BoxSRV - Privacy Policy

Quick Navigation

Data Controller Discord OAuth Discord Bot Server Logs Data Retention Your Rights

Data Controller

The responsible party for data processing on this website is:

Tiziano Santo Metzler

Bautzener Allee 59

02977 Hoyerswerda, Germany

+49 1590 1084284

[email protected]

Discord OAuth Login

BoxSRV uses Discord OAuth for authentication. When you log in with Discord, we receive and store the following information:

Discord User ID - Your unique Discord identifier (for account identification)
Username & Discriminator - Your Discord username (for display)
Avatar URL - Your profile picture (for display)
Email Address - Your Discord email (for account recovery and communication)
Server List - Servers where you have Administrator permissions (only to enable you to add servers to BoxSRV)

Purpose: Authentication, server management, and communication with server owners.

Legal basis: Art. 6 para. 1 lit. b GDPR (necessary for contract fulfillment - providing the service you requested).

Data sharing: This authentication process is handled by Discord. By logging in, you also agree to Discord's Privacy Policy.

Discord Bot Data Processing

When a server is listed on BoxSRV:

When you add your server to BoxSRV through our website, we store the following information:

Server ID - Unique identifier of your Discord server
Server Name - Automatically synced from Discord for display
Server Icon - Automatically synced from Discord for display
Server Description - As provided by you when adding the server
Server Category - As selected by you when adding the server

When anyone uses the `/bump` command:

Any user in a listed server can use the /bump command. When this happens, we collect:

User ID - Discord ID of the user who executed the bump command
Server ID - Which server was bumped
Bump Timestamp - Exact date and time of the bump

The bump count is calculated automatically from the bump timestamps to determine server rankings.

Purpose: To provide the ranking system, display your server on our platform, and calculate bump-based rankings.

Legal basis: Art. 6 para. 1 lit. b GDPR (necessary for providing the listing and ranking service).

What we DON'T collect: We do not access or store message content, member lists, member data, or any other information from your Discord server beyond what's listed above.

Server Logs

Our web server automatically collects and temporarily stores the following technical information when you visit our website:

IP address (anonymized)
Date and time of access
Requested page/resource
HTTP status code
Browser type and version
Operating system
Referrer URL (previously visited page)

Purpose: Security analysis, debugging errors, and ensuring the stability and availability of our service.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in ensuring the security and proper functioning of our service).

Retention: These logs are automatically deleted after 30 days or when overwritten by new logs.

Data Retention

We store your data as follows:

Account Data (Discord OAuth):

Stored as long as your account exists. You can request deletion at any time by contacting us or deleting your account.

Server Listings:

Stored as long as the server is listed on BoxSRV. You can remove your server at any time through your account dashboard.

Bump History:

Stored permanently for historical ranking data and statistics. Individual bump records are tied to your server listing.

Server Logs:

Automatically deleted after 30 days or when overwritten by new logs due to storage rotation.

Cookies & Session Storage

We use only essential cookies necessary for the website to function. No tracking, analytics, or advertising cookies.

Session Cookie (Essential)

Keeps you logged in and maintains your session state while using BoxSRV.

laravel_session • Duration: Session (cleared when you close your browser)

CSRF Token (Essential)

Security token to protect against cross-site request forgery attacks.

XSRF-TOKEN • Duration: Session

These cookies are technically necessary for the operation of the website and cannot be disabled. We do not use any tracking, analytics, or advertising cookies.

Your Rights Under GDPR

You have the following rights regarding your personal data:

Right to Access

Request a copy of all data we store about you

Right to Rectification

Correct any inaccurate or incomplete data

Right to Erasure

Request deletion of all your personal data

Right to Portability

Receive your data in a machine-readable format

Right to Object

Object to processing based on legitimate interests

Right to Complain

Lodge a complaint with your data protection authority

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

Third-Party Services

Discord Inc.

BoxSRV uses Discord's OAuth 2.0 API for authentication and Discord's Bot API for the bump functionality. When you use these features, your data is processed by Discord according to their privacy policy.

Data shared with Discord: When you log in or use our bot, Discord processes your authentication requests and bot interactions according to their terms.

View Discord's Privacy Policy

Note: We do not use any analytics services (like Google Analytics), advertising networks, or other third-party tracking services. Discord is the only third-party service we integrate with.

Infrastructure & Analytics Services

CloudFlare CDN & DDoS Protection

BoxSRV uses CloudFlare's Content Delivery Network (CDN) and DDoS protection services to ensure fast loading times and protect our platform from malicious attacks.

What CloudFlare processes:

IP address (for security and caching purposes)
System configuration information
HTTP headers and request data

Purpose: DDoS protection, content delivery, performance optimization, and security analysis.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in protecting our service and ensuring availability).

Data location: CloudFlare operates globally. Data may be processed in the EU and USA under appropriate safeguards.

View CloudFlare's Privacy Policy

Matomo Analytics (Self-Hosted, Cookieless)

We use Matomo, a privacy-friendly analytics platform, to understand how visitors use our website. Our Matomo instance is self-hosted on our own servers and configured to be completely cookieless and privacy-respecting.

100% Cookieless Tracking

No cookies are set by our analytics. We use privacy-friendly methods that do not require consent under GDPR.

What Matomo collects:

Anonymized IP address (last 2 bytes removed)
Pages visited and time spent
Referrer (where you came from)
Browser type and device information
General geographic location (country/region only)

Purpose: Understanding website usage patterns, improving user experience, and optimizing content.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in analyzing and improving our service).

Data storage: All analytics data is stored exclusively on our own servers in Germany. No data is shared with third parties.

Privacy configuration: IP anonymization enabled, Do Not Track respected, no cross-site tracking, no user profiling.

Our Matomo configuration does not require a cookie consent banner according to GDPR, as it operates completely without cookies and with full IP anonymization.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse:

HTTPS/TLS encryption for all connections

Secure password hashing (bcrypt)

Regular security updates

Protected database access

Firewall and intrusion detection

Regular automated backups

Despite these measures, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Questions About Privacy?

If you have questions about how we handle your data or want to exercise your rights, please contact us: