Privacy Policy

Data protection according to GDPR

Last updated: January 2026

Auf Deutsch lesen

Your Privacy Matters

BoxSRV is a Discord server list with advanced statistics. We collect data necessary to provide accurate rankings, activity insights, and security features.

Quick Navigation

Data Controller

The responsible party for data processing on this website is:

Tiziano Santo Metzler

Bautzener Allee 59

02977 Hoyerswerda, Germany

+49 1590 1084284

[email protected]

Discord OAuth Login

BoxSRV uses Discord OAuth for authentication. When you log in with Discord, we receive and store the following information:

  • Discord User ID - Your unique Discord identifier (for account identification)
  • Username & Discriminator - Your Discord username (for display)
  • Avatar URL - Your profile picture (for display)
  • Email Address - Your Discord email (for account recovery and communication)
  • Server List - Servers where you have Administrator permissions (only to enable you to add servers to BoxSRV)

Purpose: Authentication, server management, and communication with server owners.

Legal basis: Art. 6 para. 1 lit. b GDPR (necessary for contract fulfillment - providing the service you requested).

Data sharing: This authentication process is handled by Discord. By logging in, you also agree to Discord's Privacy Policy.

Discord Bot Data Processing

1. Server Information

When you add your server to BoxSRV through our website, we store basic server details:

  • Server ID, Name & Icon - Synced from Discord
  • Description & Category - Provided by you

2. Message Content & Activity Analysis

To provide advanced statistics, ensure platform quality, and maintain security, our bot processes messages sent in listed servers. We collect and process:

  • Message Content - Text content of messages sent in listed servers
  • Emoji Usage - Custom and standard emojis used in messages
  • Message Metadata - Timestamps, Channel IDs, and User IDs associated with messages

How we use this data:

Server Statistics

We analyze message content to generate "Top Emoji" leaderboards and activity graphs for your server page.

Activity Monitoring

We monitor message frequency to determine if a server is active. Dead or inactive servers may be automatically hidden from the list.

Anti-Spam & Security

We analyze messages to detect automated spam or malicious content to protect the BoxSRV ecosystem.

3. Bumping (Voting)

On BoxSRV, "Bumping" is equivalent to voting for a server. This action takes place directly on our website. Discord commands (e.g., /bump) serve as shortcuts that redirect users to the website to complete the process.

When you bump a server, we collect the following data to ensure fair rankings and improve service relevance:

  • User ID & Server ID - To assign the bump to the correct user and server
  • Timestamp - To enforce cooldown periods (limiting bumps per time period)
  • IP Address & Country (Geo-IP) - For security and regional categorization

Why we process Geo-IP data:

Fraud Prevention

We use your IP address to prevent vote manipulation, botting, and spam to ensure fair rankings for all servers.

Regional Relevance

We process your country location to suggest servers that are geographically or linguistically relevant to you, improving the discovery experience.

Legal basis: Art. 6 para. 1 lit. f GDPR (Legitimate Interest). Our legitimate interest lies in providing detailed analytics features requested by server owners, ensuring the quality of our list by filtering inactive servers, and preventing spam.

Privacy Note: While we process message content for these specific purposes, we do not sell message data to third parties. Private Direct Messages (DMs) are never accessed.

Server Logs

Our web server automatically collects and temporarily stores the following technical information when you visit our website:

  • IP address (anonymized)
  • Date and time of access
  • Requested page/resource
  • HTTP status code
  • Browser type and version
  • Operating system
  • Referrer URL (previously visited page)

Purpose: Security analysis, debugging errors, and ensuring the stability and availability of our service.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in ensuring the security and proper functioning of our service).

Retention: These logs are automatically deleted after 30 days or when overwritten by new logs.

Data Retention

We store your data as follows:

Account Data (Discord OAuth):

Stored as long as your account exists. You can request deletion at any time by contacting us or deleting your account.

Server Listings:

Stored as long as the server is listed on BoxSRV. You can remove your server at any time through your account dashboard.

Message & Activity Data:

Aggregated statistics (like Emoji counts) are stored permanently associated with the server. Raw message content is stored only as long as necessary for analysis and anti-spam verification.

Bump History:

Stored permanently for historical ranking data and statistics. Individual bump records are tied to your server listing.

Server Logs:

Automatically deleted after 30 days or when overwritten by new logs due to storage rotation.

Cookies & Session Storage

We use only essential cookies necessary for the website to function. No tracking, analytics, or advertising cookies.

Session Cookie (Essential)

Keeps you logged in and maintains your session state while using BoxSRV.

laravel_session Duration: Session (cleared when you close your browser)

CSRF Token (Essential)

Security token to protect against cross-site request forgery attacks.

XSRF-TOKEN Duration: Session

These cookies are technically necessary for the operation of the website and cannot be disabled. We do not use any tracking, analytics, or advertising cookies.

Your Rights Under GDPR

You have the following rights regarding your personal data:

Right to Access

Request a copy of all data we store about you

Right to Rectification

Correct any inaccurate or incomplete data

Right to Erasure

Request deletion of all your personal data

Right to Portability

Receive your data in a machine-readable format

Right to Object

Object to processing based on legitimate interests

Right to Complain

Lodge a complaint with your data protection authority

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

Third-Party Services

Discord Inc.

BoxSRV uses Discord's OAuth 2.0 API for authentication and Discord's Bot API for the bump functionality. When you use these features, your data is processed by Discord according to their privacy policy.

Data shared with Discord: When you log in or use our bot, Discord processes your authentication requests and bot interactions according to their terms.

View Discord's Privacy Policy

Note: We do not use any analytics services (like Google Analytics), advertising networks, or other third-party tracking services. Discord is the only third-party service we integrate with.

Infrastructure & Analytics Services

CloudFlare CDN & DDoS Protection

BoxSRV uses CloudFlare's Content Delivery Network (CDN) and DDoS protection services to ensure fast loading times and protect our platform from malicious attacks.

What CloudFlare processes:

  • IP address (for security and caching purposes)
  • System configuration information
  • HTTP headers and request data

Purpose: DDoS protection, content delivery, performance optimization, and security analysis.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in protecting our service and ensuring availability).

Data location: CloudFlare operates globally. Data may be processed in the EU and USA under appropriate safeguards.

View CloudFlare's Privacy Policy

Matomo Analytics (Self-Hosted, Cookieless)

We use Matomo, a privacy-friendly analytics platform, to understand how visitors use our website. Our Matomo instance is self-hosted on our own servers and configured to be completely cookieless and privacy-respecting.

100% Cookieless Tracking

No cookies are set by our analytics. We use privacy-friendly methods that do not require consent under GDPR.

What Matomo collects:

  • Anonymized IP address (last 2 bytes removed)
  • Pages visited and time spent
  • Referrer (where you came from)
  • Browser type and device information
  • General geographic location (country/region only)

Purpose: Understanding website usage patterns, improving user experience, and optimizing content.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in analyzing and improving our service).

Data storage: All analytics data is stored exclusively on our own servers in Germany. No data is shared with third parties.

Privacy configuration: IP anonymization enabled, Do Not Track respected, no cross-site tracking, no user profiling.

Our Matomo configuration does not require a cookie consent banner according to GDPR, as it operates completely without cookies and with full IP anonymization.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse:

HTTPS/TLS encryption for all connections
Secure password hashing (bcrypt)
Regular security updates
Protected database access
Firewall and intrusion detection
Regular automated backups

Despite these measures, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Questions About Privacy?

If you have questions about how we handle your data or want to exercise your rights, please contact us:

We typically respond to privacy-related inquiries within 30 days as required by GDPR.

Back to Home