Moderation Easy Privacy Policy

Last updated: 2026-03-29

This Privacy Policy explains how Moderation Easy processes information through its moderation platform, including the administration panel, backend APIs, supported client integrations, real-time update systems, marketing pages, and related operational tooling (collectively, the "Service").

1. Scope and privacy roles

Moderation Easy is primarily a business-to-business moderation platform used by server operators, communities, and organizations.

Because of that, privacy roles may differ depending on context:

  • For organization-managed community and player data, Moderation Easy typically acts as a service provider / processor on behalf of the Organization that operates the tenant.
  • For staff-account, admin-access, marketing-site, billing/commercial, and service-security data, Moderation Easy may act as a controller or equivalent independent business role.
  • For data disclosed to third-party services at an Organization's direction (for example Discord webhooks, external storage, or configured identity systems), the receiving third party may act under its own privacy terms.

If you are a player or community member whose data is processed through an Organization's Moderation Easy tenant, your first point of contact should usually be that Organization.

2. The categories of information we process

We process the following categories of information, depending on which parts of the Service are enabled and how an Organization uses them.

2.1 Staff, admin, and identity data

This may include:

  • OIDC/OAuth subject identifiers and external account IDs;
  • usernames and display names;
  • email addresses mirrored into the organization user directory;
  • organization membership records;
  • role assignments and direct permissions;
  • linked-account status and verification state;
  • session-related and authentication-related data needed to maintain logged-in admin access; and
  • security-related timestamps such as account updates, login state changes, or token-expiry handling.

2.2 Organization and configuration data

This may include:

  • organization name and in-game display name;
  • organization owner identifier;
  • optional external URLs such as an appeal link;
  • punishment defaults, broadcast preferences, report reasons, cooldowns, and false-report rules;
  • premade punishments and reusable moderation presets;
  • chat-filter settings, blocked command patterns, mute-related settings, and other client configuration;
  • GUI definitions, GUI elements, actions, layouts, and permission groups;
  • message-template overrides and placeholder content;
  • track definitions, step requirements, reasons, durations, and assignments to roles or members; and
  • other moderation, staff-guide, or operational settings saved inside the tenant.

2.3 Player and platform identity data

This may include:

  • player usernames;
  • platform-specific UUIDs or identifiers;
  • internal hashed player IDs;
  • platform information, including Minecraft Java, Minecraft Bedrock, Discord, or other supported platforms;
  • linked-account relationships between a player account and a staff user's organization membership; and
  • player identifiers reflected in reports, punishments, proofs, or log-ingest events.

2.4 Punishment and moderation-record data

This may include:

  • punishment type (such as ban, mute, warn, or kick);
  • reasons, timestamps, duration, expiry, and delivery status;
  • track and track-step associations;
  • revocation status, reason, actor, and timestamps;
  • IP-punishment flags and related IP references;
  • proof summary fields and other derived moderation metadata; and
  • batch action data or other administrative moderation history.

2.5 Proof, evidence, and uploaded-file data

This may include:

  • text proof content;
  • uploaded files and their metadata, such as original filename and media type;
  • stored file paths or object-storage references;
  • previews, download links, or signed URLs generated for access;
  • version history for proof content; and
  • summaries or derived metadata created from proof content.

Proof and evidence may be stored locally or in configured object-storage providers, including local filesystem storage, Amazon S3, or Cloudflare R2, depending on deployment.

2.6 Report data

This may include:

  • reporter and reported player identifiers;
  • reason and additional details text;
  • attachments or attachment references submitted with reports;
  • report resolution and actioning metadata;
  • statistics related to reporter reliability or false-report history; and
  • recent or featured report status within an Organization.

Report creation is typically performed through authorized integrations or service accounts associated with an Organization, rather than through direct player web login.

2.7 Chat-filter, chat-history, and log-ingest data

This may include:

  • original player messages;
  • matched content and rule/pattern metadata;
  • severity scores, tags, exceptions, and action taken;
  • whether a punishment was created from a violation;
  • server name, event time, and source references;
  • ingested chat events from supported clients;
  • parsed event data, indexed data, and rule/type matches; and
  • raw payloads, where raw-payload storage is enabled for a log-ingest flow.

2.8 IP, network, and risk data

This may include:

  • current IP addresses received from supported clients during player upsert or synchronization;
  • hashed IP-root identifiers and player-to-IP relations;
  • country, city, ASN, VPN/proxy, or suspicious-network indicators;
  • duplicate-IP analysis results and confidence scoring; and
  • IP-root references used for IP-based punishments or risk analysis.

