Ist TeraOne wirklich kostenlos?

Ja. Alle Module sind während der Startphase kostenlos. In Zukunft wird es optional Premium-Features geben, aber alle heute existierenden Module bleiben für bestehende Nutzer frei.

Welche Permissions braucht der Bot?

TeraOne fragt beim Einladen die Standard-Admin-Permissions an. Du kannst die Permissions im Discord-Rollen-Menü nachträglich reduzieren, wenn du nur bestimmte Module nutzt.

Kann ich Module einzeln aktivieren?

Ja. Jedes Modul hat im Dashboard einen eigenen Toggle. Aktive Module können jederzeit wieder deaktiviert werden, ohne dass Daten verloren gehen.

Wo werden meine Daten gespeichert?

Auf einem dedizierten Server in Deutschland. Nur die für die Funktion notwendigen Daten (Server-ID, Modul-Einstellungen) werden persistiert. Details in der Datenschutzerklärung.

Was passiert wenn ich den Bot entferne?

Beim Entfernen werden die Server-spezifischen Daten nach 30 Tagen automatisch gelöscht. Bis dahin kannst du TeraOne ohne Verlust wieder einladen.

Privacy Policy

As of: 23 April 2026 · Version 2.0

This privacy policy informs you about the nature, scope and purpose of the processing of personal data in connection with the TeraOne platform, consisting of the website tera-one.de, the dashboard at dashboard.tera-one.de, the “TeraOne” Discord bot and optional custom bots (together the “Service”).

Processing is carried out in accordance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Digital Services Act (DDG).

For any privacy-related questions, please contact us at info@appdealer365.de.

1. Controller

The controller within the meaning of the GDPR and other national data protection laws is:

App Dealer 365 GmbH Kurt-Zieger-Weg 2 14532 Stahnsdorf Germany Phone: +49 30 8878 680 E-Mail: info@appdealer365.de Registration Court: Amtsgericht Potsdam Commercial Register Number: HRB 361666

A data protection officer (DPO) is currently not designated (no statutory obligation under § 38 BDSG or Art. 37 GDPR). For any privacy request, please contact the email address above.

Supervisory Authority

The State Commissioner for Data Protection and the Right to Freedom of Information of the State of Brandenburg (LDA Brandenburg), Stahnsdorfer Damm 77, 14532 Kleinmachnow, Germany. Website: https://www.lda.brandenburg.de

2. What data we process (overview)

The specific data we process depends on how you use our service. We distinguish between the following main categories:

Discord master data: Discord user ID (snowflake), Discord username, avatar, locale preference.
Authentication data: OAuth2 access and refresh tokens (stored server-side in encrypted form), session JWT in an HttpOnly cookie, CSRF token.
Server and member data: Discord guild IDs, guild names, role assignments, member mapping (for servers where the bot is active).
Activity and moderation data: moderation actions (warn/mute/kick/ban), reasons, AutoMod match metadata, audit-log entries, XP and level data, optionally AntiAlt risk scores.
Configuration and content data: welcome messages, reaction-role embeds, uploaded banners / rank-card backgrounds.
Notification integration data: subscribed YouTube channel IDs, Twitch channel IDs, delivery history (public creator metadata).
DayZ killfeed data (only with module active): player Steam IDs, in-game names, kill/death events with weapon, distance and coordinates, as well as encrypted Nitrado API tokens of the server operator.
Technical log data: IP address, user agent, requested URL, timestamp, referrer, HTTP status codes (short-term, for operations and security).

3. Purposes and legal bases of processing

The processing activities, grouped by module:

a) Login and session (dashboard)

We use Discord OAuth2 to authenticate you in the dashboard. We store your OAuth tokens (access + refresh) and a session identifier server-side in encrypted form. Legal basis: Art. 6(1)(b) GDPR (performance of the user agreement).

b) Operating the bot in Discord servers

When the TeraOne bot is active in a Discord server, we process member metadata (user IDs, roles, join timestamps) and moderation events on behalf of the respective server operator. Legal basis: Art. 28 GDPR (processor); the server operator is the controller and we are the processor.

c) Moderation, AutoMod, Audit Log

If moderation and AutoMod are enabled, we process message metadata (not the message content at rest) for automatic rule application and log moderation actions in an audit log. Legal basis: Art. 28 GDPR on behalf of the server operator, plus Art. 6(1)(f) GDPR (server security).

d) AntiAlt (automated risk assessment)

The AntiAlt module evaluates newly joining members based on public profile features (account age, profile completeness, naming patterns, etc.) with a risk score and can trigger configured actions. If automatic actions (in particular kick or ban) are enabled, this constitutes an automated individual decision within the meaning of Art. 22 GDPR — details and objection options in section 8. Legal basis: Art. 6(1)(f) GDPR (legitimate interest of the server operator in server protection).

e) Leveling (XP system)

If leveling is active, we count chat activity and voice minutes and calculate XP + level. Leaderboards can be opted out per user. Legal basis: Art. 28 GDPR.

f) Welcome cards, reaction roles, auto roles

Configured embeds and uploaded assets are delivered to server members; roles are automatically assigned based on configuration or kept up to 90 days after leave (sticky roles). Legal basis: Art. 28 GDPR.

g) Custom-bot runtime

If you provide your own Discord bot token, we store it exclusively in encrypted form (AES-256-GCM) and use it at runtime for a custom-branded bot. Legal basis: Art. 6(1)(b) GDPR.

