VERSION2.0DOC2 OF 3RATIFIED
NO DARK PATTERNS — JUST OUR

Privacy policy

What Ashley collects, why she needs it, and what she'll never do with it. Plain English, no small print, no surprises

DOCUMENT pp_ashley · VERSION v2.0

The Ashley Privacy Instrument

This instrument (the "Privacy Policy" or "Policy") sets forth the terms upon which the Rogue Army gaming community ("RGA", "We", "Us", or "Our") operates the Ashley Discord application (the "Bot" or "Ashley") and processes personal data relating to Discord users who interact with the Bot or who are present in channels in which the Bot is active (each, a "User" or "You").

This Policy is to be read in conjunction with the Rogue Army Community Rules and shall be binding upon all Users from the Effective Date set forth below.

Commencement and Version

Effective Date: 31 May 2025 Last Updated: 24 April 2026 Version: 2.0

The current version supersedes any and all prior versions of this Policy. A summary of amendments is retained in §18 (Version History).

1. Interpretation and Definitions

1.1 Definitions

In this Policy, unless the context otherwise requires, capitalised terms shall bear the following meanings:

  • "Ashley" means the Discord application operated by the Community under the bot profile "Ashley", including all features, subcommands, and automated behaviours thereof.
  • "Community" or "RGA" means the Rogue Army gaming community as constituted by its Founders, Community Administrators, and members.
  • "Controller" bears the meaning ascribed to it in Article 4(7) of the GDPR.
  • "Discord" means Discord Inc. and its affiliates, including Discord Netherlands B.V. in respect of Users habitually resident in the European Economic Area.
  • "GDPR" means, as context requires, (i) Regulation (EU) 2016/679 (the "EU GDPR"); and (ii) the UK General Data Protection Regulation as incorporated into the law of the United Kingdom by the Data Protection Act 2018 (the "UK GDPR").
  • "Personal Data" bears the meaning ascribed to it in Article 4(1) of the GDPR.
  • "Processing" bears the meaning ascribed to it in Article 4(2) of the GDPR.
  • "Processor" bears the meaning ascribed to it in Article 4(8) of the GDPR.
  • "Sub-processor" means any third party engaged by the Community, or by a Processor acting on the Community's behalf, to Process Personal Data in connection with Ashley.
  • "Supervisory Authority" bears the meaning ascribed to it in Article 4(21) of the GDPR.
  • "User" or "You" means any natural person whose Personal Data is Processed by or in connection with Ashley.

1.2 Construction

Headings are inserted for convenience only and shall not affect the construction of this Policy. Words in the singular include the plural and vice versa. References to any statute, regulation, or instrument include any amendment, re-enactment, or replacement thereof.

2. Identity of the Controller

2.1 Data Controller

The Controller of Personal Data Processed in connection with Ashley is the Rogue Army Gaming Community, represented for these purposes by its Founders and Community Administrators.

2.2 Contact for Privacy Matters

All inquiries concerning this Policy, data subject requests, and any other privacy-related correspondence shall be directed to:

  • Community Support Server: https://dc.roguearmy.xyz
  • Support Ticket Channel: the ticketing system within the Rogue Army Discord server

The Community shall endeavour to acknowledge receipt of any such inquiry within seven (7) business days and to respond substantively within thirty (30) calendar days, save where such period is extended in accordance with Article 12(3) of the GDPR.

2.3 Joint Controllership with Discord

With respect to Processing that occurs upon or through the Discord platform, Discord and the Community may be regarded as joint controllers within the meaning of Article 26 of the GDPR for limited and defined purposes. Processing occurring at the platform level remains subject to Discord's own privacy policy, which prevails in respect of such platform-level Processing.

3. Personal Data We Process

3.1 Categories of Personal Data

The Community Processes the following categories of Personal Data in respect of Users:

Table
CategoryExamplesSource
IdentifiersDiscord User ID, server-specific nicknameDiscord API
Voice activity metadataJoin/leave timestamps, channel identifiers, session durationDiscord API
Message activity metadataMessage frequency, timestamps, channel identifiers (no content)Discord API
Command dataSlash commands invoked, parameters, timestampsUser interaction
Role dataDiscord roles relevant to Ashley's functionalityDiscord API
Game integration dataUbisoft Connect identifiers and publicly available game statisticsUser-provided / Ubisoft API

3.2 Personal Data We Do Not Process

The Community does not, under any circumstances, Process the following:

  • Message content of any kind, in any channel, in any form;
  • Voice or audio recordings, whether in whole or in part;
  • Direct messages or private communications between Users;
  • Real names, postal addresses, telephone numbers, or email addresses (save where voluntarily disclosed in a support ticket);
  • Financial information, including payment card details and bank account numbers;
  • Precise geolocation data;
  • Special categories of Personal Data within the meaning of Article 9 of the GDPR;
  • Personal Data relating to other Discord servers in which the User may be present.

