bloom
Commands Docs Support Add to Discord

Privacy Policy

This Privacy Policy explains how Bloom Bot ("we", "our", "the Bot") collects, uses, stores, and protects your information when you use our Discord bot and related services.

Who We Are

Bloom Bot is a Discord bot providing moderation, utility, entertainment, and community management features for Discord servers. By adding Bloom to your server or interacting with it, you acknowledge this policy.

Privileged Data Access

Bloom uses two Discord privileged gateway intents that grant access to sensitive data:

  • Message Content Intent: Allows the Bot to read the full content of messages in servers where it is present. This is required for prefix commands, automod, message highlight notifications, auto-forwarding, bump reminders, counting channels, moderation logging (deleted & edited message logs), and other message-based features. Without this intent, these features cannot function.
  • Server Members Intent: Allows the Bot to receive events about members joining, leaving, and being updated. Required for welcome messages, member tracking, birthday features, joingate verification, nickname history, role restoration on rejoin, and moderation.

Message content is not stored persistently except where explicitly described below, such as moderation log snapshots, snipe/edit-snipe, ticket transcripts, and AI features that need message context. The Bot otherwise processes message content in memory to execute commands and then discards it.

What Data We Collect

Automatically Collected Data

  • Discord Identifiers: User IDs, Server IDs, Channel IDs, Role IDs — used to associate data with the correct users and servers.
  • Message Activity Counts: Per-user and per-channel message counts and hourly activity timestamps for analytics features (analytics, leaderboard commands). Message content is not stored for this purpose — only the count and timestamp.
  • Member Count History: Server member count snapshots over time, stored per guild.
  • Nickname History: When a member's nickname changes, the previous nickname and timestamp are stored per guild to support nickname moderation features. Entries are automatically deleted after 30 days.
  • Role Snapshots on Leave: When a member leaves a guild, their current role list is stored for up to 24 hours to enable role restoration if they rejoin. This data is deleted after 24 hours or upon rejoin.
  • Command Usage Counts: The number of times each command is used per user is tracked to support usage analytics. No command arguments or message content are stored for this purpose.
  • Deleted Messages (Snipe): When a message is deleted, the Bot temporarily stores the text content and author in memory only for up to 1 hour to support the snipe command. This data is never written to disk and is purged automatically. Users can exclude their messages from this cache at any time by enabling Snipe Privacy in /settings → Privacy & Tracking.
  • Message Log Snapshots: When a guild has a message log channel configured, the Bot stores a snapshot of each message (content, attachments, author ID) in the database for up to 24 hours. This is required so that the deletion log can still display message content if the Bot restarts between when a message is sent and when it is deleted. Snapshots are deleted automatically after 24 hours or immediately once the deletion is logged.
  • Moderation Logs: Bans, kicks, mutes, warns, and related actions are stored persistently as part of audit trail features.
  • Server Configuration: Settings such as prefix, log channels, automod rules, welcome messages, and feature toggles.
  • Server-Owned Records: Ticket transcripts, participant lists, and similar guild records may store user IDs, usernames, avatars, message content, and attachments when those features are enabled by server staff.

Data You Provide

  • Profile & Preference Information: Connected account usernames (for example Last.fm, Stats.fm, and ListenBrainz), birthday (month and day only, no year), timezone preference, self-assigned prefix, weather location, DM preferences, embed-color preference, and similar user settings stored only when you explicitly set or use them.
  • Highlight Keywords: Words or phrases you register with the highlight system. The Bot scans message content in channels you can access to match these keywords and notify you via DM. Keywords are stored per-user and can be removed at any time.
  • Reminders: Text and time stored until the reminder fires, then deleted.
  • Custom Commands & Autoresponders: Server-specific triggers and responses set by server administrators.
  • Personal Content: Todos, music ratings, music notes, music wishlist entries, and similar personal library or productivity data are stored only when you create them.
  • AI Conversation Memory: When you interact with Bloom's AI chat feature, the Bot may extract and store short factual summaries about you (e.g. preferences you mention) as persistent memory entries tied to your user ID. A maximum of 20 entries are kept per user; older entries are automatically replaced. This data is used solely to personalise future AI responses and is never used to train machine learning models. You can clear all AI memory at any time using the clearmemory command, and it is also deleted via the deletedata command.
  • Service Entitlements: If Bloom grants your account access to premium-only features, that entitlement state is stored against your user ID until removed or deleted.
  • Moderation Notes: Staff-added notes attached to user IDs for moderation purposes.
  • Tickets: Ticket content and transcripts may be stored if the ticket transcript feature is enabled by server administrators.

