Legal

Privacy Policy

Name: Pulse Music Bot
Author: Pulse Music Bot

Last updated: 8 May 2025

This Privacy Policy explains how Pulse Music Bot collects, uses, stores, and protects your personal data. It applies to all users of the Pulse Discord bot and the website at pulsemusicbot.org. We are committed to handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1Who We Are

Pulse Music Bot ("Pulse", "we", "us", "our") operates the Discord bot and website at pulsemusicbot.org. We are the data controller for the personal data described in this policy.

You can contact us at info@pulsemusicbot.org with any privacy-related questions or requests.

2What Data We Collect

We collect the following categories of personal data when you use Pulse:

Discord ID	Your unique Discord account identifier	Account creation / login
Discord username & avatar	Your display name and profile picture from Discord	Account creation / login
Email address	Provided by Discord OAuth if you have one set	Account creation / login
Subscription & billing status	Your plan tier, billing period, and subscription status	When you subscribe or your plan changes
Payment method details	Card type and last 4 digits only — full card data is never stored by us	When you subscribe (handled by Stripe)
Server IDs	Discord server identifiers linked to Server Plans you manage	When you assign a server to a plan
Playlist data	Song names and URLs you save in Pulse playlists	When you create or modify playlists
Support ticket content	Messages and transcripts from support tickets you open	When you contact support
Referral codes	Whether you were referred by another user	If you join via a referral link

3How We Use Your Data

We use your data to:

Provide and maintain the Pulse service, including enforcing plan access controls
Process subscription payments and manage billing through Stripe
Display your username and avatar in dashboards and admin tools
Store and retrieve your playlists and saved preferences
Respond to support requests and maintain ticket records
Prevent fraud and enforce our Terms & Conditions
Comply with legal and regulatory obligations
Maintain internal audit logs for security and accountability purposes

4Legal Basis for Processing (UK GDPR)

We rely on the following legal bases under UK GDPR / the Data Protection Act 2018:

Contract performance	Processing your Discord ID, subscription status, and payment details to deliver the service you have subscribed to
Legitimate interests	Maintaining audit logs, preventing abuse and fraud, and improving the service — balanced against your rights
Legal obligation	Retaining certain financial records for the period required by UK tax law (currently 6 years)

5Data Retention

We retain your data for as long as your account is active. If you request deletion of your account:

Your Discord profile data, playlists, and subscription records will be deleted or anonymised within 30 days of your request
Payment and transaction records are retained for up to 7 years to comply with UK financial record-keeping requirements
Support ticket transcripts may be retained for up to 12 months for quality assurance purposes, then deleted
Audit log entries referencing your account will be anonymised rather than deleted where required for integrity

6Third Parties We Share Data With

We do not sell your data. We share data only with the following processors as necessary to operate the service:

Stripe	Payment processing and subscription management. Stripe stores your full payment details under their own privacy policy.	stripe.com/gb/privacy
Supabase	Database hosting for account, subscription, playlist, and ticket data. Data is stored in the EU.	supabase.com/privacy
Vercel	Website hosting and deployment. Request logs may be retained by Vercel.	vercel.com/legal/privacy-policy
Discord	Authentication (OAuth2 login). Your use of Discord is governed by Discord's own privacy policy.	discord.com/privacy

All third-party processors are contractually required to handle your data only as instructed by us and in accordance with applicable data protection law.

7Cookies & Session Data

Pulse uses a small number of cookies strictly necessary to operate the service. These are not used for advertising or tracking across other websites.

Session cookie	Keeps you logged in after authenticating with Discord	Session (deleted when you close your browser or log out)
CSRF token	Prevents cross-site request forgery attacks on form submissions	Session

Because we only use strictly necessary cookies, no consent banner is required under UK PECR. If we introduce any non-essential cookies in the future, we will update this policy and add a consent mechanism.

8Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right of access — request a copy of the personal data we hold about you
Right to rectification — ask us to correct inaccurate or incomplete data
Right to erasure — request deletion of your personal data (subject to legal retention obligations)
Right to restriction — ask us to limit how we process your data in certain circumstances
Right to data portability — receive your data in a structured, machine-readable format
Right to object — object to processing based on legitimate interests

To exercise any of these rights, contact us at info@pulsemusicbot.org. We will respond within 30 days. You will not be charged for exercising your rights.

If you are unsatisfied with our response, you have the right to lodge a complaint with the UK's supervisory authority, the Information Commissioner's Office (ICO), at ico.org.uk or by calling 0303 123 1113.

9Data Security

We take reasonable technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These include encrypted connections (HTTPS), restricted admin access controls, and secure third-party infrastructure.

No system is completely secure. If you believe your account has been compromised, contact us immediately at info@pulsemusicbot.org.

10International Transfers

Your data is primarily stored within the EU (Supabase). Where data is processed outside the UK or EU (e.g. by Stripe in the US), appropriate safeguards are in place, including Standard Contractual Clauses approved by the relevant authority.

11Children's Privacy

Pulse is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the website. The "Last updated" date at the top of this page always reflects the most recent revision. Continued use of the service after changes are posted constitutes acceptance.

13Contact Us

For any privacy queries, data requests, or complaints, please contact us at: info@pulsemusicbot.org

Alternatively, you can open a support ticket via our Discord server at discord.gg/pulsemusicbot.