3.3 Data Minimisation

The Community shall at all times limit its Processing to that which is adequate, relevant, and limited to what is necessary in relation to the purposes for which Personal Data is Processed, in accordance with Article 5(1)(c) of the GDPR.

4. Lawful Bases for Processing

4.1 Lawful Bases by Purpose

The Community relies upon the following lawful bases under Article 6 of the GDPR in respect of each Processing activity:

Table
Processing PurposeLawful BasisGDPR Article
Provision of core bot functionality (commands, responses)Performance of a contractArt. 6(1)(b)
Operation of the Levelling SystemLegitimate interestsArt. 6(1)(f)
AFK detection and voice status managementLegitimate interestsArt. 6(1)(f)
Support and ticket managementPerformance of a contract and legitimate interestsArt. 6(1)(b) & (f)
Security, abuse prevention, and fraud detectionLegitimate interests and legal obligationArt. 6(1)(f) & (c)
Integration with external game APIs upon User requestConsentArt. 6(1)(a)
Service improvement and debugging (aggregated data)Legitimate interestsArt. 6(1)(f)

4.2 Legitimate Interests Balancing Test

Where the Community relies upon legitimate interests pursuant to Article 6(1)(f), it has conducted a three-part balancing assessment comprising (i) a purpose test, (ii) a necessity test, and (iii) a balancing test as between its interests and the rights and freedoms of Users. A summary of the outcome of said assessment is available upon written request to the contact set forth in §2.2.

4.3 Withdrawal of Consent

Where Processing is based upon consent, You may withdraw such consent at any time by contacting the Community through the channels set forth in §2.2, with the same ease as it was given. Withdrawal shall not affect the lawfulness of Processing carried out prior to withdrawal.

5. Purposes of Processing

5.1 Core Bot Functionality

  • Execution of slash commands and user-facing features;
  • Operation of the Levelling System in respect of Community engagement;
  • Management of AFK status in voice channels;
  • Provision of the ticketing and support interface.

5.2 Community Management

  • Assisting Community moderators in the discharge of their functions;
  • Provision of aggregated usage statistics to Community Administrators;
  • Enforcement of the Community Rules and related instruments.

5.3 Service Improvement

  • Identification and remediation of defects;
  • Optimisation of performance and response times;
  • Evaluation of feature adoption through aggregated, non-identifying metrics.

5.4 Security and Integrity

  • Detection and prevention of abuse, spam, and automated attacks;
  • Investigation of incidents affecting the Community or Ashley.

6. Recipients and Sub-processors

6.1 Categories of Recipients

Personal Data may be disclosed to the following categories of recipients:

  • Community Administrators and Moderators authorised to access Ashley's administrative interface, subject to obligations of confidentiality;
  • Members of the Ashley Development Team in the discharge of development, deployment, and maintenance functions;
  • Sub-processors engaged in accordance with §6.2 below;
  • Law enforcement authorities and other competent public bodies where required by applicable law.

6.2 Sub-processors

The Community engages the following Sub-processors in connection with the operation of Ashley:

Table
Sub-processorFunctionLocationSafeguards
Discord Inc.Platform upon which Ashley operates; transmission and displayUnited States / European UnionDiscord's Privacy Policy; SCCs where applicable
OpenAI, L.L.C.AI-assisted features and natural language processingUnited StatesData Processing Addendum; SCCs; EU-US Data Privacy Framework where applicable
Ubisoft EntertainmentGame statistics via Ubisoft Connect API (public data only)France / GlobalUbisoft's Privacy Policy
Infrastructure provider (EU)Hosting and data storageEuropean UnionData Processing Agreement

The Community shall use commercially reasonable efforts to notify Users of any material change to the list of Sub-processors via the Wiki and the Rogue Army Discord server.

6.3 No Sale, Rental, or Marketing

The Community does not, and shall not:

  • sell Personal Data to any third party;
  • rent, lease, or lend Personal Data;
  • share Personal Data with advertisers or for marketing purposes;
  • engage in cross-context behavioural advertising.

