Data Processing Agreement (DPA)
This Data Processing Agreement ("DPA") forms part of the Terms of Service between you (the "Data Controller", typically a Server Administrator or Community Owner) and The epic cake (the "Data Processor"). This DPA applies when we process personal data of users located in the European Economic Area (EEA), the UK, or Switzerland on your behalf, in accordance with the General Data Protection Regulation (GDPR).
1. Roles and Scope of Processing
1.1 Roles: When you add our bots (e.g., Cosmos+ Networks) to your server, you act as the Data Controller for the personal data of your server members. We act as the Data Processor, processing data exclusively to provide our Services.
1.2 Nature and Purpose: We process data to deliver bot functionalities, including moderation, economy, leveling systems, analytics dashboards, and web verification (anti-raid security).
1.3 Types of Personal Data: Discord IDs, usernames, roles, message activity/telemetry, and optionally IP addresses and emails for verification purposes.
2. Processing Instructions
We will only process personal data in accordance with your documented instructions, which are constituted by your configuration of the bot, your use of our dashboard, and your acceptance of our Terms of Service. If we are legally required to process data otherwise, we will inform you unless prohibited by law.
3. Sub-processors
You grant us general authorization to engage sub-processors to assist in providing the Services. Our current sub-processors include:
- Infrastructure: Cloudflare, VPS Providers.
- Analytics: Google Analytics.
- Payments: WHOP, Stripe, PayPal.
We ensure that any sub-processor we engage is bound by data protection obligations no less protective than those in this DPA.
4. Security Measures
We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure. This includes securing our verification logs and restricting administrative access to highly sensitive data.
5. Data Subject Rights (Right to be Forgotten)
We will assist you, as the Data Controller, in fulfilling your obligations to respond to requests from data subjects exercising their rights under the GDPR. If a user requests data deletion, you must direct them to our official support channels so we can purge their data from our global systems.
6. Data Deletion and Retention
Upon termination of our Services (e.g., kicking the bot from your server), we will automatically schedule the deletion or anonymization of your server's specific data in accordance with our automated pruning cycles (typically 30 to 90 days), unless further retention is required by law.