Privacy Policy & Terms

How MarkSoft handles data across Twitch, Kick, Discord, YouTube, the music player, the puzzle game, the MMORPG and everything else we ship. Plain English where we can; legal precision where we have to.

Last updated: April 30, 2026 Version 3.0
FAQ About Support license@marksoft.ro
Search

Data Collection and Usage

MarkSoft collects and stores data necessary to provide its features and functionalities. The categories below cover everything we touch β€” across all four platforms, the music player, the puzzle game, the MMORPG and the moderation/automation systems.

Discord Data

  • Server Configurations: Guild settings, logging configurations, feature settings, prefix, language preferences.
  • User Data: Discord IDs, usernames, display names, roles, permissions, warnings, points, levels, XP.
  • Moderation Data: Moderation logs, audit logs, ban/kick/warn history, timeout records, protected user lists.
  • Feature Configurations: Welcome/leave messages, auto-roles, reaction roles, ticket system data, suggestion system data, alt detector settings.

Twitch Data

  • OAuth Identity: Twitch user ID, login, display name, profile image β€” what's needed to recognize you when you sign in. EventSub subscriptions are scoped to the bot's verified app.
  • Watchtime Tracking: User viewing time, session data, channel statistics.
  • Fish Collection: Fish caught, rarities, values, sizes, timestamps, collection statistics, leaderboard data.
  • Clip Metadata: Clip creation data, clip URLs, channel associations, user clip collections.
  • Bits Transactions: Bits timeout logs, bits leaderboard data, transaction history (for moderation features).
  • Game Statistics: 69/naughty game counters, win tracking, achievement progress, command usage.
  • Channel Settings: Feature toggles, command settings, channel point integrations, timeout protection lists.

Kick Data

  • OAuth Identity: Kick user ID, username, display name, profile image β€” same role as Twitch identity above. Stored only after explicit OAuth consent.
  • Chat Activity: Messages relevant to bot commands, watchtime sessions, opt-in chat statistics.
  • Webhook Events: Follows, subscriptions, gifts (with gift-royalty tracking), raids β€” only the metadata Kick exposes via official webhooks.
  • Clip Metadata: Same as Twitch β€” clip URLs, channel associations, your saved clip list.
  • Channel Settings: Per-channel feature toggles, command opt-ins, alert configurations.

YouTube Live Data

  • OAuth Identity: Channel ID, channel title, profile image β€” used as a primary identity for users who stream on YouTube Live.
  • Live Status: Public live-stream presence used for cross-platform "going live" alerts.
  • Achievements / Fish: Tied to your unified profile β€” works the same as on Twitch / Kick.

Music & Audio Data

  • Player Activity: Play counts, likes, playlist contents, share-link slugs, "currently playing" track captured by a 10-second heartbeat while the /music tab is active.
  • Playlist Data: Playlists you create β€” name, included tracks, public/private flag, share slug.
  • Spotify Tokens (optional): If you click "Connect Spotify", we store an encrypted refresh token and access token bound to your unified profile, scoped to user-read-currently-playing only β€” we cannot control playback or read your library.
  • Now-Playing Cache: An in-memory snapshot of what's playing for chat-command lookups (!song / !nowplaying). Volatile β€” lost on bot restart, never written to disk.

Puzzle Game Data

  • Uploaded Images: When you upload an image to /puzzle, you accept that the image becomes part of the public puzzle library. The disclaimer on the upload form makes this explicit β€” anyone on the platform can spin up a fresh room from your image. We store the JPEG on disk plus a database row with the title, your unified profile ID, your display name and avatar, dimensions, play count and best-time stats.
  • Room State: Active rooms (4-digit code, piece groups, player positions, contribution counts) live in memory only. They are not persisted, and are garbage-collected after inactivity or 30 minutes after a finish.
  • Completion Records: When a room is finished, we write a result row containing: image ID, grid size, completion time, the participants present at finish (display name, avatar, profile ID, merge contributions). These power the per-image leaderboard and the "recent finishes" feed.

