Privacy Policy
Last updated: April 5, 2026
Michi-Niwa ("we", "our", "the Service") respects your privacy. This policy explains what data we collect, why, and how you can control it.
1. Data We Collect
When you use Michi-Niwa, we collect: - Discord account information (user ID, username, avatar) via Discord OAuth2 - Email address (if provided by Discord) - Server structure data (channels, roles, permissions) when you run an audit or migration - Message content and attachments only when you explicitly request a backup or migration - Payment information is processed by Stripe — we never store your card details
2. How We Use Your Data
We use your data exclusively to provide the Service: - Authentication and account management - Server audits, blueprint generation, and migration operations - AI-powered moderation (content analysis for spam, raids, toxicity) - Analytics about your server's activity - Billing and subscription management via Stripe
3. Legal Basis (GDPR)
We process your data based on: - Legitimate interest (Art. 6(1)(f)) for server management operations initiated by the server administrator - Consent for optional features like AI moderation and message backup - Contract performance for paid subscription features You can withdraw consent at any time using the /niwa-optout command in Discord.
4. Data Retention
We keep your data only as long as needed: - Account data: retained until you delete your account - Message backups: automatically deleted after migration + 7 to 30 days (configurable by server admin) - Attachments: same retention as message backups, encrypted at rest - Moderation logs: retained while the server is connected - Audit results: retained while the server is connected When you remove the bot from your server, all server data is deleted.
5. Your Rights
Under GDPR, you have the right to: - Access your data: use /niwa-deletemydata in Discord or visit Settings > Export - Delete your data: use /niwa-deletemydata in Discord or DELETE your account in Settings - Opt out of message backups: use /niwa-optout in Discord - Object to processing: contact us at the address below - Data portability: export your data as JSON from Settings We respond to all requests within 30 days.
6. Discord Server Data
When a server administrator uses Michi-Niwa: - We access server structure (channels, roles) via Discord API with the permissions granted - Message content is only accessed during explicit backup/migration operations - Server members are notified before any migration that involves their messages - Any member can opt out of message backups using /niwa-optout - We never sell, share, or use message data for AI training
7. Third Parties
We share data only with: - Stripe: payment processing (see stripe.com/privacy) - Discord API: authentication and bot functionality - Ollama (self-hosted): AI processing — your data stays on our servers - DeepSeek/OpenAI: optional AI providers, only if you explicitly choose them in Settings We do not sell your data to anyone.
8. Security
We protect your data with: - HTTPS/TLS encryption in transit - AES-256-GCM encryption at rest for stored messages and attachments - JWT RS256 authentication with httpOnly secure cookies - Rate limiting on all API endpoints - Regular security audits Our servers are hosted on OVH (EU) — your data stays in the European Union.
9. Children
Michi-Niwa is not intended for users under 13 (or under 16 in some EU countries). We do not knowingly collect data from children. If you believe a child has provided us with data, please contact us.
10. Changes to This Policy
We may update this policy from time to time. Significant changes will be announced via the bot in connected servers and on this page. The "last updated" date at the top reflects the most recent revision.
11. Contact
For privacy questions or to exercise your rights: Email: privacy@shinkofa.com Discord: Use /niwa-deletemydata or /niwa-optout commands Mail: Shinkofa, Corumbela, Andalusia, Spain