Spam & Scam Detection

The Bot may process the content of message attachments (including images) in memory to detect crypto scams and phishing attempts. This processing occurs entirely in memory; no image data or extracted text is stored. Only a numeric risk score is used internally to decide whether to flag the message.

Auto-Forward Feature

When the auto-forward feature is configured, the Bot reads messages sent in a source channel and re-posts them in a target channel. Only the message content and author are accessed; no additional data is stored beyond what Discord already retains.

AI Features & External Model Providers

When you use AI-powered features, Bloom may send your prompt and the minimum additional context needed to answer it to a configured model provider. Depending on the feature and deployment configuration, this can include your message text, limited recent conversation history, short AI memory entries stored for your user ID, replied-to message content, recent channel context fetched to answer a question about the current conversation, and images you attached to the AI request. Bloom currently supports Google Gemini, Anthropic Claude, OpenAI (as a fallback for certain AI requests), and Pollinations for legacy text/image generation commands. Bloom does not use your data to train its own models, but each third-party provider handles submitted content under its own terms and privacy policy.

Third-Party API Requests

When you use commands that interact with external services, your query (e.g. a search term or username) is sent to that service. We do not store these queries unless a feature explicitly stores the resulting setting or linked account. Services include:

  • Last.fm: Music listening history (linked by your Last.fm username)
  • Stats.fm: Linked username and music data
  • ListenBrainz: Linked username and music data
  • Spotify: Music metadata search
  • Music metadata providers: Services such as Deezer, MusicBrainz, Odesli/Songlink, Setlist.fm, and Ticketmaster for music discovery, metadata, links, and concert lookups
  • YouTube Data API: Video search queries
  • Giphy: GIF search terms
  • OpenWeatherMap: Location strings for weather lookup
  • Search/content providers: Services such as Wikipedia, Urban Dictionary, NASA, Reddit, Twitch, GitHub, Roblox, DuckDuckGo, and similar public APIs used by the command you invoke
  • AI providers: Google Gemini, Anthropic Claude, OpenAI, and Pollinations as described above
  • Piston API: Code submitted to the run command is sent to the Piston sandboxed execution service

Each of these services has its own privacy policy. We are not responsible for their data handling.

How We Use Your Data

  • Service operation: Execute commands, enforce server settings, and deliver features.
  • Personalization: Remember your preferences (timezone, connected accounts, DM settings, AI memory, music library preferences, etc.).
  • Moderation: Track infractions and provide server staff with audit history.
  • Analytics: Provide server administrators with aggregate activity statistics. Raw message content is never stored for analytics.
  • Notifications: Send highlight DMs, birthday announcements, reminders, and bump reminders.
  • AI assistance: Answer AI prompts and, when necessary, provide the model with limited conversation context needed to respond.

We do not sell, share, or disclose your data to advertisers, data brokers, or any third parties beyond what is required to operate the features you use.

Data Retention

Temporary (in-memory only, never written to disk)

  • Snipe cache: Deleted message content held for up to 1 hour, then automatically discarded. Users with Snipe Privacy enabled are excluded from this cache entirely.
  • API response cache: Up to 15 minutes
  • Rate-limit tracking: Cleared after the rate-limit window expires

Persistent (stored in database)

  • User preferences, linked accounts, todos, and music library data: Retained until you request deletion or remove them
  • Server configuration: Retained until modified, deleted, or the Bot is removed
  • Moderation records: Retained until manually cleared by an authorized administrator
  • Message activity counts: Retained unless reset by an authorized administrator; raw message content is not stored
  • Member count history: Retained per guild until deletion is requested
  • Nickname history: Automatically deleted after 30 days
  • Command usage counts: Retained unless reset or deletion is requested
  • AI memory entries: Retained until cleared, replaced by newer entries, or deleted
  • Ticket transcripts and similar guild-owned records: Message content and metadata within tickets are retained for the lifetime of the ticket as a server support and moderation record. This data is stored only when the ticket feature is explicitly enabled and configured by a server administrator. Server staff may delete individual tickets at any time; all ticket data is purged when guild data is removed after bot removal.

