1. Overview

This Privacy Policy describes how Timely ("the bot", "we") collects, uses, and stores data when you interact with it on Discord. We are committed to handling your data responsibly and only collecting what is strictly necessary for the bot to function.

2. Data We Collect

When you use Timely, the following data is stored in a self-hosted database:

DataPurpose
Discord User IDIdentifying appointment requesters and participants
Discord Guild (Server) IDAssociating panels and appointments with a server
Discord Channel IDStoring the channel a panel is posted in
Discord Message IDTracking DMs sent by the bot for automatic deletion after 7 days
Appointment title & descriptionProvided by the user when creating an appointment request
Proposed time slots & timezoneProvided by the user during the scheduling process; the event timezone is stored alongside the selected time slots
Availability votesSubmitted by participants to indicate which time slots work for them
Personal timezone preferenceVoluntarily set by the user via /timely timezone; stored as an IANA timezone name (e.g. Europe/Berlin) to display appointment times in the user's local time

We do not collect:

Note on timezone data

The personal timezone preference (set via /timely timezone) is optional. It is stored as a standardised IANA timezone identifier and may indirectly indicate a user's approximate geographic region. This data is not shared with third parties and is used solely to convert appointment times into the user's preferred local display format.

Legal basis (GDPR): The processing of timezone preference data is based on Art. 6(1)(a) GDPR (consent), as the user actively and voluntarily provides this information by executing the command. Alternatively, Art. 6(1)(f) GDPR (legitimate interest) applies where the bot is operated for internal organisational scheduling purposes.

2a. Admin Dashboard Data

Timely includes an optional web-based admin dashboard. If the dashboard is enabled by a server administrator, the following additional data may be processed:

DataPurpose
Discord User IDIdentifying admin accounts and pending access requests
Discord usernameDisplaying the user's name in the admin interface
Discord avatar hashDisplaying the user's profile picture in the admin interface
Access request timestampRecording when a login attempt was made
Access approval statusRecording whether a request was approved, denied, or is pending
API key hash (SHA-256)Authenticating external applications via the REST API; the raw key is never stored
Session cookieMaintaining the logged-in state during a browser session (signed, stored client-side)
Guild membership & permissionsRetrieved via OAuth2 guilds scope at login to determine whether a user qualifies as a Guild Admin; not stored in the database beyond the session cookie

Discord OAuth2: The dashboard uses Discord's OAuth2 authentication with the identify and guilds scopes. The identify scope retrieves the user's ID, username, and avatar. The guilds scope retrieves the list of Discord servers the user belongs to and their permission flags within each server. This information is used exclusively to determine the appropriate access level (Timely Admin or Guild Admin) and is stored only in the signed session cookie for the duration of the browser session — it is not written to the database. No email address or message content is accessed.

The OAuth flow uses prompt=consent, which means Discord will ask the user to re-authorise the requested scopes on every login. This ensures the bot always has an up-to-date view of the user's server memberships.

Legal basis (GDPR): Processing of dashboard user data is based on Art. 6(1)(f) GDPR (legitimate interest in securing the administrative interface to an installed bot) and, for voluntarily added admin accounts, Art. 6(1)(a) GDPR (consent). The temporary processing of guild membership data via the guilds scope is based on Art. 6(1)(f) GDPR (legitimate interest in restricting dashboard access to authorised server administrators only). Access attempt records serve the legitimate interest of the server administrator in auditing who has attempted to access the administrative interface.

Retention: Admin account data and access request records are retained until explicitly deleted by an administrator via the dashboard or manage.py revoke-admin. Session cookies expire when the browser session ends. API key hashes are deleted immediately when a key is revoked.

The admin dashboard is an internal tool operated solely by the server administrator. End users of the Discord bot do not interact with the dashboard and their data is not additionally processed by it.

3. How We Use Your Data

Data is used exclusively to provide the scheduling functionality of Timely:

4. Data Retention

5. Data Sharing

We do not sell, trade, or share your data with any third parties. Data is stored exclusively in a self-hosted database controlled by the server administrator.

Google Calendar Integration

When a confirmed appointment is sent via DM, the message contains an optional "Add to Google Calendar" button. Clicking this button opens a URL on calendar.google.com with the appointment title, date, and description pre-filled as URL parameters. By clicking the button, this data is transmitted to Google's servers. Timely does not store any Google account information and has no access to your Google Calendar. Use of this feature is entirely voluntary. Google's own Privacy Policy applies to any interaction with Google services.

6. Data Security & Hosting

Timely stores data in a PostgreSQL database hosted in Germany, European Union. All data processing takes place within the EU and is subject to the General Data Protection Regulation (GDPR).

Security practices include strong access controls, encrypted connections, and regular backups. We recommend that any self-hosted instances follow the same standards.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

To exercise these rights, please contact the administrator of the Discord server you are using Timely on, or open an issue on the GitHub repository.

8. Children's Privacy

Timely is not directed at children under the age of 13. We do not knowingly collect data from children. If you believe a child has submitted data through the bot, please contact us so it can be removed.

9. Changes to This Policy

This Privacy Policy may be updated at any time. The date at the top of this document reflects the most recent revision. Continued use of the bot after changes are published constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or requests, please open an issue on the GitHub repository.