1. Introduction
Community Juice LTD (trading as “Community Studios”, “we”, “us”, or “our”) operates the CEEJAY platform, a Discord analytics and community relationship management service. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our services.
We are registered with the Information Commissioner's Office (ICO) in the United Kingdom and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Registered Company: Community Juice LTD
Trading As: Community Studios
Jurisdiction: England & Wales, United Kingdom
Contact: privacy@communitystudios.xyz
2. Definitions
- Data Controller: Our customers (Discord server owners/administrators) who determine the purposes and means of processing their community members' data.
- Data Processor: Community Juice LTD, which processes personal data on behalf of our customers.
- Data Subjects: Discord community members whose personal data is processed through our services.
- Personal Data: Any information relating to an identified or identifiable natural person.
- Dashboard Users: Our B2B customers who access the CEEJAY dashboard.
3. Data We Collect
3.1 From Dashboard Users (Our Customers)
- Discord OAuth profile information (username, email address, avatar)
- Authentication tokens and session data
- Server configuration preferences
- Login timestamps and dashboard usage analytics
3.2 From Discord Community Members (via Bot)
When a server administrator adds CEEJAY to their Discord server, we collect:
- Discord user ID (snowflake identifier)
- Username and display name
- Message metadata (channel, timestamp, word count)
- Message content (processed for sentiment analysis, not stored in raw form long-term)
- Voice channel activity (join/leave times, duration)
- Server membership events (join date, leave date)
- Role assignments
- Reaction data
- Gaming and activity status information
3.3 Automatically Collected Data
- Website analytics via Google Analytics (anonymised, IP anonymisation enabled, consent required)
- Dashboard usage analytics via PostHog (anonymised, EU-hosted)
- Browser type and device information (anonymised)
- Page views and feature usage patterns
4. How We Collect Data
- Discord Bot API: Our bot collects data from Discord servers where it has been authorised by a server administrator.
- Discord OAuth: Dashboard users authenticate via Discord's OAuth 2.0 flow.
- PostHog Analytics: Dashboard usage is tracked via PostHog (EU-hosted at eu.posthog.com) with privacy-preserving defaults including text masking and input masking.
- Google Analytics: Website traffic and conversion tracking via Google Analytics 4 with IP anonymisation and Consent Mode v2 enabled. No cookies are set until the user provides consent.
5. Purpose and Legal Basis
We process personal data under the following lawful bases (UK GDPR Article 6):
| Purpose | Legal Basis |
|---|---|
| Providing analytics to server administrators | Contract performance (with our customers) |
| Community sentiment analysis | Legitimate interest of server administrators |
| Dashboard authentication | Contract performance |
| Product improvement and analytics | Legitimate interest |
| Security and fraud prevention | Legitimate interest |
| Website analytics and conversion tracking | Consent (analytics cookies) |
| Marketing communications | Consent |
6. Marketing Communications
- We may send service-related emails (such as billing notifications, security alerts, and feature updates) without separate consent, as they are necessary for contract performance.
- Marketing and promotional communications are only sent with your explicit consent.
- You can unsubscribe from marketing communications at any time via the unsubscribe link included in every marketing email.
7. Discord-Specific Data Handling
CEEJAY operates as a Discord bot under Discord's Developer Terms of Service. We only collect data from servers where an administrator has explicitly added our bot. Server administrators can configure which data is collected through the CEEJAY dashboard.
Message content is processed through our sentiment analysis pipeline and is not stored in raw form beyond the processing period. Derived insights (sentiment scores, keyword frequencies) are retained.
8. AI and Automated Processing
We use artificial intelligence and large language model (LLM) technology to provide sentiment analysis, natural language processing, and summarisation features within the CEEJAY platform.
- AI processing is performed by a sub-processor with an active Data Processing Agreement.
- AI-derived insights (such as sentiment scores and keyword analysis) are processed for the sole benefit of the specific customer whose community data was analysed.
- Results are not shared beyond approved sub-processors.