3D Game World Data

  • Game Character: One character per profile (for now) β€” name, sex, class, level, XP, coins, position, inventory, learned spells. Persisted on logout and via a 30-second heartbeat while in-world.
  • NPC Interaction Log: A capped collection (10M doc limit) recording every meaningful NPC interaction β€” talk, trade, attack, gift, quest. Used for future quest design; no sensitive content.
  • Property & Business (future phases): Plot ownership, building inventory, production queues, business revenue. Tied to your unified profile.

AI Interaction Data

  • Chat Messages: Messages processed by AI for context awareness (retained temporarily for conversation context).
  • AI Responses: AI-generated responses (not stored long-term, only in chat logs if enabled).
  • TTS Usage: Text-to-speech request logs, voice preference settings, usage statistics.
  • AI Personas: Custom persona configurations, trigger words, personality settings.

Remote Control Data

  • Permission Grants: Remote control permission grants, authorization records.
  • Usage Logs: Command execution logs (e.g., "mouse moved", "key pressed"), no keystroke content or screen data stored.

Unified Profile & Account Linking

  • UnifiedProfile Document: A single record per user that holds your linked-account references (Twitch / Kick / Discord / YouTube / Spotify), display name, avatar, bio, settings, and aggregate stats. This is the row your fish, music likes, achievements, puzzle records and game character all reference.
  • Cross-Platform Sync: Once linked, activity on any one platform is associated with the unified profile so it follows you everywhere.
  • Channel Mappings: Discord channel to Twitch / Kick channel associations and integration settings β€” server-config only, not personal data.

Encrypted OAuth Tokens

  • What we store: Refresh tokens (and short-lived access tokens) for whichever platforms you've connected β€” Twitch, Kick, Discord, YouTube/Google, Spotify.
  • What we can do with them: Only the scopes you authorized at consent. Spotify is locked to user-read-currently-playing; YouTube to public channel data + live status; Twitch to chat & EventSub for the bot's verified app; Kick to chat + channel events. We cannot exceed the granted scope.
  • What we never see: Your platform passwords. OAuth means the platform handles authentication; we get a token, not a credential.

Analytics & Performance

  • Command Usage Statistics: Command names, user IDs, timestamps, frequency data for analytical purposes.
  • Feature Engagement: Feature usage metrics, popularity statistics, performance data.
  • Performance Metrics: Response times, error rates, system health data.

Premium Subscriptions

  • Subscription Status: Active tier (Pro / Max+ / Ultra), expiration dates, renewal information.
  • Payment Tokens: We use Revolut for billing. Card numbers are tokenised by Revolut and never touch our servers. We store: a Revolut customer ID, an order/subscription reference, and webhook reconciliation data (paid / refunded / cancelled events).
  • Invoice History: Date, amount, currency, tier, status β€” needed for tax records and refund processing.

User-Generated Content

You can upload, post or otherwise contribute content through MarkSoft β€” puzzle images, music playlists, custom AI personas, social posts, fish-collection notes, server configurations and so on. Different content has different privacy implications, so we want to be explicit about each.

Public by upload (no take-back possible)

  • Puzzle images: Once uploaded to /puzzle, your image enters the public puzzle library. Anyone on the platform can spin a fresh room from it and try to beat your record. The disclaimer on the upload form makes this explicit and you must tick a checkbox to confirm. Don't upload anything you wouldn't want shared, and never upload copyrighted content you don't own or have permission to share.
  • Public playlists / shared tracks: Music playlists and individual tracks you mark as public become discoverable.
  • Social stories: Posts on the social system are visible to other signed-in users.

