Privacy Policy

Last Updated: January 15, 2025

1. Introduction

Welcome to Krow Bot ("we," "our," or "us"). Your privacy is important to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Discord bot and associated website services at krow.rip.

By accessing or using our services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Information You Provide

  • Account Information: Email address, username, and password when you register on our website.
  • Discord Data: Discord user ID, username, avatar, and server membership when you link your Discord account.
  • Third-Party Integrations: Spotify and Last.fm account tokens when you connect these services.
  • Communications: Messages and content you send through our chatbot or support channels.

Automatically Collected Information

  • Usage Data: Pages visited, features used, and interaction patterns.
  • Device Information: Browser type, operating system, and device identifiers for session management.
  • Log Data: IP addresses, access times, and referring URLs.

3. How We Use Your Information

  • Provide, operate, and maintain our bot and website services.
  • Authenticate your identity and manage user sessions.
  • Process and fulfill bot commands and customization preferences.
  • Enable third-party integrations (Spotify, Last.fm, Discord).
  • Send notifications and updates you have opted into.
  • Monitor and analyze usage patterns to improve our services.
  • Detect, prevent, and address technical issues and abuse.

4. Data Sharing & Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

  • Third-Party Services: When you authorize connections to Spotify, Last.fm, or Discord, we share necessary tokens with those platforms to provide the requested functionality.
  • Legal Requirements: When required by law, subpoena, or governmental request.
  • Safety: To protect the rights, property, or safety of our users and the public.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Passwords are hashed using bcrypt with salt rounds.
  • All data transmission is encrypted via HTTPS/TLS.
  • JWT tokens with CSRF protection for session management.
  • Rate limiting to prevent brute force attacks.
  • Security headers (HSTS, X-Frame-Options, CSP) on all responses.
  • Two-factor authentication (2FA) available for all accounts.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of any inaccurate data.
  • Deletion: Request deletion of your account and associated data.
  • Disconnect: Unlink third-party integrations (Spotify, Last.fm, Discord) at any time through your profile settings.
  • Opt Out: Disable notifications and data collection where applicable.

To exercise these rights, contact us at the email below or use the settings in your profile page.

7. Cookies & Local Storage

We use cookies for:

  • Authentication: JWT access and refresh tokens stored as secure, HTTP-only cookies.
  • CSRF Protection: CSRF tokens to prevent cross-site request forgery.
  • Preferences: Theme preference (light/dark mode) stored in localStorage.
  • Device Recognition: Device UUID for session management across devices.

You can manage cookie preferences through your browser settings. Disabling cookies may limit functionality.

8. Data Retention

We retain your personal data only as long as necessary to provide our services and fulfill the purposes described in this policy. Account data is retained until you request deletion. Activity logs are retained for up to 90 days.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of our services after changes constitutes acceptance of the revised policy.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: