This privacy policy informs you about the nature, scope and purpose of the processing of personal data within BeatHaven in accordance with the EU General Data Protection Regulation (GDPR).
1417950116106604604 (referred to below as "the Bot")https://create.beathaven.net/*) and public upload/download/API endpoints operated for BeatHavenThe controller within the meaning of Art. 4 (7) GDPR is:
You can contact the controller at any time using the contact details above for questions regarding data protection or to exercise your rights as a data subject.
We process personal data only insofar as this is necessary to provide a functional service, operate the Discord community features, protect the service against misuse, and improve reliability. Personal data is processed where this is necessary to provide requested features, where you have provided the data to us, or where processing is permitted by law.
Depending on how you interact with the Bot, the website or the public API, we may process the following data:
!rank, !leaderboard, !clear, !ticketsetup and !sendcolor) and automated moderation checks. The level system does not store message text in our own database./usage and aggregated statistics shown through /statsbeathavenDelivery, used to remember whether generated maps should be sent to Discord, downloaded in the browser, or bothProviding the listed data is neither legally nor contractually required, but it is technically necessary to use individual features. If you do not provide the data, you will generally not be able to use the corresponding feature.
To provide the service we use third-party providers and platforms. When you use the corresponding features, data is transferred to these providers or processed through their infrastructure. We only transmit data that is necessary for the respective functionality.
The Bot is operated on the Discord platform provided by Discord, Inc., 444 De Haro Street, Suite 200, San Francisco, California 94107, USA (for users in the EU/EEA, services are provided by Discord Netherlands B.V.). When you interact with the Bot, Discord processes communication data, account data, server data, commands, messages, attachments and delivered files. Generated maps, support tickets, moderation actions and Bot replies are also processed and stored by Discord.
Legal basis: Art. 6 (1) (b) GDPR for requested Bot features and Art. 6 (1) (f) GDPR for moderation and server operation. Further information: https://discord.com/privacy.
All public HTTP traffic to BeatHaven domains and endpoints is routed through Cloudflare reverse proxies before reaching our origin servers. Cloudflare provides DNS, proxying, caching, TLS termination, DDoS protection and security filtering. In this role Cloudflare may process IP addresses, request metadata, headers, requested URLs, response metadata, security events and, where technically necessary to provide the proxy/security service, transmitted content such as uploaded or downloaded files.
We also use Cloudflare Turnstile on MP3 upload pages and Vulnus ZIP upload pages to protect one-time upload sessions against automated abuse. Turnstile may process client-side security signals such as IP address, TLS fingerprint, user agent header, sitekey, associated origin and challenge result data. The challenge may be invisible, non-interactive or visible depending on Cloudflare's risk assessment.
Legal basis: Art. 6 (1) (f) GDPR, our legitimate interest in secure, reliable and performant operation of the service and prevention of automated misuse of upload endpoints. Further information: https://www.cloudflare.com/policies/privacy/, https://www.cloudflare.com/cloudflare-customer-dpa/ and https://www.cloudflare.com/turnstile-privacy-policy/.
When you submit a YouTube URL via the /generate YouTube option, the YouTube generation feature or /yt-download, our server or auxiliary converter endpoint contacts YouTube/Google in order to retrieve public video information and, where requested, download and convert the audio to MP3. Your browser IP address is not sent directly by your browser for this step; the request is made from our server infrastructure. However, the submitted URL, video title/duration and resulting audio data are processed on our infrastructure.
Legal basis: Art. 6 (1) (b) GDPR. Further information: https://policies.google.com/privacy. You are responsible for ensuring that you have the necessary rights to download and convert the content you submit (see Terms of Service).
/rhythia-leaderboard and /rhythia-stats)For leaderboard and statistics commands, the Bot retrieves publicly available data from the Rhythia API (https://production.rhythia.com). These requests are made by our server, not by you directly; no personal data of the requesting Discord user is intentionally transmitted to Rhythia for these commands.
Legal basis: Art. 6 (1) (f) GDPR.
The Bot, website, generation workers, temporary file storage and database are operated on servers we control or administer. Technical access data, uploaded content, generated files, session data, logs, rate-limit data, level data and statistics data may be processed on this infrastructure for the purposes described above.
Legal basis: Art. 6 (1) (b) GDPR for requested features and Art. 6 (1) (f) GDPR for secure operation, logging and abuse prevention.
The website does not use cookies for advertising or cross-site tracking. The upload page uses the technically useful cookie beathavenDelivery to remember your selected delivery mode for up to 180 days. Session IDs are also used in upload/download URLs to authorise a specific upload or download. Cloudflare Turnstile may process browser and challenge signals on upload pages solely for bot detection and abuse prevention, not for advertising.
Under the GDPR you have the following rights with regard to personal data concerning you:
To exercise these rights, please contact us at [email protected]. Please include enough information for us to identify the relevant data, for example your Discord user ID and, if relevant, a session ID or approximate time of use.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR (Art. 77 GDPR).
We use appropriate technical and organisational measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. This includes session validation, one-time upload sessions, Cloudflare Turnstile bot protection for upload pages, file size and duration limits, temporary storage, access restrictions for internal APIs, and Cloudflare proxy/security services.
We do not use automated decision-making within the meaning of Art. 22 GDPR that produces legal effects or similarly significant effects. Some operational and moderation features act automatically, such as rate limits, invalid-session rejection, file validation and short Discord timeouts for prohibited language. You can contact us if you believe an automated action was incorrect.
We reserve the right to amend this privacy policy at any time in order to comply with current legal requirements or to reflect changes to our service. The updated privacy policy will apply on your next visit or next use of the service.