Automatic Cleanup

  • Reminder data is deleted immediately after delivery
  • Temporary files (e.g. generated images) are deleted immediately after sending
  • Message log snapshots are deleted automatically after 24 hours or immediately once the deletion is logged
  • Role snapshots for leaving members are deleted automatically after 24 hours
  • Nickname history entries are automatically deleted after 30 days
  • When Bloom is removed from a server, all server-specific configuration and data (moderation cases, custom commands, analytics, leveling, etc.) is retained for 30 days to allow recovery if the bot is accidentally removed and re-invited. After this grace period, all data for that server is permanently deleted. User-global data (e.g. Last.fm username, birthday, timezone) is not affected as it is not server-specific.

Data Security

  • Encryption at rest: The database and all data files are stored on a fully encrypted volume on the host system
  • Access: Operational access to stored data is limited to the bot operator and the bot process on the host system
  • Transport: All communication with Discord and third-party APIs occurs over HTTPS/TLS
  • Retention controls: Bloom uses automatic cleanup for temporary data such as reminders, message log snapshots, short-lived caches, and other time-limited records

Your Rights & Choices

Data Access

You may request a summary of what data we hold for your user ID by opening a ticket in our support server.

Data Deletion

You can delete Bloom's user-linked personal data for your account by running the deletedata command or using /settings and selecting Delete All Data. This removes linked accounts, preferences, highlights, reminders, todos, AI memory, music library data, message and command stats, friends list, premium entitlement state, and similar user-scoped records tied directly to your user ID. Some guild-owned records are preserved after user deletion where they are part of a server's moderation or support history, including moderation cases/warnings/notes and ticket transcripts retained by that server. Server administrators may request deletion of all data for their server by removing the Bot and, if needed, contacting support.

Highlight & Preference Removal

You can remove your highlight keywords, Last.fm link, birthday, timezone, and other preferences directly via Bot commands at any time.

Viewing This Policy

You can link to this policy at any time using the privacy command in any server where Bloom is present.

Opting Out

You have granular control over which per-user data the Bot collects. Open /settings and select Privacy & Tracking to manage the following toggles:

  • Message Activity Tracking — When disabled, the Bot stops recording your per-guild message counts, daily activity statistics, and per-user command usage. Server-level aggregate statistics (e.g. total server message volume) are unaffected. This toggle defaults to on.
  • Snipe Privacy — When enabled, your deleted messages are excluded from the snipe cache and cannot be retrieved by anyone using the snipe command. This toggle defaults to off (snipe allowed).

Server-configured moderation features — automod, edit/delete logging, word filters, and auto-responders — do not offer individual opt-outs. These are administrator-controlled server safety tools that apply equally to all members, comparable to Discord's own native AutoMod. If you wish to avoid all passive data collection, the most complete option is to ask a server administrator to remove the Bot or to leave servers where it is present. You may also contact us to have your user ID added to a block list, which causes the Bot to ignore all your messages and commands.

Children's Privacy

The Bot follows Discord's minimum age requirements (13+ globally, 16+ in certain regions per GDPR). We do not knowingly collect data from users below these thresholds. If you believe a minor's data has been collected, contact us immediately and we will delete it promptly.

Third-Party Services

The Bot integrates with Discord, music/metadata providers, AI/model providers, search/content providers, weather providers, and code-execution providers as described above. Each service operates under its own terms and privacy policy. We are not responsible for their data practices.

Contact

Policy Updates

We may update this policy when features change. Material changes will be announced in our support server. Continued use of the Bot after changes constitutes acceptance of the updated policy.

Last updated: 15 May 2026