h) YouTube and Twitch notifications

We fetch publicly available creator metadata (channel name, avatar, video/stream info) via the YouTube Data API and Twitch Helix + EventSub and deliver notifications to the configured Discord channel. Legal basis: Art. 28 GDPR + Art. 6(1)(f) (service delivery).

i) DayZ killfeed

With the DayZ module enabled, we process kill-feed data fetched via your Nitrado server credentials. As server operator, you are responsible for informing your players about this logging. Legal basis: Art. 28 GDPR + Art. 6(1)(f) GDPR (legitimate interest of the server operator).

j) Staff panel (platform administration)

For platform integrity and abuse prevention, our moderators may suspend accounts or entire guilds. Every action is logged in a staff audit log. Legal basis: Art. 6(1)(f) GDPR + Art. 6(1)(c) (accountability obligations).

k) Technical operating data

For rate-limit enforcement, abuse detection and error handling, we process IP addresses, user agents and access timestamps. This data is deleted after at most 14 days. Legal basis: Art. 6(1)(f) GDPR.

4. Recipients and processors

We exclusively use carefully selected processors to deliver the service, each under a data processing agreement (DPA) pursuant to Art. 28 GDPR. Customers (Discord server operators) who deploy TeraOne in their server and thereby have personal data of their members processed by us can also sign a DPA with us — template available on request.

An up-to-date list of our sub-processors is available at: tera-one.de/legal/subprocessors

5. Transfers to third countries

Some of our processors are based outside the European Economic Area, namely Cloudflare Inc. (USA), Discord Inc. (USA), Google LLC (USA, for the YouTube Data API), and Amazon / Twitch Interactive (USA).

Transfers are based on the EU-US Data Privacy Framework, supplemented by the EU Commission's Standard Contractual Clauses (SCC). Appropriate safeguards within the meaning of Art. 44 et seq. GDPR are thereby in place.

6. Storage period and deletion

We store personal data only as long as necessary for the respective purpose, or as long as a statutory retention obligation applies. The specific retention periods vary by module:

Session and login data: 30 days after last login.
Moderation and audit-log entries: 2 years by default.
AntiAlt case records: 90 days after decision.
Notification delivery history: 180 days.
Server hourly activity data: 90 days; member events: 365 days.
Technical web logs: 14 days.
Staff audit log: 5 years (accountability).

When the bot is removed from a Discord server, server-related data is routinely deleted, unless a pending dispute or statutory retention obligation applies. You can request deletion of your dashboard data at any time (see section 7).

7. Your rights as a data subject

You have the following rights:

Right of access (Art. 15 GDPR) – You may request confirmation as to whether and what personal data we process about you.
Right to rectification (Art. 16 GDPR) – You may request correction of inaccurate data.
Right to erasure (Art. 17 GDPR) – Under the conditions stated there, you may request the deletion of your data.
Right to restriction of processing (Art. 18 GDPR).
Right to data portability (Art. 20 GDPR) – You may request a structured, machine-readable copy of your data.
Right to object (Art. 21 GDPR) against processing based on legitimate interests.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR) – competent for us: LDA Brandenburg (see section 1).

Please direct any requests to info@appdealer365.de. We will generally respond within one month. Additionally, we are providing in-dashboard self-service functions for export and deletion (in implementation).

8. Automated decisions (AntiAlt and Art. 22 GDPR)

As part of the optional AntiAlt module, the server operator can choose to have newly joining members automatically evaluated based on a risk score and, depending on the score, automatically placed into a quarantine role, kicked, or banned. This constitutes an automated individual decision within the meaning of Art. 22(1) GDPR.

The decision is based on public profile features (e.g. account age since creation, avatar and banner availability, name heuristics, join-cluster rates). The score breakdown is visible in the mod-team channel and in the dashboard.

You have the right to contest such a decision and to request human review. Please use the verification channel provided by the server operator, or contact your server's moderation team. At the platform level, you can reach us at info@appdealer365.de.

Notice pursuant to Art. 50 of the EU Artificial Intelligence Regulation (AI Act, applicable from 2 August 2026): the AntiAlt assessment is performed by an automated system. Moderators of your server can review and override every decision.

9. Cookies and similar technologies

We use only strictly necessary cookies and local-storage entries within the meaning of § 25(2)(2) TTDSG (German Telecommunications and Telemedia Data Protection Act). We do not set any tracking, advertising or analytics cookies.

session – HttpOnly cookie with your encrypted session reference (30-day lifetime).
csrf – CSRF protection token (double-submit cookie).
oauth_state – short-lived login-CSRF protection (5-minute lifetime).
tera_locale – language preference (de / en).

10. Data security (TOMs)

We implement state-of-the-art technical and organisational measures to protect your data against loss, manipulation and unauthorised access. These include in particular:

Transport encryption (TLS 1.3) for all connections to the website, dashboard and API.
Encryption of sensitive tokens (Discord bot tokens, Nitrado API tokens) with AES-256-GCM.
Strict role- and permission-based access control in the dashboard, as well as CSRF protection, rate limiting, and OAuth state verification.
Regular backups, monitoring and incident-response procedures.

A detailed description of the TOMs is part of our DPA template and is provided to business customers on request.

11. Changes to this privacy policy

We update this privacy policy when the legal framework, our data processing, or the processors we use change. The current version is always available at tera-one.de/legal/privacy. Material changes will additionally be announced in the dashboard or by notification.

← Back to homepage