7. International Transfers

7.1 Transfer Mechanisms

Where Personal Data is transferred outside the European Economic Area or the United Kingdom, such transfer shall be effected subject to one or more of the following safeguards:

  • Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914);
  • UK International Data Transfer Agreement or UK Addendum to the SCCs;
  • Adequacy Decisions of the European Commission, where applicable;
  • Certification under the EU-US Data Privacy Framework, where applicable.

7.2 Availability of Transfer Documentation

Copies of the transfer mechanism(s) relied upon in respect of any particular transfer may be obtained upon written request to the contact set forth in §2.2, redacted as reasonably necessary to protect commercial confidentiality.

8. Retention of Personal Data

8.1 Retention Periods

Personal Data shall be retained for no longer than is necessary for the purposes for which it was Processed. The following retention periods shall apply:

Table
Data CategoryRetention Period
Active account data (User ID, nickname, roles)Duration of Community membership plus twenty-four (24) months of inactivity
Levelling dataDuration of Community membership; anonymised after thirty-six (36) months of inactivity
Voice activity timestampsTwelve (12) months, then aggregated
Message activity metadataTwelve (12) months, then aggregated
Command usage logsNinety (90) days
Support ticket correspondenceTwelve (12) months after closure of the ticket
Technical and security logsNinety (90) days
Data subject to a validated erasure requestDeleted within thirty (30) days

8.2 Anonymisation

Upon expiry of the applicable retention period, Personal Data shall be either (i) deleted or (ii) rendered anonymous such that the data subject is no longer identifiable by the Community or any third party, in accordance with Recital 26 of the GDPR.

9. Security of Processing

9.1 Technical and Organisational Measures

The Community shall implement appropriate technical and organisational measures pursuant to Article 32 of the GDPR, including without limitation:

  • Encryption of data in transit (TLS) and at rest where technically feasible;
  • Role-based access controls limiting access to the Ashley Development Team;
  • Regular review of access rights and audit logs;
  • Secure backups with appropriate retention and integrity controls;
  • Incident response procedures and defined escalation paths;
  • Timely patching of dependencies and underlying infrastructure.

9.2 Data Breach Notification

In the event of a personal data breach within the meaning of Article 4(12) of the GDPR:

  • The Community shall notify the competent Supervisory Authority without undue delay and, where feasible, not later than seventy-two (72) hours after having become aware of the breach, in accordance with Article 33 of the GDPR;
  • Where the breach is likely to result in a high risk to the rights and freedoms of Users, the Community shall communicate the breach to affected Users without undue delay, in accordance with Article 34 of the GDPR.

10. Your Rights

10.1 Rights of the Data Subject

You have the following rights under the GDPR:

  • Right of access (Art. 15) — to obtain confirmation of and a copy of Personal Data concerning You;
  • Right to rectification (Art. 16) — to obtain correction of inaccurate Personal Data;
  • Right to erasure (Art. 17) — to obtain deletion of Personal Data, subject to statutory exceptions;
  • Right to restriction of Processing (Art. 18);
  • Right to data portability (Art. 20) — where Processing is based on consent or contract and is carried out by automated means;
  • Right to object (Art. 21) — to Processing based on legitimate interests;
  • Right not to be subject to automated decision-making (Art. 22), subject to the exceptions therein;
  • Right to withdraw consent at any time, where Processing is based on consent;
  • Right to lodge a complaint with a Supervisory Authority (Art. 77).

10.2 Exercising Your Rights

Requests shall be made through the contact set forth in §2.2. The Community may request such information as is reasonably necessary to verify Your identity before giving effect to any request. No fee shall be charged, save where a request is manifestly unfounded or excessive, in which case a reasonable fee may be charged or the request refused, as permitted by Article 12(5) of the GDPR.

10.3 Supervisory Authority

You have the right to lodge a complaint with the Supervisory Authority of Your habitual residence, place of work, or place of alleged infringement. Competent authorities include, without limitation:

  • Czech Republic: Úřad pro ochranu osobních údajů (ÚOOÚ) — uoou.cz
  • United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk
  • Ireland: Data Protection Commission (DPC) — dataprotection.ie
  • European Data Protection Board: edpb.europa.eu

11. Automated Decision-Making and Profiling

Ashley employs automated processes in respect of:

  • Levelling: automatic assignment of Community levels based upon activity metrics;
  • AFK Detection: automatic assignment of AFK status based upon voice channel inactivity.