2.9 Service account, API, and impersonation data

This may include:

  • Service Account names and descriptions;
  • service-account roles and direct permissions;
  • API key IDs, hashed secrets, labels, expiry dates, and last-used timestamps;
  • do-as and as-player attribution metadata;
  • action metadata showing how an action was attributed in audit logs; and
  • request metadata needed to authenticate or authorize an API call.

2.10 Discord and other integration data

This may include:

  • Discord webhook URLs and subscribed event selections;
  • Discord bot credentials and configuration, including application ID, public key, bot token, guild IDs, and channel IDs;
  • linked Discord platform identities;
  • role-sync-related identifiers or group names; and
  • content sent to Discord channels, webhook endpoints, or interaction handlers at your direction.

2.11 AI-feature data

If AI Features are used, we may process and submit relevant content to a configured model provider or gateway. Depending on the feature, that may include:

  • punishment reasons and history;
  • proof text and proof summaries;
  • player notes;
  • report reasons, details, reporter history, and reported-player history;
  • track configuration text;
  • staff-guide content; and
  • prompts, structured outputs, and AI-generated summaries or recommendations.

When AI Features are enabled, backend AI calls are made through a configurable OpenAI-compatible endpoint. The configuration can route requests to multiple upstream model providers or gateways.

AI Features are not always enabled, and not all data is sent to AI systems. AI processing generally occurs only when a relevant AI-assisted feature is used.

2.12 Audit, security, and operational data

This may include:

  • audit-log entries covering moderation, organization, proof, note, GUI, report, account-linking, chat-filter, and other actions;
  • actor, entity, label, timestamp, and action details;
  • version history for notes, proofs, and other auditable objects;
  • source IP processing for abuse prevention and rate limiting;
  • service diagnostics and exception logs; and
  • cached or queued data used to improve performance or preserve service integrity.

2.13 Marketing-site and public website request data

The marketing pages are informational and pricing pages deployed on Cloudflare Workers. When those pages are accessed, we may process ordinary request metadata such as:

  • IP address;
  • user agent;
  • date/time of request; and
  • requested URL or basic server logs.

2.14 Billing and payment data

If you subscribe to a paid plan, we may process billing-related information, including:

  • subscription status and plan tier;
  • billing contact details (name, email, organization name);
  • payment method tokens or references (we do not store complete payment card numbers);
  • transaction records, invoices, and payment history; and
  • usage data for metered billing or overage calculations.

Payment processing is handled by a third-party payment processor. This policy will be updated with the processor name before processing any payments.

3. Where information comes from

We collect or receive information from:

  • Organization administrators, moderators, and other staff users;
  • supported game-server or proxy clients, including Paper and Velocity;
  • service accounts, bots, webhooks, and API integrations configured by an Organization;
  • linked-account workflows and external identity providers;
  • Discord and other third-party platforms connected by an Organization;
  • configured IP-intelligence or abuse-detection providers;
  • our infrastructure, logs, caches, and security systems; and
  • ordinary traffic to any Moderation Easy-operated website or interface.

4. How we use information

We use information to:

  • provide, secure, and operate the Service;
  • authenticate users and maintain organization-scoped access control;
  • create, deliver, revoke, and audit moderation actions;
  • process reports and moderation-related workflows;
  • synchronize updates to authorized clients and integrations;
  • deliver organization broadcasts, punishment broadcasts, and other configured moderation messages;
  • store and serve proof or evidence;
  • apply chat filters, violation alerts, and track-based automation;
  • maintain player, role, template, GUI, and organization configuration data;
  • support account linking and external identity relationships;
  • generate AI summaries, structured outputs, and operator assistance;
  • query, index, and review log-ingest events;
  • send webhooks, Discord notifications, or other customer-configured disclosures;
  • enforce rate limits, detect abuse, and preserve service integrity;
  • measure and administer plan limits, usage allowances, or commercial terms where applicable; and
  • comply with legal obligations and resolve disputes.

5. Legal bases

Depending on the context and applicable law, we process information under one or more of the following legal bases:

  • performance of a contract;
  • legitimate interests in operating, securing, and improving the Service;
  • compliance with legal obligations;
  • consent, where required and obtained; and
  • instructions from an Organization acting as controller of its community data.

Organizations using Moderation Easy are responsible for ensuring they have an appropriate legal basis for the community and player data they submit to the Service.

6. When we disclose information

We may disclose information in the following circumstances:

6.1 Within the relevant Organization

Customer Data may be visible to the Organization's authorized admins, moderators, helpers, Service Accounts, linked users, or in-game client integrations according to that tenant's permissions and settings.

6.2 To customer-configured destinations

If an Organization configures webhooks, Discord channels, bots, message broadcasts, or other integrations, relevant data may be sent to those destinations at the Organization's direction.

