Privacy Policy

1. Introduction

Hinata ("NullTracker" or "the Service") is provided by NullStudio Security Team ("we", "us", or "our"). This Privacy Policy explains how we collect, use, store, and disclose information when you install or use Hinata on your Discord Server ("Server").

Our goal is to be transparent about data practices and to comply with applicable privacy laws, including the GDPR where it applies.

Our Commitment:

We are committed to protecting your privacy and handling your data with care and respect. We only collect data necessary to provide our security services.

2. Information We Collect

We collect and process the following categories of information to provide the Service:

Server Information

Guild ID, name, region, server settings, and configuration data

User Information

User IDs, usernames, nicknames, roles, join dates, and activity metadata

Message Data

Message content, edits, deletions, reactions, and attachments (when configured)

Voice Data

Voice state events, connection times, mute/deafen states (no audio recording)

Moderation Data

Bans, kicks, timeouts, anti-nuke events, and audit log information

Premium Data

Subscription status, tier level, and minimal billing identifiers

Important Note:

Message content logging only occurs for channels explicitly configured to be logged by server administrators. We do not record voice audio.

3. How We Collect Data

Discord API: Data is collected via Discord event listeners, audit log queries, and API endpoints
Configured Logging: Administrators configure which channels and events are logged
User Interactions: Commands, settings changes, and bot interactions
Third-Party Services: VirusTotal responses and PayPal transaction metadata when features are used

The scope of data collection is limited by the bot permissions granted by server administrators.

4. How We Use Data

We use collected data for the following purposes:

Provide core features: Moderation, security (anti-nuke), and logging services
Threat detection and prevention: Analyze patterns and scan URLs to prevent scams and abuse
Server restoration: Store snapshots and backups to restore server structure after malicious events
Premium delivery: Verify subscription status and enable premium features
Support and troubleshooting: Diagnose issues when administrators request help
Service improvements: Aggregate and anonymize metrics to improve features

5. Data Storage and Security

5.1 Storage

Primary storage: Local SQLite databases and JSON files
Guild-specific isolation: Data is logically partitioned per guild
Backups: Stored in repository-managed directories with controlled access

5.2 Security Measures

Access Control

Bot actions governed by Discord permissions and role hierarchy

Least Privilege

Only necessary permissions required for intended features

Secure Backups

Encrypted snapshots with access control rotation

Payment Security

No raw payment data stored; minimal billing metadata only

5.3 Incident Response

We maintain procedures to respond to security incidents and will notify affected administrators per applicable law and contractual obligations.

6. Data Retention

Active retention: Data retained while Service is active in a Server
Configurable cleanup: Administrators may configure log retention and cleanup routines
Backup retention: Depends on premium tier and server settings
Deletion upon removal: Server data retained briefly after bot removal for recovery, then deleted upon request

Grace Period:

When the bot is removed, server-specific data is retained for a brief grace period to support recovery. Contact us to request immediate deletion.

7. Third-Party Services

We may interact with the following third-party services:

Discord

Platform provider and identity source with its own privacy policy

VirusTotal

URL scanning service for detecting malicious links

PayPal

Handles subscription payments and billing records

Important:

We do not sell user data to third parties. We only share information with service providers strictly to deliver features and where legally required.

8. Data Sharing and Disclosure

Server administrators: May access logs and exports for their Server
Legal and compliance: May disclose data in response to lawful requests or to prevent imminent harm
Aggregated/anonymized data: May publish metrics that cannot be traced to individuals

9. User Rights and Choices

Where applicable (e.g., GDPR), users and server administrators have the following rights:

Access

Request a copy of personal data we process

Portability

Request export of server logs or associated data

Deletion

Request deletion of personal data

Rectification

Request correction of inaccurate data

Objection

Object to certain processing activities

Restriction

Request restriction of processing

To exercise these rights, contact us using the information below. Requests will be processed after verification.

10. Children's Privacy

Discord requires users to be at least 13 years old. We do not knowingly collect or process personal data from children under applicable minimum age requirements.

Notice:

If you believe that data from a child under the minimum age has been collected, please contact us immediately to request deletion.

Contact Information

For privacy inquiries or data requests:

Discord Support Server: https://discord.gg/8PvYKnNdXS

Email: null.studio.000@outlook.com

Table of Contents