Data Processing Addendum

DPA for Server Owners

For larger Discord server owners who want processor-style terms. This is not legal advice.

1. Parties and Roles

The server owner/admin is the “Customer”. sins4skins is the “Service Provider/Processor” where it processes personal data only to provide configured bot services. In some cases, both parties may act as independent controllers for their own operational decisions.

2. Subject Matter and Duration

Processing covers Discord bots, statistics, webhooks, routing, support workflows, and server integrations. Duration lasts while the bots are installed/configured and for any retention period required for logs, statistics, deletion, security, or legal compliance.

3. Categories of Data

Alderon IDs and names.
In-game chat and webhook event data from PotBot.xyz.
Discord guild/channel IDs.
Server IP, port, and RCON credentials.
Configuration and operational logs.

4. Categories of Data Subjects

Discord server members, game server players, server admins, moderators, and users whose gameplay/chat events are routed through configured systems.

5. Processor Obligations

Process data only to provide configured bot services.
Apply reasonable technical and organisational security measures.
Treat RCON credentials as sensitive private/encrypted configuration data where feasible.
Limit access to operational need.
Assist with deletion/access requests where technically feasible.
Notify the Customer of known security incidents affecting Customer data where legally required.

6. Customer Obligations

Ensure authority to install/configure bots.
Provide notices to community members where appropriate.
Use channels, webhooks, and RCON safely.
Do not submit unlawful, excessive, or unnecessary personal data.

7. Sub-processors

Current hosting sub-processor: Contabo (VPS hosted in France/EU). PotBot.xyz may provide webhook source data. Additional sub-processors may be added where necessary.

8. International Transfers

Data may be accessed from the UK and processed on EU-hosted infrastructure. Where transfer mechanisms are required, the parties should use appropriate safeguards.

9. Deletion / Return

On uninstall or request, Customer may request deletion of applicable server data unless retention is required for security, abuse prevention, legal obligations, or backup integrity.

10. Audit

Reasonable written security/compliance information may be provided on request for larger server owners. On-site audits are not supported unless separately agreed.