Legal

Privacy Policy

Last updated: May 24, 2026

01

Who We Are and How to Contact Us

Collab Reminder ("we", "us", "our") is operated as a personal project under German law. The service is accessible at https://collab-reminder.me. Legal contact information is available in the Imprint (Impressum) linked in the footer. For privacy-related enquiries, please use the support ticket system available on this website. We are the data controller for all personal data processed in connection with the Service.

02

Data We Collect and Why

We collect and process the following categories of data: (a) Discord account data — Discord user ID, username, display name, and avatar URL, collected when you authenticate via Discord OAuth2 to use the dashboard; (b) Guild (server) data — server ID, server name, and channel IDs, used to deliver reminders to the correct destination; (c) Collab and reminder data — titles, scheduled times, participant Discord IDs, timezone preferences, and reminder offsets you configure; (d) X/Twitter account data — OAuth2 access token, refresh token, token expiry, username/handle, and display name, collected only when you voluntarily link an account to enable auto-posting; (e) Billing data — Stripe customer ID, subscription ID, price ID, subscription status, billing period dates, and post quota usage, processed when you subscribe to the Pro Plan; (f) Session data — a signed session token stored in a cookie to keep you authenticated on the dashboard; (g) Technical and operational data — server-side logs containing IP addresses, request timestamps, and error traces, retained for security and debugging purposes.

03

Legal Basis for Processing (GDPR)

If you are located in the EU or EEA, we rely on the following legal bases under GDPR Article 6: (a) Contractual necessity (Art. 6(1)(b)) — processing your Discord account data, guild data, collab/reminder data, and session data is necessary to provide the Service you have requested; (b) Contractual necessity (Art. 6(1)(b)) — processing your X/Twitter OAuth tokens and billing data is necessary to perform the paid subscription contract and deliver Pro Plan features; (c) Legitimate interests (Art. 6(1)(f)) — processing operational logs and IP addresses for security monitoring, abuse prevention, and service integrity, where our interests are not overridden by your rights; (d) Consent (Art. 6(1)(a)) — for optional analytics cookies, only where you have explicitly accepted them via the cookie banner.

04

AI-Generated Content and OpenAI

When the Pro Plan auto-posting feature is active, collab metadata (title, participants, scheduled time) is transmitted to OpenAI's API to generate announcement text. This data is processed by OpenAI in accordance with their API data usage policy. We do not use your data to train AI models. We do not transmit personal data beyond what is strictly necessary for content generation. You can disable auto-posting at any time via the dashboard, which stops all further data transmission to OpenAI for your account. OpenAI's privacy policy is available at https://openai.com/policies/privacy-policy.

05

Stripe and Payment Processing

Payment processing is handled entirely by Stripe, Inc. When you subscribe, you are directed to Stripe's hosted checkout. We receive from Stripe: your Stripe customer ID, subscription ID, subscription status, billing period dates, and the price plan you have selected. We do not receive, store, or process your full card number, CVV, or bank account details at any point — these are handled exclusively by Stripe. Stripe acts as an independent data controller for payment data and their privacy policy is available at https://stripe.com/privacy. For questions about charges, invoices, or payment data, you may also use the Stripe Customer Portal accessible from your billing dashboard.

06

X/Twitter Auto-Posting

Linking your X/Twitter account is entirely optional and only required for Pro Plan auto-posting. When you link your account, we receive and store the OAuth or session tokens, token type, scope, expiry timestamp, username/handle, and display name. These credentials are stored encrypted in our database and used solely to post collab announcements on your behalf. We do not read your timeline, direct messages, followers, or any other platform data. You may revoke our access at any time by unlinking your account in the Collab Reminder dashboard or by revoking access in the relevant platform settings. Upon revocation, we delete your stored tokens within 30 days.

07

Data Sharing and Third-Party Processors

We do not sell personal data. We do not share personal data for advertising or marketing purposes. We use the following third-party processors who may receive limited personal data to deliver the Service: (a) Stripe, Inc. — payment processing and billing; (b) OpenAI, L.L.C. — AI content generation (Pro Plan only); (c) X Corp. — social media posting via OAuth2 (Pro Plan only); (d) our hosting provider — infrastructure for running the web application and database; (e) Sentry — error tracking and performance monitoring (anonymised stack traces and operational metadata). Where we share data with processors outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.

08

Data Retention

We retain your data for as long as necessary to provide the Service and comply with legal obligations: (a) Account and guild data — retained for the duration of your use of the Service and deleted upon account deletion request; (b) Collab and reminder data — retained for 12 months after the collab date, then deleted automatically; (c) X/Twitter tokens — deleted within 30 days of unlinking your account; (d) Billing records — retained for 10 years as required by German commercial and tax law (§ 257 HGB, § 147 AO); (e) Session tokens — expire after 30 days of inactivity; (f) Operational logs — retained for up to 90 days, then purged; (g) Sent reminder records — retained for 12 months for deduplication purposes.

09

Cookies and Analytics

We use a strictly necessary session cookie to maintain your authenticated state on the dashboard. This cookie does not require consent under GDPR as it is essential for the Service to function. If analytics cookies (such as those used by Google Analytics) are present, they are only activated upon your explicit consent via the cookie banner. You may withdraw consent at any time by clearing your cookies or adjusting your browser settings. We do not use tracking pixels, fingerprinting, or cross-site tracking. We also use Cloudflare Turnstile (an invisible bot protection widget) on some public forms; Cloudflare's Turnstile privacy policy is: https://www.cloudflare.com/turnstile-privacy-policy/

10

Your Rights Under GDPR

If you are located in the EU or EEA, you have the following rights regarding your personal data: (a) Right of access — request a copy of the personal data we hold about you; (b) Right to rectification — request correction of inaccurate data; (c) Right to erasure ("right to be forgotten") — request deletion of your data, subject to legal retention obligations; (d) Right to restriction — request that we restrict processing of your data in certain circumstances; (e) Right to data portability — receive your data in a structured, machine-readable format; (f) Right to object — object to processing based on legitimate interests; (g) Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing. To exercise any of these rights, contact us via the support channels on this website. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.

11

Data Security

We implement technical and organisational security measures appropriate to the risk, including: encrypted connections (TLS/HTTPS) for all web traffic; encrypted storage of OAuth2 tokens; server-side session signing with a secret key; rate limiting on all API endpoints; IP-based access controls on server infrastructure; and regular review of access permissions. No method of transmission or storage is 100% secure. If you become aware of a security vulnerability, please report it responsibly via the support ticket system on this website.

12

Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected data from a child under 13, please contact us immediately and we will delete it promptly.

13

Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page with a revised "Last updated" date. For material changes that significantly affect how we process your data, we will provide additional notice through the dashboard or other appropriate means. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.

14

Contact and Data Protection Enquiries

For all privacy-related requests, data subject rights exercises, or complaints, please use the support ticket system available on this website. Legal contact and imprint details (§ 5 TMG) are available in the footer. If you are not satisfied with our response, you have the right to contact the relevant data protection supervisory authority in your country.

Privacy questions or data subject requests? Open a support ticket. For legal notices see the Imprint linked in the footer.