GDPR Compliance

General Data Protection Regulation Information

Last updated: September 19, 2025

1. Introduction

Huddle is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and what rights you have as a data subject.

2. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Legitimate Interest (Article 6(1)(f)): To provide meeting coordination services and improve our bot functionality
  • Consent (Article 6(1)(a)): When you explicitly consent to use our services by adding the bot to your server
  • Contract Performance (Article 6(1)(b)): To fulfill our service obligations when you use premium features

3. Data Controller Information

Huddle acts as the data controller for personal data processed through our Discord bot service. You can contact us regarding data protection matters through our Discord support server.

4. Your GDPR Rights

Under GDPR, you have the following rights:

4.1 Right of Access (Article 15)

You have the right to obtain confirmation that we are processing your personal data and access to that data. You can request:

  • A copy of your personal data we hold
  • Information about how we process your data
  • Details about data sharing and retention periods

4.2 Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data. This includes:

  • Updating incorrect timezone settings
  • Correcting meeting information
  • Modifying user preferences

4.3 Right to Erasure (Article 17)

You can request deletion of your personal data when:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there's no other legal basis
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

4.4 Right to Restrict Processing (Article 18)

You can request restriction of processing when:

  • You contest the accuracy of personal data
  • Processing is unlawful but you don't want erasure
  • We no longer need the data but you need it for legal claims

4.5 Right to Data Portability (Article 20)

You can request your personal data in a structured, machine-readable format and transmit it to another controller when:

  • Processing is based on consent or contract
  • Processing is carried out by automated means

4.6 Right to Object (Article 21)

You can object to processing based on legitimate interests. You can also object to direct marketing at any time.

4.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time by removing the bot from your Discord server.

5. How to Exercise Your Rights

To exercise any of your GDPR rights:

  • Join our Discord support server
  • Create a ticket or contact a support team member
  • Clearly state which right you wish to exercise
  • Provide your Discord User ID for verification

Response Time: We will respond to your request within 30 days (may be extended to 60 days for complex requests).

6. Data Categories and Processing

6.1 Personal Data We Collect

Data Category Purpose Legal Basis Retention Period
Discord User ID User identification and service provision Legitimate Interest While bot is in use
Timezone Settings Meeting scheduling and notifications Consent While bot is in use
Meeting Data Meeting coordination and summaries Legitimate Interest 90 days after meeting
Server Information Service functionality and permissions Legitimate Interest While bot is in server

6.2 Special Categories of Data

We do not intentionally collect special categories of personal data (sensitive data) as defined in Article 9 of GDPR.

7. Data Transfers

Your data may be transferred outside the European Economic Area (EEA) for:

  • Discord Integration: Required for bot functionality through Discord's API
  • Cloud Hosting: Our service infrastructure may be hosted outside the EEA

Safeguards: We ensure appropriate safeguards through standard contractual clauses and adequacy decisions.

8. Data Breach Procedures

In the event of a data breach that poses a high risk to your rights and freedoms:

  • We will notify the relevant supervisory authority within 72 hours
  • We will notify affected data subjects without undue delay
  • Notifications will include breach details and recommended actions

9. Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you. Our bot processes commands and requests based on explicit user input only.

10. Children's Data

Our service is not intended for children under 13. We do not knowingly process personal data of children. If we become aware of such processing, we will delete the data immediately and may restrict service access.

11. Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we are not handling your personal data in accordance with GDPR.

12. Updates to GDPR Compliance

We may update our GDPR compliance procedures and this information page. Material changes will be communicated through our website and Discord support server.

13. Contact for Data Protection

For any GDPR-related questions or to exercise your rights: