Noctra

Get Started!

Privacy policy

Our Policy.

Privacy Policy - Noctra

Privacy Policy - Noctra

Effective Date: April 3, 2024 Last Updated: March 11, 2026 Contact: support@noctra.xyz

1. Introduction

This Privacy Policy explains how Noctra (referred to as 'we' and 'us') collects, processes, stores, and protects data when you use the Noctra bot, the website noctra.xyz, the Noctra API (api.noctra.xyz), game servers operated Noctra, and any related services, collectively referred to as the 'Service'.

By using any part of the Service, you confirm that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for the processing of personal data under this Policy is:

Leandro Wrede
c/o Impressumservice Dein-Impressum
Stettiner Strasse 41
35410 Hungen
Germany
Email: support@noctra.xyz

3. Data We Process

We process only data that is necessary to operate, secure, and improve the Service.

3.1 Discord Bot - Identifiers

We may process the following identifiers:

  • Discord user IDs
  • Discord server (guild) IDs
  • Discord channel IDs

These identifiers are required to associate actions, settings, and features with the correct context.

3.2 Discord Bot - Message Content

Certain commands, moderation features, or automation systems require temporary processing of message content. Message content:

  • is processed only when required for a specific feature
  • is not permanently stored default
  • may be temporarily cached for up to 24 hours for security, abuse prevention, or diagnostics where necessary

3.3 Discord Bot - Server Configuration Data

We may store server-specific configuration data, such as enabled features or preferences, to ensure the Service functions correctly.

3.4 Website (noctra.xyz)

When you visit noctra.xyz, our servers may automatically record standard server log data, including your IP address, browser type, pages visited, and timestamps. This data is used solely for security and operational purposes and is not linked to individual Discord identities.

3.5 Noctra API (api.noctra.xyz)

When you access or integrate with the Noctra API, the following data may be processed:

  • API keys or authentication tokens used to identify and authorize requests
  • IP addresses of requesting clients, for rate limiting and abuse prevention
  • Request metadata, including endpoints accessed, timestamps, and response codes
  • Any data explicitly submitted as part of API requests (e.g., Discord IDs, configuration payloads)

Discord Bot Tokens

To enable certain API features, users may voluntarily submit their own Discord bot token to the Noctra API. By submitting a bot token, you acknowledge and agree to the following:

  • Bot tokens are stored in encrypted form and are never stored or logged in plaintext
  • Bot tokens are used exclusively to perform operations you explicitly authorize via the API
  • Tokens are never shared with third parties, disclosed in logs, or used for any purpose outside the scope of your request
  • You may revoke API access and request deletion of your stored token at any time via support@noctra.xyz or through the API itself
  • You are responsible for ensuring your bot token is valid and that you are authorized to submit it
  • In the event of a suspected token compromise, we will notify you immediately and invalidate the stored token on our end
We strongly recommend regenerating your Discord bot token immediately if you believe it has been compromised, via the Discord Developer Portal.

API access logs are retained for up to 90 days. Bot tokens are retained only as long as the associated API integration is active, and are permanently deleted upon revocation or account removal.

3.6 Game Servers - Minecraft

When you connect to a Noctra-operated Minecraft server, the following data may be processed:

  • Minecraft username and UUID (as provided Mojang/Microsoft)
  • IP address at time of connection
  • Join/leave timestamps and session duration
  • In-game actions relevant to moderation (e.g., chat messages, rule violations)
  • Any data submitted via in-game commands or forms

3.7 Game Servers - Steam

When you connect to a Noctra-operated Steam game server, the following data may be processed:

  • Steam ID (SteamID64)
  • IP address at time of connection
  • Join/leave timestamps and session duration
  • In-game actions relevant to moderation or anti-cheat enforcement
  • Player name as displayed via Steam

Game server data is retained for up to 90 days, or longer if required for active bans or security investigations.

