercise any other rights you believe may apply. We will not discriminate against you for exercising your privacy rights.

To submit a request, contact us at [email protected].

If you are located in Brazil, the Lei Geral de Proteção de Dados (LGPD, Law No. 13,709/2018) provides you with specific rights regarding your personal data. We process your personal data on the basis of legitimate interest (Article 7, X of the LGPD), consent where applicable (Article 7, I), or as necessary for the provision of the Service (Article 7, V).

Your Rights Under the LGPD

• Confirmation of the existence of processing of your personal data
• Access to your personal data
• Correction of incomplete, inaccurate, or outdated personal data
• Anonymization, blocking, or deletion of unnecessary or excessive personal data, or personal data processed in non-compliance with the LGPD
• Portability of your personal data to another service or product provider
• Deletion of personal data processed with your consent
• Information about public and private entities with which we have shared your personal data
• Information about the possibility of denying consent and the consequences of such denial
• Revocation of consent

To exercise your rights under the LGPD, please contact us at [email protected]. We will respond to your request within 15 business days.

In addition to the California rights described in Section 12, residents of certain other US states have specific privacy rights under their respective state laws, including but not limited to the Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Utah Consumer Privacy Act (UCPA), and other applicable state privacy laws.

Your Rights May Include:

• The right to confirm whether we are processing your personal data and to access that data
• The right to correct inaccuracies in your personal data
• The right to delete your personal data
• The right to obtain a copy of your personal data in a portable format
• The right to opt out of the processing of your personal data for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects

Our Practices: Ticket King does not sell personal data, does not use personal data for targeted advertising, and does not engage in profiling that produces legal or similarly significant effects. Therefore, opt-out rights for these activities are not applicable.

To exercise any of these rights, please contact us at [email protected]. We will respond within the timeframe required by your state's applicable law. If we decline to take action on a request, you may appeal our decision by contacting us with the subject line "Privacy Rights Appeal."

We use cookies and similar technologies to operate and improve the Website. Cookies are small data files stored on your device that are accessed each time you visit our Website.

Essential / Functional Cookies

These cookies are necessary for the Website to function properly. They include a Discord authentication cookie used for client-side identity verification with our API, as well as other functional cookies required for temporary site data and core Website functionality. These cookies cannot be disabled without impairing Website functionality. We do not store your Discord authorization token in cookies or in any persistent storage.

Analytics Cookies

We use Google Analytics 4 (GA4) to collect aggregated information about how users interact with our Website, such as pages visited and session duration. GA4 uses cookies to collect this information. GA4 does not collect full IP addresses by default. We may also use a Twitter (X) conversion tracking pixel for conversion measurement. You may opt out of analytics cookies and tracking technologies through our cookie consent banner or your browser settings.

Cookie Consent

We display a cookie consent banner to inform visitors about our use of non-essential cookies (such as analytics cookies). In accordance with the ePrivacy Directive (Directive 2002/58/EC) and applicable local implementations, we obtain your consent before placing non-essential cookies on your device if you are located in the EU, EEA, or UK. You may withdraw your consent at any time through our cookie consent mechanism or your browser settings.

Most web browsers allow you to manage cookie preferences through their settings. Please note that disabling essential cookies may affect the functionality of the Website.

Do Not Track Signals: Our Website does not currently respond to "Do Not Track" (DNT) browser signals. However, you may manage your cookie and tracking preferences as described above.

Our Service is accessible only through Discord, and we defer to Discord's Terms of Service and age verification requirements, which set minimum age thresholds for account creation. For clarity, users must be at least 13 years of age, or the minimum age of digital consent in their jurisdiction if higher (such as 16 in certain EU member states), to use the Service. We do not knowingly collect personal information from individuals below these minimum ages. If we become aware that we have collected personal information from a child below the applicable minimum age, we will take steps to promptly delete that information. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected].

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls, network isolation of databases, and periodic security reviews. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security. For more details about our security practices, please see our Security Policy.

The data described in Sections 1(a) and 1(b) of this Privacy Policy is obtained through Discord's API and is subject to Discord's Developer Terms of Service and Developer Policy. We use this data solely for the stated functionality of the Service, which is limited to ticket channel management, real-time message display, transcript generation and storage, server configuration management, and user authentication as described in Section 3.

In accordance with Discord's Developer Policy, we do not:

• Sell, license, or commercialize data obtained through Discord's API
• Share API data with advertising networks, data brokers, or monetization services
• Use message content or other API data for artificial intelligence or machine learning model training
• Mine or scrape Discord data
• Contact users outside of Discord using data obtained through the API without their explicit permission
• Attempt to re-identify, de-anonymize, or reverse engineer anonymized or pseudonymized data obtained through Discord's API

We share API Data only with our service providers (sub-processors) as described in Section 4, when required by law as described in Section 5, or when a user expressly directs us to share their data. We do not share API Data with any other third party for any other purpose.

Our Website may contain links to websites operated by third parties. If you click on a third-party link, you will be directed to that party's site. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. We strongly advise you to review the privacy policy of every site you visit.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by posting the updated Privacy Policy on this page and through an announcement in our official Discord server. For material changes that significantly affect your rights, we will provide at least 14 days' notice before the changes take effect. Your continued use of the Service after such notice constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

To the fullest extent permitted by applicable law, Ticket King shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising out of or related to the processing of your personal data under this Privacy Policy, including but not limited to damages for loss of data, loss of privacy, unauthorized disclosure, or any failure to comply with applicable data protection law.

Ticket King's aggregate liability for any claims arising under or in connection with this Privacy Policy shall be subject to the limitation of liability set forth in Section 18 of our Terms of Service.

The limitations in this section shall not apply to: (a) liability arising from fraud or fraudulent misrepresentation; (b) liability for death or personal injury caused by negligence; or (c) any liability that cannot be excluded or limited under applicable mandatory data protection law, including mandatory liability under Article 82 of the GDPR.

For privacy-related inquiries, data subject requests, or to exercise any of your rights described in this Privacy Policy, please contact us at [email protected]. You may also reach us through our contact page.