Privacy Policy

Last updated: June 11, 2026

This Privacy Policy explains how Nyxih processes personal data when you visit our website, use the Nyxih Discord bot, interact with Nyxih features, contact us, or use Premium-related services.

Nyxih is a Discord bot and online service for Discord communities. It provides tools such as moderation, events, reminders, tickets, polls, tips, feeds, onboarding, permissions, leveling, voice tools, themes, Personal Tools, Personal Notes, mentions, sharing features, and related community-management features.

1. Who is responsible for your data?

The person legally responsible for the processing of personal data, also called the “controller” under the GDPR, is:

Roland Spilak

Adalbert-Stifter-Straße 95

94145 Haidmühle

Germany

Email: privacy@nyxih.com

General contact: contact@nyxih.com

Website: https://nyxih.com

2. Website data

When you visit nyxih.com, technical data may be processed automatically to provide the website, keep it secure, and troubleshoot problems.

This may include:

  • IP address

  • date and time of access

  • requested page or file

  • browser type and version

  • operating system

  • referrer URL

  • technical server log data

The website is hosted separately from the bot infrastructure. The website is hosted through Hostinger. The Nyxih Discord bot runs on VPS infrastructure, currently hosted through Hetzner.

We currently do not use analytics, marketing tracking, advertising pixels, or behavioral tracking on the website.

The website may use technically necessary cookies or local storage only where required for basic website functionality. If we add analytics, marketing cookies, or non-essential tracking later, we will update this Privacy Policy and request consent where required.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in providing, securing, and maintaining the website.

3. Discord bot data

When Nyxih is added to a Discord server or used through Discord, Nyxih may process Discord-related data necessary to provide the configured features.

Depending on the features used, this may include:

  • Discord user IDs

  • Discord server/guild IDs

  • channel IDs

  • role IDs

  • message IDs

  • usernames, display names, or labels where needed for display

  • server settings and feature configuration

  • permissions and access settings

  • event, reminder, ticket, poll, tip, feed, onboarding, leveling, voice, theme, and moderation-related records

  • Personal Tools and Personal Notes data

  • uploaded images, files, and other assets

  • logs and diagnostics needed for security, reliability, abuse prevention, and troubleshooting

Nyxih only processes data as needed to provide, secure, maintain, and improve the service.

Legal bases may include:

  • Art. 6(1)(b) GDPR — processing necessary to provide requested services

  • Art. 6(1)(f) GDPR — legitimate interest in operating, securing, improving, and protecting Nyxih

  • Art. 6(1)(c) GDPR — legal obligations, especially for payment, tax, accounting, and legal records

  • Art. 6(1)(a) GDPR — consent, where a feature specifically relies on consent

4. Server administrators and Discord communities

Many Nyxih features are configured by Discord server owners or administrators. Server administrators decide which Nyxih features are enabled, which channels and roles are used, and how certain server tools operate.

If you are a member of a Discord server using Nyxih, the server owner or administrators may also process your data under their own responsibilities. You may need to contact the server administrators for questions about their server rules, moderation decisions, or community-specific use of Nyxih.

5. Personal Notes

Nyxih includes Personal Notes features. Personal Notes are user-owned.

Depending on how you use the feature, Nyxih may process:

  • note titles and note content

  • note categories, tags, pins, locks, and settings

  • uploaded images, files, and attachments

  • banner or customization assets

  • sharing settings and access records

  • saved references or related metadata

  • privacy and consent settings related to Personal Notes

Users should not store illegal content, sensitive third-party personal data without permission, or content they are not allowed to process.

Nyxih uses Nyxih-controlled storage for saved or uploaded assets. This means Nyxih does not treat temporary Discord CDN links as the durable source of truth for stored notes and files.

6. Uploaded files, images, and object storage

When users or server administrators upload files, images, banners, logos, note attachments, or other assets through Nyxih features, those assets may be stored in object storage such as Cloudflare R2 or similar Nyxih-controlled storage.

Stored assets may include:

  • Personal Notes attachments

  • Personal Notes banner/customization assets

  • server branding or theme assets

  • onboarding or panel images

  • other uploaded files needed for configured features

Nyxih does not publish internal storage keys, bucket identifiers, or object paths. Access to stored assets is limited to what is necessary for the related Nyxih feature.

