Privacy Policy
Last updated: 2026-05-01
1. Who we are
Chappie is a Discord bot operated by Orel Ohayon. This policy explains what data the Bot collects, how it is used, and how you can control it. Contact: legal@orellius.ai.
2. Data we collect
- Discord identifiers: user ID, server (guild) ID, channel ID, message ID. Required for the Bot to associate actions with users and servers.
- User-visible profile fields: Discord username, display name, avatar — only when shown in Bot output (e.g. leaderboard, welcome card).
- Bot interaction content: the text of slash-command arguments and `@Chappie` mentions sent to the Bot. Used to execute the requested action.
- Classified-mention logs (`intents_log`):when you `@Chappie` (or use the bot's name in a message), the bot stores the raw text of that mention plus the classified intent (chat / summarize / help / clarify), the detected language, and timing/diagnostic metadata. Used to debug the classifier and to power the eval harness. See §5 for retention.
- Safety incident records (`safety_incidents`): if a mention trips the jailbreak heuristic, the bot stores the offending text (first 1200 chars), severity, and the flags that fired. Used for abuse review. See §5.
- Short-term chat memory:while you're actively conversing with `@Chappie`, the last few message turns are cached in Redis for 5 minutes so follow-ups don't require a fresh @-mention.
- Per-server configuration: settings you set via the Bot or its dashboard (XP rules, role rewards, automod thresholds, custom commands).
- AI feature logs: when you use AI features (`/chat`, `/imagine`, `/summarize`, voice transcription), the inputs and outputs may be retained for short windows (see §5). They are not transmitted to third-party AI providers.
- Voice channel audio: when an admin invites the Bot to a voice channel, the Bot transcribes speech locally. Audio buffers are held in memory only and never written to disk. Transcripts are stored briefly (see §5).
- Operational telemetry: error reports and performance metrics, tagged with server and user ID, used to keep the Bot running.
3. Data we do NOT collect
- We do not read regular channel messages unless they `@`-mention the bot or contain the bot's name (whole-word match), or are part of an active 5-minute chat-continuation window for the same user. The Bot uses Discord's "Message Content" intent only to receive the content of those qualifying messages.
- The `/summarize` command reads the last N messages of the channel it's invoked in (default 100, max 250), passes them to the locally-hosted LLM, and discards them after the summary is generated. The raw fetched messages are NOT persisted beyond the in-memory request.
- We do not record voice channels except for short-lived in-memory transcription.
- We do not collect IP addresses or device fingerprints from Discord users.
- We do not sell or rent personal data to third parties.
4. How we use the data
- To execute the actions you request (commands, chat, image gen, etc.).
- To enforce per-server rate limits and abuse protections.
- To compute statistics local to your server (XP, leaderboards).
- To improve the Bot's reliability via aggregate, non-personal metrics.
5. Where the data lives, and for how long
- AI inference (LLM, image generation, speech-to-text, text-to-speech) runs on the operator's own hardware (a Mac Studio in Israel). Prompts and outputs are not transmitted to OpenAI, Anthropic, Google, or any third-party AI provider.
- Classified-mention logs (`intents_log`): raw mention text + classifier metadata. Retained while the Bot is in your server. You can purge your own rows at any time with
/me forget. Server removal triggers deletion within 30 days. - Safety incidents (`safety_incidents`): retained while the Bot is in your server for abuse review. Same purge path as above.
- Short-term chat memory (Redis): last few turns of an active chat session, keyed per (server, channel, user). Auto-expires 5 minutes after your last turn. Manually cleared by
/me forget. - Configuration and XP data: retained while the Bot is in your server, removed within 30 days of removal.
- Generated images: retained 90 days unless pinned by a server admin (v0.2+).
- Voice transcripts: retained 24 hours unless flagged for moderation review (v0.3+).
- Moderation case records: retained while the Bot is in your server (audit trail; v0.3+).
6. Subprocessors
When enabled by the operator, the following service providers may receive operational data (errors, logs, usage metrics — never message content or AI prompts in plaintext):
- Sentry (error monitoring)
- Axiom (log aggregation)
- Cloudflare (R2 object storage for generated images, Tunnel for the dashboard)
- Vercel (dashboard hosting)
7. Your rights
- Access & export: run
/me datain any server where the Bot is installed; the Bot will DM you a JSON export of your data (available from v0.4). - Deletion: run
/me forgetto purge your classified-mention logs, safety records, and short-term chat memory. The command supports two scopes: this server (default) orevery server I share with you. Available from v0.1. Server admins can additionally use/server forget user @youfrom v0.3. - Server-wide: server admins may suspend or remove the Bot at any time via Discord. Removal triggers a 30-day deletion of server data.
- Contact: for any other privacy request, email legal@orellius.ai.
8. Children
The Bot is not directed to users under 13. Discord requires users to be at least 13. If you become aware that a child under 13 has provided personal data, contact us and we will delete it.
9. International users
The Bot is operated from Israel. By using the Bot, you consent to the transfer and processing of your data in Israel.
10. Security
We use commercially reasonable safeguards including TLS for all transit and principle-of-least-privilege access controls. The Bot's database is hosted locally on the operator's machine (not on a managed cloud database). Field-level encryption at rest is not currently implemented; this section will be updated when it is. No system is perfectly secure; you use the Bot at your own risk.
11. Changes
Material changes will update the "Last updated" date. Continued use after a change constitutes acceptance.