Private by default

  • Custom AI personas (visible only in channels you enable them in)
  • Server / channel configurations
  • Your fish collection (your aggregate value is on leaderboards; the per-fish list is private)
  • Game character details (name + class are visible in-world; inventory is private)

Removal rights

  • Self-service: Delete your own playlists, custom personas, social posts, and game characters from the dashboard.
  • Puzzle images: Because they're already in the public library, removal is handled by support. Email license@marksoft.ro with the image URL or ID.
  • Take-down requests: If you spot copyrighted material or content that violates our terms, contact us and we'll review & remove it.

License to operate

By contributing user content you grant MARKSOFT LTD a non-exclusive, worldwide, royalty-free licence to host, display, store and transmit that content for the purpose of operating the service. You retain ownership of your content. This licence ends for any specific item when you delete it (or when we delete it on your request, where applicable).

Why We Collect This Data

  • To provide and operate bot functionalities.
  • To personalize user experience.
  • To ensure server moderation and rule enforcement.
  • To analyze usage trends and improve features.

Data Security

We implement defence-in-depth measures to protect your data, including:

  • Encryption in transit: HTTPS / TLS 1.2+ everywhere, with Cloudflare-managed certificates. WebSocket connections (Socket.IO, Kick chat, Twitch EventSub) use WSS.
  • Encryption at rest: OAuth refresh tokens and other sensitive credentials are encrypted before they hit the database. Database storage uses provider-side encryption.
  • Process isolation: The bot runs in a Node.js cluster with the bot worker, web workers, and the game worker as separate processes. A crash in one cannot bring down the others.
  • Session security: HttpOnly + SameSite-Lax + Secure cookies, strong rotating session secrets, server-side session storage in MongoDB or Redis (not in the cookie itself).
  • Security headers: Helmet.js β€” CSP, X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy.
  • Access controls: Admin actions (e.g. puzzle-image deletion) are gated by an explicit allowlist (UserPermissions doc / env var) and audit-logged.
  • Rate limiting: Tiered limits β€” 100 req / 15 min globally, 50 / 15 min on API endpoints, 10 / 15 min on authentication.
  • CORS: Restricted to authorized origins on dashboard API endpoints.
  • Input validation: All user input is validated and sanitised. NoSQL operators are stripped from query payloads; multipart uploads are MIME-type-filtered and size-capped (40 MB at the app, 50 MB at the proxy).
  • OAuth scope hygiene: We request the minimum scopes needed. Spotify is read-only "currently playing"; Twitch is the verified-bot scope set; Kick is chat + channel events; YouTube is public-channel + live status.
  • Server-authoritative gameplay: Puzzle snap detection, fish drops, game movement and similar competitive mechanics are validated server-side. The client never decides whether you finished a puzzle or caught a cosmic fish.
  • Monitoring: Uptime Robot external health checks, internal request logging, and a public status page at /stats.

Third-Party Services

MarkSoft integrates with third-party services to provide functionality. Data shared with these services is subject to their respective privacy policies:

Streaming & Identity Platforms

  • Twitch API + EventSub: Authentication, channel data, EventSub webhooks (verified-bot status), clip management, moderation features. See Twitch Privacy Policy.
  • Kick API + WebSocket: Authentication, chat connection, channel events (follows / subs / gifts), clip metadata. See Kick Privacy Policy.
  • Discord API: Bot functionality, OAuth authentication, message processing in servers where the bot is installed. See Discord Privacy Policy.
  • YouTube / Google API: Sign-in identity, public channel metadata, live-stream status detection. See Google Privacy Policy.

AI & Audio

  • MarkSoft AI / DeepSeek: Default AI inference backend β€” chat messages are sent for response generation. Streamers can override this with their own OpenAI-compatible endpoint via the AI_API_URL setting.
  • Brave Search API: Web-search function calls β€” search queries are sent to Brave for real-time information. See Brave Privacy Policy.
  • Edge TTS (Microsoft) / espeak-ng: Text-to-speech synthesis used for the OBS overlay. Edge TTS is the primary; espeak-ng runs locally as a fallback.
  • Spotify API: Optional currently-playing fallback for the !song / !nowplaying chat commands. Scope locked to user-read-currently-playing. See Spotify Privacy Policy.