9. Data Retention
| Data Type | Retention Period |
|---|---|
| Message metadata and analytics | Duration of customer subscription + 30 days |
| Member profiles and activity data | Duration of customer subscription + 30 days |
| Sentiment analysis results | Duration of customer subscription + 30 days |
| Dashboard user accounts | Duration of subscription + 90 days |
| Dashboard usage analytics | 12 months (rolling) |
| Authentication logs | 90 days |
Upon termination of a customer's subscription, we retain data for the specified period to allow for account reactivation. After this period, data is permanently deleted.
10. Third-Party Sub-Processors
We use the following categories of sub-processors to deliver our services:
- Infrastructure hosting — SOC 2 Type II certified (US/EU)
- Authentication services — SOC 2 Type II certified (US/EU)
- Product analytics — SOC 2 Type II certified (EU-hosted)
- Website analytics — DPF Certified (US)
- Email delivery — DPF Certified (US)
- Media storage — SOC 2 Type II certified (US)
- Platform API — Developer DPA (US)
- AI/LLM processing — DPA active (US)
All sub-processors have signed Data Processing Agreements (DPAs) with Community Juice LTD. A complete list of sub-processors with their identities, purposes, and certifications is available upon request and is included in our Data Processing Agreement. Please contact privacy@communitystudios.xyz for details.
11. International Data Transfers
Some of our sub-processors are located in the United States. Where personal data is transferred outside the United Kingdom, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the ICO, and Transfer Impact Assessments (TIAs) where required.
12. Your Rights
Under UK GDPR, data subjects have the following rights:
- Right of Access (Article 15): Request a copy of the personal data we hold about you.
- Right to Rectification (Article 16): Request correction of inaccurate personal data.
- Right to Erasure (Article 17): Request deletion of your personal data.
- Right to Restrict Processing (Article 18): Request that we limit how we process your data.
- Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format.
- Right to Object (Article 21): Object to our processing of your personal data.
To exercise any of these rights, please submit a request via our Data Subject Access Request form or email us at privacy@communitystudios.xyz. We will respond within 30 days as required by UK GDPR.
Note for Discord community members: As we act as a Data Processor on behalf of your server administrator (the Data Controller), we may direct your request to the relevant server administrator where appropriate. We will verify your identity via Discord DM before processing any request.
13. Data Security
We implement appropriate technical and organisational measures to protect personal data:
- TLS encryption for all data in transit
- AES-256-GCM encryption for stored authentication tokens
- Database encryption at rest
- Parameterised database queries to prevent SQL injection
- Content Security Policy (CSP) headers
- Server-scoped authorisation on all API endpoints
- Production logging sanitised to exclude sensitive data
- Product analytics configured with text masking and input masking enabled
- Website analytics configured with IP anonymisation and consent mode
14. Data Breach Notification
In the event of a personal data breach that poses a risk to the rights and freedoms of data subjects:
- We will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, as required by UK GDPR Article 33.
- Affected data controllers (our customers) will be notified without undue delay.
- Where the breach is likely to result in a high risk to the rights and freedoms of data subjects, those individuals will be notified as required by UK GDPR Article 34.
15. Cookies
Our website uses analytics cookies (Google Analytics) with your consent, and our dashboard uses essential cookies for authentication and analytics cookies via PostHog. For full details, please see our Cookie Policy.
Our website does not currently respond to “Do Not Track” browser signals. However, we use consent-based analytics and no tracking cookies are set until you provide consent via our cookie banner.
16. Children's Privacy
Our services are not directed at individuals under the age of 13. Discord's own Terms of Service require users to be at least 13 years old. We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete it promptly.
17. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify our customers of significant changes via email or dashboard notification. The “Last updated” date at the top of this page indicates when the policy was last revised.
18. Contact
If you have any questions about this Privacy Policy or our data practices, please contact us:
Community Juice LTD
Trading as Community Studios
Email: privacy@communitystudios.xyz
Website: communitystudios.xyz
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.