Privacy Policy
Picotat treats privacy as a feature, not a checkbox. This overview highlights the commitments enforced across services.
Data collection
We store only the metadata necessary to operate your bots — Discord IDs, automation payloads, and usage metrics. No chat transcripts unless you explicitly enable archival plugins.
Storage & encryption
All persistent data lives inside encrypted PostgreSQL and Redis clusters. Secrets are managed via Azure Key Vault with hourly rotation.
Third parties
We only share data with processors required to run Picotat (Azure, Cloudflare, Discord). Contracts include GDPR, CCPA, and SOC 2 clauses.
Access controls
Least privilege is enforced via Keycloak roles. Internal access requests require peer approval and leave an immutable audit trail.
Retention policy
Delete a server, plugin, or workflow and the related data is purged within 30 days unless regulation demands otherwise.
Your rights
European, California, and Canadian residents get access, export, correction, and deletion rights across every dataset we control.
This summary is not legal advice. For full details, reach out to [email protected].
Data Residency & Requests
Need a DPA, security review, or data export? Our compliance desk responds within two business days.