7. Moderation and safety features

Server administrators may enable Nyxih moderation and safety features.

Depending on server configuration, Nyxih may process message content, message context, user IDs, role IDs, channel IDs, moderation settings, and moderation-related metadata to detect or respond to issues such as spam, harassment, threats, sexual abuse, self-harm signals, abuse, or other safety risks.

Moderation tools are designed to assist server staff and enforce configured server safety settings. They are not legal advice and may not be perfect.

Nyxih may use automated rules, local safety logic, and AI-assisted review for some safety-related processing where enabled. AI-assisted checks are used to support safety and moderation review, not to sell user data.

Moderation, security, abuse-prevention, and safety records may be retained where necessary for legal, safety, security, fraud-prevention, or abuse-prevention reasons. This means some moderation or security records may not be deleted immediately or completely when a deletion request is made.

8. AI-assisted processing

Nyxih may use AI service providers for limited safety, moderation, support, or review purposes where such features are enabled.

AI-assisted processing may involve limited relevant context, such as message content or surrounding moderation context, when necessary for safety review or abuse prevention.

Nyxih does not use AI service providers to sell user data. AI-assisted results do not replace all server configuration, administrator responsibility, or Nyxih’s own safety rules.

Nyxih may use automated rules, configured server settings, and AI-assisted safety checks to support moderation and safety features. Nyxih does not use AI output by itself as a final legal decision.

Some server-configured moderation actions may be applied automatically inside Discord depending on the server’s settings. Where automated processing significantly affects you, you may contact us or the relevant server administrators to request review, depending on the context of the decision.

9. Premium and payments

Nyxih uses Dodo Payments for payment processing.

Before Nyxih’s wider Discord rollout and Discord verification, Premium purchase links are available only inside the Nyxih bot Dashboard or Premium panel after the bot has been added to a Discord server. Public website checkout is not available yet.

Payments are processed by Dodo Payments. Dodo Payments may process buyer, billing, tax, fraud-prevention, compliance, invoicing, and payment data under its own applicable legal and privacy terms.

Nyxih does not store full card details.

Nyxih may receive limited payment-related information from Dodo Payments, such as transaction confirmation, subscription status, customer email, billing identifiers, invoice references, or basic billing information needed to activate Premium, provide support, prevent fraud, and keep required payment, tax, accounting, or legal records.

Payment, invoice, tax, accounting, fraud-prevention, legal, and related records may be retained where required by law or legitimate security/payment needs.

Legal bases may include Art. 6(1)(b) GDPR, Art. 6(1)(c) GDPR, and Art. 6(1)(f) GDPR.

10. Data deletion inside Nyxih

Nyxih provides in-bot deletion request flows.

Individual users can schedule:

  • Delete my data - Available from My Panel → Privacy & Data.

Server owners or authorized administrators can schedule:

  • Delete server data - Available from Control Panel → Privacy & Data.

Both deletion flows have a 7-day waiting period. During this waiting period, the deletion request can be canceled.

The 7-day waiting period helps prevent accidental, mistaken, or malicious deletion, for example if a user account or administrator account is compromised. This serves Nyxih’s legitimate interest in protecting users, servers, and stored data from irreversible accidental or abusive deletion.

Deletion is not immediate when the request is created. After the waiting period ends, Nyxih’s automatic privacy deletion worker processes due deletion requests.

For user deletion requests, Nyxih deletes, detaches, or anonymizes user-tied data through feature-specific deletion adapters.

For server deletion requests, Nyxih deletes, detaches, or anonymizes server/guild-owned data through feature-specific deletion adapters.

Deletion requests that are canceled, not yet due, already completed, or failed are not executed.

Some records may be retained where required for:

  • payment processing

  • tax and accounting obligations

  • legal claims

  • fraud prevention

  • security

  • abuse prevention

  • moderation safety

  • deletion audit records

Backup copies are not rewritten immediately. Backup data expires through normal backup rotation.

Nyxih’s privacy deletion flows do not automatically delete Discord public messages, Discord channels, Discord roles, or Discord server content outside Nyxih’s own stored data.

