VerticalBot Privacy Policy.

Effective date: [07/10/25]
Controller: Project Vertical (“PV”, “we”, “us”).
Contact: uk@project-vertical.com

This notice explains how we process personal data when you use our Discord bot and related automations. It is written for UK GDPR/EU GDPR compliance.

1) What we collect and why

Discord basics.
When you use the Bot in the Project Vertical server, we process basic Discord information such as your user ID, username, nickname, roles, server membership, and the time you use commands. We use this to run slash commands you request, automate roles and nicknames, show server stats, and prevent abuse. Our legal bases are legitimate interests (operating a community bot) and, where you invoke a command, contract (providing the service you asked for).

TikTok Backstage metrics.
If you run features like /pv levelup (or where automation runs for your creator handle), we read your creator data via TikTok Backstage to obtain this-month Diamonds and milestone/progress information. We use these metrics to show you level-up info in Discord and to determine eligibility for certain roles and/or your TikTok Milestone Progress. Our legal bases are legitimate interests (operating a creator network) and consent where required. This information can be found yourself through your own TikTok Live Center.

Operational logs.
We generate diagnostic logs that can include timestamps, error traces, rate-limit events and feature flags. These are used to keep the Bot secure and reliable, detect abuse, and fix bugs. The legal basis is legitimate interests (security and maintenance).

Authentication artefacts.
To access TikTok Backstage, the Bot may store a session “storage/state” file on the Bot host so it can stay logged in for automations. This is used strictly to provide the requested features. The legal basis is legitimate interests (providing the functionality you requested).

We do not collect financial details, biometrics, or special-category data, and we do not sell your personal data.

We do not collect financial data, biometrics, or sensitive categories.
We do not sell your personal data.

2) Where data comes from

  • Discord API (data about your account within the PV server).

  • TikTok Backstage (data about your creator account/metrics).

  • You (e.g., when you run a command or provide a username).

3) How long we keep data

  • While you are a member of Project Vertical: we keep the data needed to run the Bot.

  • When you leave Project Vertical: we delete Bot-linked personal data within 30 days.

  • Short-lived logs are typically retained up to 30 days (security/diagnostics).

  • Backups may persist up to 90 days before automatic purge.

  • We may keep aggregated, anonymised statistics that cannot identify you.

4) Sharing & processors

We share data only with service providers needed to run the Bot:

  • Discord (hosting the platform where the Bot runs and interacts).

  • Google (Sheets APIs) where enabled.

  • Hosting/Infrastructure providers where the Bot is deployed.

  • Error monitoring/logging tools if configured.

We require processors to protect your data and not use it for their own purposes.

5) International transfers

Where data leaves the UK/EU (e.g., Discord/Google infrastructure), we rely on appropriate safeguards such as the UK/EU Standard Contractual Clauses or equivalent mechanisms provided by those vendors.

6) Your rights (UK/EU)

You have the right to:

  • Access your personal data;

  • Correct inaccurate data;

  • Erase data (in many cases, e.g., if you leave PV);

  • Restrict or object to certain processing;

  • Data portability (where applicable);

  • Withdraw consent where we rely on consent.

To exercise these, contact [uk@project-vertical.com]. We may need to verify your identity.

You also have the right to complain to your local data protection authority (e.g., ICO in the UK: ico.org.uk).

7) Security

We use reasonable administrative, technical, and organisational measures to protect your data (e.g., least-privilege API tokens, restricted access to session storage, short-lived logs). No system is perfectly secure; please report issues to the information controller at uk@project-vertical.com.

8) Children

We follow Discord and TikTok age rules. If you believe a minor’s data has been processed contrary to those rules, contact us for deletion.

9) Cookies & similar tech

The Bot itself doesn’t set web cookies for end-users, but it may store a TikTok session state (e.g., storage file used by our automation) on the Bot host to keep us logged in to view your data. This is used only to perform the features you’ve requested.

10) Leaving Project Vertical

When you leave the organisation (or request deletion), Bot-linked personal data will be removed within 30 days, and any role/nickname automations will stop for your account.

11) Changes to this policy

We may update this policy. We’ll post the latest version where the Bot is offered or announce changes in the server. Continued use means you accept the updated policy.

12) Contact

Project Vertical
Email: [uk@project-vertical.com]