SafeNet

Data Processing Agreement

Last Updated: January 2026

1. Introduction

This Data Processing Agreement ("DPA") is entered into between RJO Innovation & Consultancy ("Data Controller") and you ("Data Subject") regarding the processing of personal data through the SafeNet Discord security bot.

SafeNet is committed to protecting your personal data and complying with applicable data protection laws including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant regulations.

2. Scope and Purpose

This DPA applies to the processing of personal data collected through SafeNet. The purposes of processing include:

  • Server security and protection against malicious users
  • User verification and authentication
  • Fraud and abuse detection
  • Service improvement and analytics
  • Compliance with legal obligations

3. Data Collection and Types

SafeNet collects and processes the following categories of personal data:

  • Discord User IDs and usernames
  • Server membership information
  • Message history (when necessary for moderation)
  • IP address information (for anti-VPN detection)
  • User behavior analytics

We do not collect sensitive personal data such as financial information, health data, or racial/ethnic origin without explicit consent.

4. Legal Basis for Processing

SafeNet processes personal data based on the following legal grounds:

  • Consent: Where you have explicitly agreed to data processing
  • Legitimate Interests: To maintain server security and protect against abuse
  • Legal Obligation: Where required by law or court order
  • Performance of Contract: To provide SafeNet services to server administrators

5. Data Retention & Legal Exceptions to Erasure

SafeNet retains personal data only as long as necessary to fulfill the purposes stated in this DPA. However, under GDPR Article 17(3)(b) and (e), the Right to be Forgotten has important exceptions that SafeNet lawfully applies:

GDPR Exceptions to Erasure

Erasure does not apply when processing is necessary for:

  • Security, fraud prevention & abuse mitigation: Preventing ban evasion, detecting malicious actors, and maintaining community safety
  • Legal obligations or legal claims: Establishment, exercise, or defense of legal claims as per Article 17(3)(e)

What SafeNet Deletes Upon Erasure Request

When you request deletion, SafeNet immediately erases:

  • Full user profiles and personal metadata
  • Discord IDs and usernames (in clear text)
  • IP addresses in raw form (except where legally required)
  • Analytics and enrichment data

What SafeNet Lawfully Retains for Security

For the legitimate interests of community safety and fraud prevention (Article 6(1)(f)), SafeNet retains only minimal, security-critical data:

  • Hashed identifiers (salted, irreversible): Cannot be reverse-engineered to identify you
  • Pseudonymised risk flags: e.g., "Previously malicious" – without personal profile data
  • Security event records: Timestamp, event type, and outcome only (no personal data)
  • Abuse-prevention fingerprints: Non-reversible patterns used only to detect coordinated harm

These retained records are:

  • Pseudonymised and cannot directly identify you
  • Proportional to SafeNet's security mission
  • Retained only as long as the security threat exists
  • Not used for profiling, marketing, or any purpose beyond fraud/abuse prevention
  • Message history and communication records with SafeNet's services.

Transparency on Retention

SafeNet is transparent about this approach:

  • We do NOT claim "never to delete data"
  • We DO erase personal-identifiable information where possible
  • We RETAIN only minimal security-critical identifiers
  • This distinction is GDPR-compliant under established case law and EDPB guidance

6. Data Subject Rights & Right to Erasure

Under applicable data protection laws (including GDPR, CCPA, and other regulations), you have the following rights:

  • Right of Access: Request access to your personal data processed by SafeNet
  • Right to Rectification: Correct inaccurate or incomplete personal data
  • Right to Data Portability: Receive your personal data in a structured, machine-readable format
  • Right to Object: Object to processing for direct marketing and certain other purposes
  • Right to Restrict Processing: Request limitation of how your data is used

Right to Erasure (Right to be Forgotten) – With Legal Exceptions

You have the right to request deletion of your personal data. However, GDPR Article 17(3) explicitly permits SafeNet to retain data when:

  • Processing is necessary for security and fraud prevention (Article 17(3)(b))
  • Processing is necessary for legal claims or compliance with legal obligations (Article 17(3)(e))

Important: This is NOT a limitation on your rights. Rather, it reflects GDPR's recognition that security systems require minimal data retention for community protection. We apply these exceptions proportionally and transparently.

How to Exercise Your Rights

To exercise any of these rights, contact us at:

We will verify your identity and respond within 30 days (or within the timeframe required by applicable law).

7. Data Security

SafeNet implements comprehensive security measures to protect personal data:

  • End-to-end encryption for data in transit
  • Industry-standard encryption at rest
  • Regular security audits and penetration testing
  • Access controls and authentication mechanisms
  • Employee data protection training
  • Incident response procedures

8. Data Sharing and Third Parties

SafeNet does not sell personal data to third parties. We may share data with:

  • Discord Inc. (as required for bot functionality)
  • Service providers and hosting partners (under data processing agreements)
  • Law enforcement (when legally required)
  • Server administrators (for moderation purposes)

All third parties are subject to strict confidentiality agreements and data protection obligations.

9. Data Storage Location

SafeNet's services and data infrastructure are physically located and operated in the Netherlands. All personal data processed by SafeNet is stored on servers situated within the Netherlands.

This ensures that your data benefits from:

  • GDPR protection as an EU member state
  • Dutch data protection authority oversight
  • Compliance with Dutch cybersecurity standards
  • EU data residency requirements

By storing data exclusively in the Netherlands, SafeNet minimizes cross-border data transfers and ensures strong legal protections under EU data protection law.

10. International Data Transfers

Because SafeNet's primary data storage is in the Netherlands (an EU member state), most personal data does not require international transfers. However, in limited cases where data must be transferred outside the EU/EEA for technical or legal reasons, SafeNet ensures such transfers comply with applicable data protection laws through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by relevant authorities
  • Explicit user consent where required

11. Changes to This DPA

SafeNet reserves the right to update this DPA to reflect changes in our data processing practices or legal requirements. We will notify users of significant changes via email or through the SafeNet Discord server.

12. Contact Information

For questions about this DPA or to exercise your data subject rights, contact:

RJO Innovation & Consultancy

Email: info@rjo-web.nl

Discord: Join our server

13. Governing Law

This DPA is governed by and construed in accordance with the laws of the Netherlands. Any disputes arising out of or in connection with this DPA shall be subject to the exclusive jurisdiction of the Dutch courts.

← Back to Home Terms of Service →