Such processes do not produce legal effects or similarly significantly affect the User within the meaning of Article 22(1) of the GDPR, and accordingly the prohibition in that Article does not apply. Notwithstanding the foregoing, You retain the right to request human review of any decision made by Ashley that You consider to have materially affected Your standing in the Community.

12. Age of Users

12.1 Minimum Age

Ashley is intended for use by Discord users who have attained the minimum age required by Discord's Terms of Service in their jurisdiction of habitual residence, and in no event less than thirteen (13) years. Certain features of the Community and of Ashley are reserved for Users aged eighteen (18) or over, as indicated in the Community Rules and related instruments.

12.2 Representation by User

By interacting with Ashley, You represent and warrant that You satisfy the applicable minimum age. The Community does not knowingly Process Personal Data of persons below the applicable minimum age. Upon receipt of credible evidence that such Processing has occurred, the Community shall promptly delete the relevant Personal Data.

13. Cookies and Similar Technologies

Ashley operates exclusively within the Discord platform and does not, in its own right, deploy cookies, web beacons, local storage, or analogous tracking technologies upon any device of the User. Cookies and similar technologies that may be deployed by Discord or by the Community's public websites are addressed in the respective privacy notices of those properties.

14. Amendments to this Policy

14.1 Right to Amend

The Community reserves the right to amend this Policy at any time. Material amendments shall be announced in the Rogue Army Discord server not less than seven (7) days prior to their taking effect, save where immediate amendment is required for legal, regulatory, or security reasons.

14.2 Continued Interaction

Continued interaction with Ashley following the effective date of an amendment shall constitute acceptance of the Policy as amended. Users who do not accept an amendment shall cease interaction with Ashley and may request erasure of their Personal Data in accordance with §10.

15. Miscellaneous

15.1 Severability

If any provision of this Policy is held to be invalid, illegal, or unenforceable in any respect, the remaining provisions shall continue in full force and effect. Any such invalid, illegal, or unenforceable provision shall be deemed replaced by a valid, legal, and enforceable provision that most closely reflects the original intent of the Community.

15.2 Entire Agreement

This Policy, together with the Community Rules and any other instrument expressly incorporated by reference, constitutes the entire agreement between the Community and the User in respect of the subject matter hereof and supersedes any prior representations or understandings, whether oral or written.

15.3 No Warranty

Ashley is provided "as is" and "as available". To the maximum extent permitted by applicable law, the Community disclaims all warranties, whether express, implied, or statutory, including without limitation warranties of merchantability, fitness for a particular purpose, and non-infringement. Nothing in this clause shall exclude or limit liability that cannot be excluded or limited under applicable law.

15.4 Language

This Policy is executed in the English language. Any translation provided for convenience shall not be authoritative; in the event of any discrepancy, the English version shall prevail.

16. Governing Law and Jurisdiction

This Policy shall be governed by and construed in accordance with the law of England and Wales, without regard to its conflict of laws principles. The courts of England and Wales shall have exclusive jurisdiction over any dispute arising out of or in connection with this Policy, save that a User may, where required by mandatory provisions of applicable consumer law, bring proceedings before the courts of their jurisdiction of habitual residence. Nothing in this clause shall affect the User's statutory rights under the law of their habitual residence, including the right to lodge a complaint with the competent Supervisory Authority.

17. Incorporated References

The following instruments are hereby incorporated by reference and shall be read in conjunction with this Policy:

  • The Rogue Army Community Rules;
  • Discord's Terms of Service and Privacy Policy;
  • OpenAI's Privacy Policy in respect of AI-assisted features;
  • Ubisoft's Privacy Policy in respect of game statistics.

18. Version History

Table
VersionDateSummary of Changes
1.031 May 2025Initial publication
2.024 April 2026Restructured to conform to Community legal instrument style; added Definitions, Lawful Basis schedule, Sub-processor register, Retention schedule, International Transfer safeguards, Supervisory Authority guidance, Severability / Entire Agreement / No Warranty clauses, and Governing Law clause

19. Acknowledgement

By continuing to interact with Ashley, You acknowledge that You have read and understood this Policy and agree to the Processing of Your Personal Data as set out herein, to the extent that such Processing is based upon Your consent. Where Processing is based upon a lawful basis other than consent, Your rights under §10 remain unaffected.

Executed and published on behalf of the Ashley Bot Development Team, for and on behalf of the Rogue Army Gaming Community, European Union.