QuranBot is designed with a privacy-first architecture. We collect only the absolute minimum data required for
functionality and do not store message content or sensitive personal identifiers. This bot is not affiliated with
Discord Inc.
No message content storage
No personal data selling
Immediate deletion upon request
Welcome to QuranBot. We respect your privacy and are committed to transparent, minimal data
handling. This policy outlines exactly what we collect, how we process it, and your rights under applicable data protection
laws.
1. Information We Collect
We collect only the minimal data required for core functionality:
Server Identifiers: Guild ID and Owner ID for basic configuration mapping
User Metadata: We collect limited Discord-provided identifiers (such as User ID and Username)
strictly for functionality. We do not collect sensitive personal data.
Channel References: Channel IDs for voice and azkar automation channels
Playback State: Current playback mode and reciter selection per guild
Control Preferences: Admin/everyone toggle and UI navigation state
Support Data: Feedback submitted voluntarily via the in-bot form
Basic Telemetry: Aggregated, anonymized command counts for stability monitoring
Admin Access Logs: Timestamped records of administrative actions performed by authorized developers
via the admin panel
2. What We DON'T Collect
We explicitly do not collect, store, or process:
Message content, attachments, or voice data beyond functional triggers
Sensitive personal data such as email addresses, phone numbers, or IP addresses
Payment information (the bot is entirely free and open-source)
Biometric data, browsing history, or cross-application tracking
Any data not directly required for Quran streaming, azkar automation, or bot operation
User message history, DMs, or private conversations
Audio recordings or transcriptions of voice channel activity
3. Legal Basis for Processing
All data processing is grounded in minimal, purpose-limited bases:
Contractual Necessity: Processing required to execute /إعداد, playback, and channel management per
server configuration
Legitimate Interest: Maintaining bot stability and preventing abuse via basic rate limits
Explicit Consent: Voluntary feedback submission and public statistic opt-ins
Compliance: Minimal retention required for essential service operation
4. How We Use Information
Collected data powers only essential operations:
Operating core bot functions: Quran recitation streaming, radio playback, and azkar automation
Saving guild settings to Firebase Realtime Database and Redis Cache for automatic restoration after bot restarts
Managing voice connections via Lavalink v4 nodes and playback state across multiple guilds simultaneously
Responding to voluntary feedback submitted via the dedicated in-bot form
Improving bot performance through basic, anonymized usage metrics
Executing automated tasks: azkar messages every 30 minutes, radio health checks every 30 minutes, and state backups
every 5 minutes
Publishing general statistics on platforms like Top.gg including server count and voice connections
Maintaining basic cooldown systems to prevent command abuse
Admin Panel Operations: Authorized developers may access aggregated, non-personal data strictly
for:
Monitoring bot health and performance across all deployed servers
Responding to support requests and technical issues
Performing maintenance tasks such as server cleanup or configuration updates
Analyzing usage patterns to guide feature development (using anonymized data only)
5. Data Retention Policy
We enforce strict, minimal retention windows:
Voluntary feedback data is stored temporarily until the reported issue is resolved. If resolved, data is
purged immediately. If unresolved, data is retained for a maximum of
90 days, after which it is permanently deleted.
Guild setup data persists only while the bot remains in the server
Basic usage metrics are aggregated and anonymized after 30 days
Local backups are compressed and destroyed after successful Discord channel delivery
Data for guilds the bot has left is automatically cleaned through periodic maintenance cycles
Admin access logs are retained for 180 days for security audit purposes, then automatically purged
6. Children Privacy & COPPA Compliance
Age Requirement: Users must meet Discord's minimum age requirement (13+ years old), in compliance with
the Children's Online Privacy Protection Act (COPPA) and Discord's Terms of Service .
We rely on Discord's built-in age verification system and do not independently verify user ages. We do not knowingly
collect data from users under 13. By using the bot, server owners confirm that all interacting users meet Discord's
minimum age requirement. The bot is not intended for use by individuals under 13.