4. Legal Basis for Processing (GDPR)

Where applicable under the General Data Protection Regulation (GDPR), data is processed under one or more of the following legal bases:

  • Art. 6(1)(b) GDPR - Processing is necessary for the performance of a service you have requested
  • Art. 6(1)(f) GDPR - Processing is necessary for our legitimate interests, such as preventing abuse, fraud, and ensuring service security, where these interests are not overridden your rights
  • Art. 6(1)(a) GDPR - Consent, where explicitly required law

5. Purpose of Processing

We process data exclusively for the following purposes:

  • Providing and operating all parts of the Service (bot, website, API, game servers)
  • Executing commands, automation logic, and API requests
  • Preventing abuse, fraud, cheating, and misuse
  • Enforcing bans and moderation decisions across game servers
  • Monitoring, diagnostics, and service optimization
  • Rate limiting and securing API access
  • Responding to support and administrative requests

We do not sell, rent, or use data for advertising, profiling, or marketing purposes.

6. Data Retention

Data Type Retention Period
Temporary message processingUp to 24 hours
Operational logs and diagnosticsUp to 90 days
API access logsUp to 90 days
Game server session dataUp to 90 days
Bot tokensWhile API integration is active; deleted upon revocation
Server configuration dataWhile Noctra is active on the server
Ban and moderation recordsUntil lifted, or permanently if required for security
Legal and security hold dataAs required applicable law

After the applicable retention period, data is securely deleted or anonymized.

7. Data Sharing and Third Parties

We do not sell or share personal data with third parties for commercial purposes. Data may be disclosed:

  • When required applicable law or court order
  • To protect the integrity and security of the Service
  • With infrastructure and hosting providers necessary to operate Noctra (e.g., database, server, and API hosting providers)

All third-party providers are contractually required to implement appropriate data protection measures and may only process data on our behalf and in accordance with our instructions.

8. International Data Transfers

Data may be processed or stored outside the European Economic Area (EEA). Where such transfers occur, appropriate safeguards are applied in accordance with GDPR requirements, such as EU Standard Contractual Clauses (SCCs) or adequacy decisions the European Commission.

9. Security Measures

We apply reasonable technical and organizational measures to protect data against unauthorized access, loss, or misuse, including encrypted storage of API keys and access controls on infrastructure.

Discord bot tokens submitted to the API are encrypted at rest using industry-standard encryption. Access to stored tokens is strictly limited to automated systems performing user-authorized operations. No human operator can retrieve a token in plaintext.

In the event of a data breach affecting your rights, we will notify the relevant supervisory authority and, where required, affected individuals in accordance with applicable law.

10. Automated Decision-Making

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR that produces legal or similarly significant effects on individuals. Automated systems such as spam filters or anti-cheat detection may flag accounts for human review, but final decisions are made a human moderator.

11. Children's Privacy

The Service is not intended for individuals who are not legally permitted to use the platforms on which Noctra operates. In accordance with Discord's Terms of Service, users must be at least 13 years of age. Minecraft and Steam services are likewise intended only for users meeting the minimum age requirements of those platforms. If we identify that data has been collected from underage users without appropriate consent, it will be deleted without undue delay.

12. Your Rights

Depending on applicable law, in particular the GDPR, you may have the right to:

  • Access your personal data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure - right to be forgotten (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing based on legitimate interests (Art. 21 GDPR)
  • Withdraw consent at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at support@noctra.xyz. We will respond within 30 days in accordance with Art. 12 GDPR.

You also have the right to lodge a complaint with a supervisory authority. The competent authority for North Rhine-Westphalia is:

Landesbeauftragte fur Datenschutz und Informationsfreiheit NRW (LDI NRW)
Postfach 20 04 44
40102 Dusseldorf
www.ldi.nrw.de

13. Changes to This Policy

This Privacy Policy may be updated from time to time. We will notify users of material changes updating the 'Last Updated' date and, where feasible, through an announcement via the Service. We recommend reviewing this Policy periodically. Continued use of the Service after changes have been published constitutes acknowledgment of the updated version.

14. Contact

For any privacy-related questions or requests:

Leandro Wrede
c/o Impressumservice Dein-Impressum
Stettiner Strasse 41
35410 Hungen
Germany
Email: support@noctra.xyz