If you use the public discord bot linked in the README, this notice serves as the documentation required for the Verified Discord Bot.
This is a bot that allows a Guild Owner to delegate assignment of a certain Role "Verified Role", to a group of trusted guild users assigned the "Trusted Role."
Based on main.go you can see what data is being stored. We will enumerate the data here for clarity.
WE DO NOT STORE MESSAGE CONTENT ANYWHERE IN THE SYSTEM. It is kept in-RAM while processing requests. Once the request pertaining to the message data is processed, we no longer have access to the message content.
Data is persisted to a local SQLite database to hold the state of the system between events. Configuration parameters are also persisted to the database.
We will store the following data in the database to provide the service:
- Guild ID related to all below fields.
- Member IDs for users who are pending verification. This ID is deleted once the verification has been completed.
- Role IDs for the Verified and Trusted Roles
- Channel IDs for notifying newcomers of pending approval actions, and notifying trusted members of pending moderation actions to complete.
- Message IDs generated by the Bot pertaining to moderation actions
The system writes diagnostic logs to a buffer. The buffer is flushed upon each redeployment of the service.
The diagnostic logs can contain all data referenced in the Persisted Data section.
To request a data deletion, please join the Support Guild with the same account as the Guild Owner. You may post a message in the chat requesting deletion of your Guild's data.
Upon receipt of this message, we will acknowledge, validate you are the guild owner, and proceed with the request.
Once the deletion is complete, we will not be able to recover your data.
We host the Bot in Azure Kubernetes Service. There is no incoming traffic configuration for the bot, the only way for us to administrate the bot is via Azure Portal or kubectl.
We use https://github.com/bwmarrin/discordgo.
Kubernetes API access is restricted to specific IP addresses, configured in Azure Portal. We do not accept API requests from unidentified sources.
Additionally kubectl calls are authenticated using the Certificate+Key pair generated for us by Azure Kubernetes Service. We can only recover the cert/key pair with a valid Microsoft account that has access to the Azure Subscription.
We use Kubernetes Secrets to handle the Bot's token.
Code can only be published to the Kubernetes cluster by me!
The sqlite database is stored on an Azure Managed Disk which is encrypted by default.
The discord account owning the Bot is protected with TOTP-based 2FA.
For any inquiries, please join the Support Guild and post a message. Alternatively you may raise an Issue on the Github Repo.