6.3 To infrastructure and subprocessors

We may use providers such as:

  • Railway for hosting backend services, PostgreSQL, Dragonfly/Redis, LiteLLM, list-vpn-service, and related internal services;
  • Cloudflare for DNS/CDN, Workers-hosted landing pages, and R2 object storage where enabled;
  • Logto or another configured OIDC provider for staff authentication;
  • AI gateways and upstream model providers reached through the configured AI endpoint or LiteLLM setup;
  • Discord, Crafatar, Coconut.co, and customer-configured webhook or bot destinations where those features are enabled;
  • AWS S3, Cloudflare R2, or local filesystem storage for proofs/files, depending on deployment;
  • IP-intelligence or abuse-detection providers such as list-vpn-service, vpnapi.io, IpInfo, Team Cymru, or similar configured providers; and
  • a payment processor for subscription and usage-based billing (provider to be named at launch).

Payment processing is planned. This policy will be updated with the provider name before processing any payments.

6.4 For legal, security, and abuse-prevention reasons

We may disclose information where reasonably necessary to:

  • comply with law or lawful requests;
  • enforce our terms and protect the Service;
  • investigate abuse, fraud, harassment, or unauthorized access;
  • protect users, players, staff, or the public; or
  • preserve evidence for disputes or security incidents.

6.5 In a business transaction

We may disclose information in connection with a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, subject to appropriate confidentiality and lawful handling.

7. International transfers

The Service may be hosted in, or accessed from, multiple jurisdictions. Information may be transferred to and processed in countries other than the country where it was collected, including where our infrastructure, providers, or customer-configured integrations operate.

Where required, we will use appropriate transfer mechanisms and safeguards.

8. Retention

We retain information as follows:

  • Punishments, reports, and audit logs: Retained indefinitely while your Organization is active, unless deleted by an Organization administrator or upon account termination.
  • Proof and evidence: Retained for the life of the associated punishment or report, including hidden or removed versions for audit integrity.
  • Chat filter violations and log ingest events: Retained according to Organization configuration and operational needs.
  • Backups: Retained for up to 90 days after deletion from primary systems.
  • Service Account and API key metadata: Retained for security and abuse prevention purposes.
  • Billing records: Retained for the longer of seven years or as required by applicable tax and accounting laws.

Upon Organization termination, Customer Data may be retained in backups, audit logs, or security holds for up to 90 days, after which it will be permanently deleted.

9. Security

We use a combination of technical and organizational measures intended to protect information, including:

  • role- and permission-based access controls;
  • tenant isolation;
  • OIDC/OAuth-based login for staff users;
  • hashed Service Account API-key secrets;
  • storage of configured integration credentials such as Discord bot tokens;
  • rate limiting and abuse controls;
  • audit logging and version history; and
  • signed or redirected access flows for certain stored files, depending on the storage backend.

No method of transmission, storage, or access control is perfectly secure. Organizations are also responsible for their own operational security, including secure handling of API keys, webhook URLs, imported content, linked accounts, and staff access.

10. Cookies, sessions, and similar technologies

The web administration experience may use essential session and authentication mechanisms to support login, logout, return URLs, token expiry handling, and secure access to authenticated routes.

We may also process source-IP or request metadata in security systems for rate limiting or abuse prevention.

If we add analytics, ad pixels, or non-essential cookies to the marketing site, this policy and any consent tooling will be updated accordingly.

11. Your choices and rights

Depending on your relationship to the Service and applicable law, you may have rights to access, correct, delete, restrict, port, or object to certain processing.

11.1 If you are an Organization admin or staff user

You may be able to access, update, or delete certain information directly through the admin UI or APIs, subject to your permissions.

11.2 If you are a player or community member

Please contact the Organization that operates the relevant server, network, or community first. That Organization generally determines the purposes and means of processing player/community data within its tenant.

11.3 If we act as controller

For controller-role data such as staff-account, marketing-site, or direct commercial-contact data, you may contact us using the details in the Contact section below.

We may need to verify your identity before responding to certain requests.

12. Children's and youth data

Moderation Easy is not designed as a direct-to-consumer children's service. However, organizations using the Service may operate communities that include minors.

Organizations are responsible for:

  • providing any required notices or consents;
  • configuring moderation, evidence, reporting, and log-ingest practices appropriately for their audience; and
  • avoiding unnecessary collection or disclosure of sensitive information about minors.

13. Third-party sites and services

The Service may link to or integrate with third-party systems, including external identity providers, Discord, storage providers, IP-intelligence services, and customer-configured URLs. Their privacy practices are governed by their own notices, not this Privacy Policy.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The updated version becomes effective when posted, unless a later effective date is stated.

If a change materially affects your rights and applicable law requires notice or consent, we will provide it in the manner required.