Infrastructure & Billing

  • MongoDB: Database hosting for persistent records (profiles, fish, achievements, music plays, puzzle results, game characters). See MongoDB Privacy Policy.
  • Cloudflare: CDN, DDoS protection, and TLS termination in front of marksoft.ro. Standard request metadata (IP, user-agent, request path) is processed for security and performance. See Cloudflare Privacy Policy.
  • Revolut Business: Premium subscription billing. Card data is tokenised by Revolut and never reaches our servers β€” we receive a customer ID and webhook events only. See Revolut Privacy Policy.
  • Uptime Robot: External health-checks for the public status page at /stats. See Uptime Robot Privacy Policy.
  • OpenStreetMap: The MMORPG city map at /game is built from OpenStreetMap data (collision geometry, building outlines). No user data is sent to OSM β€” we only consume their open-data exports. Β© OpenStreetMap contributors. See OSM Privacy Policy.

We recommend reviewing these privacy policies to understand how your data may be processed by third-party services.

User Rights

Under GDPR and the EU's privacy framework, you have the following rights regarding your personal data:

  • Right to Access: Request a JSON-formatted copy of every record we hold about you across the entire stack (Twitch / Kick / Discord / YouTube / Spotify / unified profile / fish / music / puzzle / game / billing). Delivered within 30 days.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data ("right to be forgotten"). Honoured immediately, subject to the few legal retention requirements documented in Β§Data Retention.
  • Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format suitable for transfer.
  • Right to Object: Object to processing for specific purposes (e.g., analytics, optional features).
  • Right to Restrict Processing: Request that processing be paused while a complaint is being resolved.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

Self-service controls (no email needed)

  • Unlink a platform: Twitch / Kick / Discord / YouTube / Spotify can each be unlinked from your unified profile in the dashboard. Unlinking immediately removes the OAuth tokens for that platform.
  • Disconnect Spotify: Click "Disconnect Spotify" on /music β€” refresh + access tokens are wiped instantly.
  • Per-feature toggles (streamers): Disable watchtime, AI logging, fish, clips, etc. per-channel via the dashboard or chat !toggle commands.
  • Delete your own content: Playlists, AI personas, social posts and game characters are deletable from the dashboard.

To exercise any GDPR right not covered by self-service, contact us through the Discord support server or email license@marksoft.ro with your unified profile ID (or any one of your platform usernames) and request details. We aim to respond within 7 days and resolve within 30.

Cookies & Tracking

The MarkSoft web dashboard uses cookies and similar technologies for the following purposes:

  • Session Cookies (essential): Authentication and session continuity. HttpOnly + SameSite-Lax + Secure flags. The session is stored server-side (MongoDB or Redis); only an opaque session ID lives in your browser. Cleared on logout.
  • CSRF Tokens: Anti-forgery tokens on state-changing forms.
  • Preferences: Dashboard theme, music player like-cache, music player tab heartbeat state, puzzle UI preferences. Local-only or first-party.
  • OAuth Callback Cookies: Twitch, Kick, Discord, Google/YouTube and Spotify each briefly set state cookies during their OAuth redirect flow β€” required for the round-trip to complete. These are subject to each platform's own policy and we don't store anything from them.
  • Cloudflare: CDN/security cookies (e.g. __cf_bm) used for bot management; first-party to marksoft.ro.

You can control cookies through your browser settings. Disabling session cookies will prevent sign-in.

