last updated: 26 April 2026

privacy policy

What data Quanto processes, on what legal basis, and how to exercise your rights under the GDPR.

This English version is provided for your convenience. In case of discrepancy, the German version is legally authoritative.

controller

The controller (Verantwortlicher) for personal data processed via Quanto is:

Quanto – Nikolas Scheipers
c/o Online-Impressum #7845
Europaring 90
53757 Sankt Augustin
Germany
Contact: quanto@mail.online-impressum.de

what data we collect

From Discord OAuth (when you sign in): your Discord user ID, username, global name, avatar, email address, and the IDs of guilds you authorize Quanto for.

  • from your usage: actions you take in the dashboard, configurations you save, audit log entries (who did what, when)
  • automatic technical data: IP address (in server logs, retained briefly for security), user-agent, request timestamps, and a single essential session cookie used to keep you signed in
  • optional data you provide: form notes, ticket content, faction data — only what you choose to enter

why we process it

Legal bases under Art. 6 GDPR:

  • Art. 6(1)(b) — performance of a contract: running your account, executing the moderation, faction, and team-management features you use
  • Art. 6(1)(f) — legitimate interests: keeping the service secure, preventing abuse, debugging, basic server logs
  • Art. 6(1)(a) — consent: anything explicitly opt-in (you can withdraw consent at any time, without affecting prior processing)
  • Art. 6(1)(c) — legal obligation: where we must respond to lawful requests

who processes data on our behalf

Quanto uses the following processors / sub-processors. Each is bound by a data-processing agreement and, where relevant, EU Standard Contractual Clauses.

  • Discord — authentication and the messaging surface for the bot
  • Convex — application database and backend (hosted in the United States; transfers covered by SCCs)
  • Railway — web dashboard and Discord-bot hosting (infrastructure provider, EU/US regions)

how long we keep data

Account data is kept for as long as you have an account. When you delete your account, the operator removes your personal data within 30 days, except where retention is legally required.

Server logs containing IP addresses are typically retained for up to 7 days for security purposes. Database backups are kept for up to 30 days and then rotated out.

your rights

Under the GDPR you have the right to:

  • access (Art. 15) — get a copy of your data
  • rectification (Art. 16) — correct inaccurate data
  • erasure (Art. 17) — "right to be forgotten"
  • restriction (Art. 18) — limit how we process it
  • portability (Art. 20) — receive your data in a portable format
  • object (Art. 21) — object to processing based on legitimate interest
  • withdraw consent (Art. 7(3)) — at any time, for anything based on consent
  • lodge a complaint (Art. 77) — with the supervisory authority responsible for the operator's place of residence

To exercise any of these, email quanto@mail.online-impressum.de. We will respond within 30 days.

cookies

Quanto uses one essential session cookie to keep you signed in after Discord OAuth. It is strictly necessary for the service to function and does not require consent under §25(2) TDDDG.

There is no analytics, no advertising, and no third-party tracking on Quanto.

international transfers

Some processors (notably Convex) operate in the United States. Transfers are covered by the EU Standard Contractual Clauses (SCCs) and supplementary measures where appropriate. By signing in you acknowledge this transfer.

children

Quanto is not intended for users under 16. If you are under 16, do not sign in. If we learn we hold data of a child under 16 without parental consent, we will delete it.

changes to this policy

Material changes will be announced in the dashboard and reflected by the "last updated" date at the top of this page.

contact

Questions about your data, or want to exercise your rights? Email quanto@mail.online-impressum.de.