11. Bot removal grace period

When Nyxih is removed from a Discord server, Nyxih schedules a recoverable server-data deletion request.

This bot-removal deletion request is scheduled for 7 days later.

If Nyxih is re-added to the same server within the 7-day grace period, the bot-removal-created deletion request is canceled.

Admin-created deletion requests are different. If a server owner or administrator manually schedules Delete server data from the Control Panel, re-adding the bot does not automatically cancel that admin-created deletion request.

No immediate deletion happens when the bot is removed.

The bot-removal grace process does not automatically delete Discord messages, channels, or roles.

12. Service providers and recipients

Nyxih may use service providers and technical infrastructure to operate the website, bot, storage, payments, email, and safety systems.

These may include:

  • Discord as the platform/API provider

  • Hostinger for website hosting and email services

  • Hetzner for VPS/server infrastructure

  • PostgreSQL for durable database storage

  • Redis for temporary coordination, queues, leases, or session state

  • Cloudflare R2 for object storage, such as uploaded images, notes assets, and other feature files

  • Dodo Payments for payment processing

  • AI or safety service providers where AI-assisted safety features are enabled

  • security, monitoring, backup, and infrastructure providers

Service providers are used only where needed to operate, secure, maintain, or provide Nyxih.

13. Retention

Nyxih keeps personal data only as long as necessary for the relevant purpose.

Retention depends on the type of data and feature:

  • website logs are kept as needed for security, troubleshooting, and availability

  • server configuration is kept while a server uses Nyxih

  • user-owned data is kept while the user uses the relevant feature

  • Personal Notes data is kept until deleted by the user or processed through a deletion request

  • deletion requests have a 7-day waiting period unless canceled

  • bot-removal server deletion requests have a 7-day grace period

  • payment, tax, accounting, legal, security, abuse-prevention, moderation-safety, and deletion-audit records may be retained longer where required

  • backups expire through normal backup rotation

When a deletion request is processed, active production data covered by the relevant deletion adapters is deleted, detached, or anonymized. Backup copies are removed through normal backup expiration.

14. Your rights

Under the GDPR, you may have the following rights, depending on the situation:

  • right of access

  • right to rectification

  • right to erasure

  • right to restriction of processing

  • right to object

  • right to data portability

  • right to withdraw consent where processing is based on consent

  • right to lodge a complaint with a data protection authority

  • You may lodge a complaint with a competent data protection supervisory authority. For private-sector controllers in Bavaria, this is generally:

    Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

    https://www.lda.bayern.de

  • right not to be subject to a decision based solely on automated processing, including profiling, where such decision produces legal effects concerning you or similarly significantly affects you

You can contact us at: privacy@nyxih.com

We may need to verify your identity before responding to a request. For Discord-related requests, we may ask you to confirm your Discord user ID or provide other information needed to identify the relevant data.

15. Legal bases

Nyxih processes personal data under one or more of the following legal bases:

  • Art. 6(1)(a) GDPR — consent, where consent is requested

  • Art. 6(1)(b) GDPR — performance of a contract or requested service

  • Art. 6(1)(c) GDPR — legal obligations

  • Art. 6(1)(f) GDPR — legitimate interests, including service operation, security, abuse prevention, fraud prevention, troubleshooting, and product reliability

Where we rely on legitimate interests, we consider the rights and interests of affected users.

16. International transfers

Some providers may process data outside the European Economic Area.

Where required, appropriate safeguards are used, such as standard contractual clauses or equivalent legal safeguards.

17. Security

Nyxih uses technical and organizational measures to protect personal data against unauthorized access, misuse, loss, or alteration.

No online service can guarantee absolute security, but Nyxih is designed with separation between feature data, temporary runtime state, durable storage, privacy deletion flows, and access-controlled infrastructure.

18. Children and minors

Nyxih operates on Discord and depends on Discord’s own user eligibility rules.

Server owners and administrators are responsible for running their communities in accordance with applicable law, Discord rules, and their own community obligations.

Nyxih does not knowingly encourage children to submit personal data through the website.

19. Changes to this Privacy Policy

We may update this Privacy Policy when Nyxih changes, when legal requirements change, or when our providers or features change.

Updates apply from the date shown at the top of this page.

20. Contact