Data Retention

We retain data for different periods depending on the type of data and its purpose:

  • Active User Data: Retained while the bot is active in your server/channel. Removed when you remove the bot or unlink the platform.
  • Inactive User Data: Deleted after 90 days of inactivity (no commands used, no interactions recorded).
  • Moderation Logs: Retained for 1 year for audit and security purposes, then automatically deleted.
  • Analytics Data: Aggregated statistics retained indefinitely for service improvement. Individual data points retained for 6 months, then aggregated.
  • Premium Subscriptions: Active records retained while the subscription is active. Invoice / billing records retained as required by Romanian / EU tax law (typically 10 years) β€” these are aggregate financial records, not behavioural data.
  • AI Chat Memory: Per-channel conversation context lives in a SQLite store (boltwire) for the rolling window the streamer configures. Old context rotates out automatically; nothing is kept indefinitely.
  • Music Heartbeat / Now-Playing: Volatile, in-memory only, ~90-second TTL per profile. Lost on bot restart, never persisted.
  • Spotify Tokens: Kept as long as you have Spotify connected. Click "Disconnect Spotify" on /music and the refresh + access tokens are wiped immediately.
  • Puzzle Rooms: In-memory only β€” no persistence. Garbage-collected ~30 minutes after a finish or after 10 minutes of an empty room.
  • Puzzle Images: Kept until you (or an admin, on your request) delete them. Because they're public the moment they're uploaded, plan accordingly.
  • Puzzle Completion Records: Kept indefinitely as they form the per-image leaderboards. Removed if the parent image is deleted.
  • Game Characters: Persisted on a 30-second heartbeat while in-world plus on logout. Kept indefinitely while your account is active.
  • NPC Interaction Log: Capped collection of 10M docs. Old rows are evicted automatically as new ones land β€” typical retention is days to weeks at any reasonable scale, not months.
  • Upon Request: Data is deleted immediately upon valid deletion request, subject to the few legal-retention requirements above.

You can request deletion of your data at any time through our Discord support server or by emailing license@marksoft.ro.

Terms of Service

Acceptance of Terms

By using MarkSoft Bot (the "Service"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, you may not use the Service. You must be at least 13 years old to use MarkSoft Bot (age requirements are set by Discord and Twitch platforms).

Acceptable Use

You agree to use MarkSoft Bot only for lawful purposes and in accordance with these Terms. You agree not to:

  • Use the Service to violate any applicable laws or regulations.
  • Use the Service to harm, threaten, harass, or abuse others.
  • Spam, abuse, or misuse bot commands or features.
  • Attempt to interfere with, disrupt, or damage the Service or servers.
  • Use the Service to transmit malicious code, viruses, or other harmful content.
  • Impersonate others or provide false information.
  • Violate the terms of service of Discord, Twitch, Kick, YouTube, Spotify or other integrated platforms.
  • Upload to the puzzle library, the music player or any user-content system any material you don't have the right to share β€” including copyrighted images, copyrighted music, NSFW content, or anyone's private data without their consent.
  • Use the Service for any illegal or unauthorized purpose.

You are responsible for all activities that occur under your account and for compliance with all applicable laws and platform terms of service.

Bot Usage

  • Service Availability: We strive to provide reliable service but do not guarantee 100% uptime. The Service may be unavailable due to maintenance, updates, or unforeseen circumstances.
  • Feature Changes: We reserve the right to modify, update, add, or remove features at any time without prior notice.
  • Right to Disable: We reserve the right to disable features, ban users, or remove the bot from servers/channels for violations of these Terms or platform policies.
  • No Warranty: The Service is provided "as is" without warranties of any kind, express or implied.

Premium Features

  • Subscription Terms: Tiers are Free, Pro, Max+ and Ultra. Paid tiers are billed monthly or annually as selected at checkout. Subscriptions automatically renew unless cancelled.
  • Payment Processing: Payments are processed securely through Revolut Business. By subscribing, you agree to Revolut's terms for the payment leg. We do not see, store or transmit your card details.
  • Refund Policy: Refunds are considered on a case-by-case basis. Contact us within 14 days of purchase for refund requests under EU consumer-protection rules; reasonable later requests are still considered.
  • Cancellation: You may cancel your subscription at any time through your dashboard or by contacting support. Cancellation takes effect at the end of your current billing period; no further charges apply.
  • Tier Changes: Upgrades take effect immediately (prorated). Downgrades take effect at the next renewal.