7. Third-Party Sharing
We do not sell, rent, or trade your data under any circumstances. Third-party integrations are strictly functional:
Discord API for platform interaction, command handling, and voice channel management
Firebase Realtime Database for persistent storage of guild settings and user
preferences
Redis Cache for fast-access state management and distributed runtime data
mp3quran.net API for fetching Quran recitations and radio station lists
aladhan.com API for retrieving prayer times based on geographic coordinates
GitHub Pages for hosting static azkar resources
Top.gg for publishing aggregated, anonymized bot statistics
We are not responsible for
the availability or accuracy of third-party services. Each third-party service has its own privacy policy and we
recommend reviewing their policies separately.
8. Security Measures
We implement essential protections:
All API communications use
HTTPS with certificate validation
Firebase security rules restrict database access to authorized bot operations
Environment variables containing sensitive credentials are loaded securely
Input validation is applied to all user-submitted data including modal forms and command arguments
We actively monitor and prevent abuse, spam, and excessive usage through automated safeguards, rate limiting, and
interaction cooldowns
Regular automated backups ensure data integrity and enable recovery from accidental loss
Memory management routines prevent data leakage through proper cleanup of runtime objects
Admin Access Controls: SPE_USER_ID verification occurs securely server-side on every admin
interaction; no client-side bypass is possible. Administrative access is strictly limited to authorized developers
and cannot be accessed by server owners or third parties.
9. Automated Processing
The bot performs the following essential background operations:
Azkar messages sent to configured channels every 30 minutes
Radio stream health checks run every 30 minutes to ensure playback reliability
State persistence saves guild data to Firebase every 60 seconds
Automated backups compress and archive database contents every 5 minutes
Memory cleanup routines execute every 3 minutes to release unused resources
Statistics updates sync basic usage metrics to Firebase every 10 seconds
All automated tasks can be disabled per-guild by removing the bot
10. Your Rights & Data Control
You retain full control over your data:
Right to Access: Request a summary of stored data for your guild
Right to Deletion: Request immediate data deletion by contacting us directly on our
Discord Support Server
or via the in-bot complaint system
Right to Opt-Out: Disable automated features like azkar messages by adjusting channel settings
Right to Correction: Update inaccurate guild settings through bot commands
All requests are processed within 7 business days
11. Admin Panel Data Access & SPE_USER_ID Verification
The QuranBot administrative panel is a restricted interface accessible only to
explicitly authorized developers. Access control is implemented via the
SPE_USER_ID environment variable:
Verification Mechanism: Every admin panel interaction triggers a secure server-side check against
the SPE_USER_ID list. Access is denied if the requesting Discord user ID is not present
Data Visibility: Authorized developers can view:
Aggregated server counts and voice connection statistics
Guild metadata (ID, name, owner ID) for support and maintenance purposes
Voluntary feedback submissions with associated Discord user metadata
Basic usage metrics (command counts, feature adoption) in anonymized form
What Admins Cannot Access:
Private message content, voice recordings, or user DMs
Personal identifiers beyond Discord-provided metadata (no emails, IPs, or real names)
Individual user behavior tracking or profiling data
Any data not explicitly required for bot operation or support
Audit Logging: All admin panel actions are logged with timestamp, user ID, and operation performed.
Logs are retained for 180 days for security auditing and then automatically purged
Revocation: Developer access can be immediately revoked by updating the SPE_USER_ID environment
variable and restarting the bot instance. No persistent credentials are stored
Security Assurance: The SPE_USER_ID verification system is implemented entirely server-side.
Client-side manipulation, token spoofing, or Discord permission escalation cannot bypass this check. All admin
interactions are securely verified server-side against the authorized ID list before execution
.
12. International Data Transfers
Data may be processed on servers located in regions such as the United States or EU depending on infrastructure
providers such as Firebase. We ensure that all transfers comply with applicable data protection laws.
13. Contact & Changes
We may update this policy to reflect bot improvements or regulatory shifts:
Material changes will be announced via the bot support channel or in-bot notifications
Continued use after updates constitutes acceptance of revised terms
Previous versions may be requested via email or the in-bot system
Users may be contacted via Discord Direct Messages only in response to user-initiated support requests or complaints
Data Controller
Data Controller: mgv-hub (QuranBot Developer), Egypt | Discord: @mgv150
Direct Support
For privacy inquiries, data deletion requests, or general support: