Skip to content

Information on Data Collection & Infrastructure

Evan Yang edited this page Aug 1, 2021 · 5 revisions

Application Details

What does your application do? Please be as detailed as possible, and feel free to include links to image or video examples.

Provides anime-related memes sourced from Reddit, grants instant access to anime databases through AniList & MyAnimeList, integrates a virtual economy and casino into a Discord server, and enhances gameplay elements of the card game Karuta through multiple plugins. Completely open-source at https://github.com/eyang2020/Kurisu.

Data Collection

Tell us more about the data you store and process from Discord.

What Discord data do you store?

All long-term stored data is already public. This includes the Discord user ID, osu! profile ID, a user's balance within the virtual economy, and server-oriented bot usage statistics. In the future, osu! statistics may also be stored (currently they are fetched upon request from public APIs).

For what purpose(s) do you store it?

These pieces of data are necessary for the functions of the bot.

For how long do you store it?

All already public data that is collected is stored until it is updated or deleted. This data is never moved anywhere outside of the programs that use it for authentication and submission.

What is the process for users to request deletion of their data?

As all stored data is public, there is no personal data to be deleted. Under the circumstance that the user wishes to disconnect their linked accounts, a request of disconnection is available which permanently removes selected connected accounts and associated data.

Infrastructure

Tell us more about your application's infrastructure and your team's security practices.

What systems and infrastructure do you use?

The bot is written in Python and runs on the discord.py library. The database is a MongoDB database, and connections between the bot and database are handled using PyMongo. The bot in production runs on an AWS EC2 instance.

How have you secured access to your systems and infrastructure?

All calls to the database are fully sanitized, and can only be accessed via a set amount of preset commands. There are no back doors to access the data.

How can users contact you with security issues?

The bot is also open-source on GitHub, so users may contact the developer directly via an issue or pull request.

Does your application utilize other third-party auth services or connections? If so, which, and why?

The bot uses the official public APIs of osu!, Reddit, and AniList, including a trusted unofficial API for MyAnimeList. All of these APIs are required for public data collection in various functions of the bot.