Remote Control Feature

  • Explicit Consent Required: The Remote Control feature requires explicit permission grants and should only be used on systems you own or have authorization to control.
  • Security Warning: Remote control functionality allows execution of commands on your system. Use at your own risk and ensure you trust all authorized users.
  • User Responsibility: You are solely responsible for all actions taken through the Remote Control feature on your system. We are not liable for any damages resulting from misuse.
  • Data Privacy: The bot does not store keystroke content or screen data, only command execution logs (e.g., "mouse moved", "key pressed").

Intellectual Property

  • Bot Ownership: MarkSoft Bot, including all code, assets, and documentation, is owned by MARKSOFT LTD and protected by copyright laws.
  • User-Generated Content: You retain ownership of user-generated content (clips, custom commands, etc.) but grant us a license to use, display, and process such content for bot functionality.
  • License to Use: By using the Service, you grant us a non-exclusive, worldwide, royalty-free license to use your content for the purpose of providing and improving the Service.
  • Prohibited Uses: You may not copy, modify, distribute, or create derivative works of MarkSoft Bot without express written permission from MARKSOFT LTD.

Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

  • MarkSoft Bot is provided "as is" without warranties of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement.
  • We are not responsible for any data loss, downtime, or service interruptions.
  • We are not liable for any damages arising from use or inability to use the Service, including but not limited to direct, indirect, incidental, punitive, or consequential damages.
  • We are not responsible for the actions, content, or data of third parties, including Discord, Twitch, or other integrated platforms.
  • Our total liability for any claims related to the Service shall not exceed the amount you paid for premium features in the 12 months preceding the claim, or $0 if you have not paid for premium features.

You agree to indemnify and hold harmless MARKSOFT LTD, its owners, employees, and affiliates from any claims, damages, losses, liabilities, and expenses arising from your use of the Service or violation of these Terms.

Termination

  • Termination by Us: We reserve the right to terminate or suspend your access to the Service at any time, with or without cause or notice, for any reason, including violation of these Terms.
  • Termination by You: You may stop using the Service at any time by removing the bot from your server/channel.
  • Data Handling Upon Termination: Upon termination, your data will be handled according to our Data Retention policy. You may request deletion of your data at any time.
  • Survival: Provisions that by their nature should survive termination (including intellectual property, limitation of liability, and indemnification) shall survive termination.

Governing Law

These Terms are governed by the laws of ROMANIA. Any disputes arising under or related to these Terms or the Service shall be resolved exclusively in the courts of ROMANIA. You agree to submit to the jurisdiction of Romanian courts.

Changes to Terms

We reserve the right to modify these Terms at any time. We will notify users of significant changes through our website and Discord server. Continued use of the Service after changes constitutes acceptance of the modified Terms.

Contact Information

For questions, concerns, or legal inquiries regarding these Terms:

Policy Updates

We may update this policy from time to time. Material changes will be announced on the website and the Discord support server. Continued use after a change constitutes acceptance of the updated policy.

Last updated: April 30, 2026

Policy Version: 3.0

What changed in v3.0

  • Replaced PayPal with Revolut for billing throughout
  • Added first-class disclosures for Kick, YouTube Live, the music player, the puzzle game (incl. public-image disclaimer), and the 3D MMORPG world
  • Added the unified-profile / cross-platform identity section
  • Refreshed third-party services list (Cloudflare, OpenStreetMap, Edge TTS now explicit)
  • Tightened retention windows with concrete TTLs per data category
  • Reflected the actual cluster + Redis + SQLite stack in the security section

Contact Us

For any concerns or inquiries, reach out via our support server: Discord.

You can also contact us via email at license@marksoft.ro.

Questions about your data?

The Discord server is the fastest path. Email works for formal GDPR access / portability / deletion requests.

Join the Discord license@marksoft.ro Read the FAQ
Marksoft Footer