By inviting, configuring, or interacting with Agent09 (the "Bot"), you acknowledge that you have read, understood, and agree to be bound by these Terms of Service ("Terms"). Use of the Bot constitutes acceptance of these Terms. If you do not agree, you must remove Agent09 from your Discord server and discontinue use immediately.
2. Eligibility & Authorized Use
Agent09 may be used only by Discord users 13 years or older who comply with Discord's Terms of Service and Community Guidelines. Server owners, administrators, and support staff are responsible for ensuring their communities use the Bot lawfully and safely.
If Roblox verification or Roblox group-management features are enabled in a server, those features must also be used in compliance with Roblox platform rules and only for authorized moderation, support, access-control, or community management purposes.
3. Description of Service
Agent09 is a VortexDQ Discord bot that provides moderation, ticketing, transcript generation, secure transcript viewing, Discord/Roblox verification, configurable role automation, optional Roblox group role actions, PayPal and crypto-backed subscription management for server tiers, and AI help features for approved communities.
Where Roblox OAuth is enabled, the service may request Roblox scopes such as openid, profile, group:read, group:write, and user.inventory-item:read for enabled server features, verification integrity, group-role automation, and authorized security review.
Discord OAuth may request identify, email, and guilds so the backend can confirm the correct account, current membership, and identity details needed for secure verification and transcript access.
Support, change notices, and enforcement routing are handled through Justchilling and related official infrastructure.
Verification may require both Discord OAuth2 sign-in and Roblox OAuth sign-in before completion.
A completed verification may be reused for up to 90 days unless staff resets it, the Discord authorization is removed, or a new verification-enabled server requires a fresh check.
If the user removes the Discord authorized app, or the authorization stops passing backend checks, Agent09 may relock access and require both Discord and Roblox verification again.
Transcript viewing requires a valid Discord login, current membership in the relevant server, and participant or staff-level access.
When enabled by a server owner, verification may automatically grant roles, remove roles, log actions, and attach custom notes after the full verification flow succeeds.
These controls are enforced on the backend and may not be bypassed by changing browser state or URL parameters.
5. Optional Roblox Group Role Management
Some servers may configure custom Roblox group role actions inside Agent09.
Configs may include a Roblox group ID, target Roblox role ID, notes, and a server-side credential reference.
Actions may be triggered through approved tickets or direct administrator/support commands.
The Bot uses the stored verified Roblox identity for the target Discord user rather than trusting typed usernames.
Roblox OAuth group scopes may be used to confirm community membership and support approved server automation where those features are enabled.
All group role actions are logged for review, audit, appeals, and security investigation.
6. Data Collection, Minimum Data & Privacy
Agent09 collects limited operational and security data as described in the public policy documents at Security & Bot Policy.
Collected data may include IDs, timestamps, transcript metadata, moderation logs, verification outcomes, verified Roblox claims, and security telemetry.
Encrypted identification records may include Discord user ID, username, global name, avatar URL, encrypted email, locale, granted scopes, and encrypted identity payloads returned by Discord OAuth.
When Roblox OAuth scopes permit it, limited Roblox group and inventory-related data may be reviewed only for enabled server features, account-link integrity, impersonation checks, and fraud review.
Billing data may include server ID, selected plan tier, PayPal/crypto subscription IDs, plan IDs, approval status, and webhook sync results needed to operate recurring subscriptions.
Security staff only collect and review the minimum data required to improve security, investigate abuse, preserve evidence, and satisfy legal or platform requirements.
The user.inventory-item:read scope is intended for security review and is not used for advertising, resale, or unrelated profiling.
Access to sensitive records is restricted to authorized maintainers and approved security personnel.
GDPR and CCPA Clarifications
Where applicable, users may submit access, correction, deletion, portability, and objection/restriction requests.
For California residents, supported rights include right to know, right to delete, right to correct, and right to non-discrimination under CCPA/CPRA where applicable.
Agent09 does not sell personal information and does not share personal information for cross-context behavioral advertising.
IP/Browser Fingerprint Use
IP and fingerprint-style telemetry is used only for abuse prevention, anti-fraud checks, and account-integrity controls.
These signals are not used for ad targeting, resale, or unrelated profiling.
6A. Data Protection — GDPR & UK-GDPR Disclosures
This section provides the disclosures required by Articles 12–22 of Regulation (EU) 2016/679 ("GDPR") and the parallel provisions of the United Kingdom General Data Protection Regulation. It supplements, and does not replace, the data-handling commitments stated elsewhere in these Terms and in the Security & Bot Policy.
6A.1 Identity of the Controller
The data controller for personal data processed in connection with Agent09 is the natural person trading as Vortex (venomprogrammer) under the Justchilling organisation, established in the Kingdom of Norway. Privacy correspondence may be addressed to support@vortexdq.com with the subject line beginning [PRIVACY]. A postal address will be supplied on written request where required for the exercise of a statutory right.
No statutory Data Protection Officer has been designated, the operator's processing not meeting the thresholds of GDPR Article 37(1). A single privacy contact accepts and routes all data-subject correspondence.
6A.2 Lawful Bases for Processing
Personal data are processed only where a lawful basis under GDPR Article 6 is established. The bases relied upon are as follows:
Contract (Art. 6(1)(b)). Account creation, Discord and Roblox verification, transcript access, ticket handling, configuration of server features, and the delivery of paid subscription tiers.
Legitimate interests (Art. 6(1)(f)). Fraud prevention, anti-abuse telemetry, IP and device-fingerprint signals, cross-server enforcement metadata, security logging, immutable audit tables, automated detection routing, and the maintenance of service integrity. A documented balancing test is retained for each such purpose and is available to data subjects on request.
Legal obligation (Art. 6(1)(c)). Retention of billing records for tax and accounting purposes, response to lawful requests from courts and regulators, and compliance with platform-rules notifications mandated by Discord or Roblox.
Consent (Art. 6(1)(a)). Optional features that require an explicit opt-in, including the linking of a Telegram identity, voluntary participation in AI-assisted features that transmit user content to a model provider, and any non-essential cookie deposited by a feature you actively enable. Consent is withdrawable at any time without affecting the lawfulness of prior processing.
6A.3 Rights of the Data Subject
Where the GDPR or UK-GDPR applies to you, you hold the following rights, exercisable free of charge save where requests are manifestly unfounded or excessive:
Right of access (Art. 15) — confirmation of processing and a copy of the personal data we hold concerning you.
Right to rectification (Art. 16) — correction of inaccurate or incomplete data.
Right to erasure (Art. 17) — deletion of data where one of the statutory grounds applies, subject to the exceptions in Art. 17(3) (notably the establishment, exercise, or defence of legal claims and the retention of moderation records necessary for the protection of other users).
Right to restriction (Art. 18) — temporary cessation of processing while accuracy or lawfulness is verified.
Right to data portability (Art. 20) — receipt of contract- or consent-based personal data in a structured, commonly used, machine-readable format (JSON, on request).
Right to object (Art. 21) — objection to processing grounded in legitimate interests, including profiling carried out for fraud prevention. Where the objection is upheld, processing ceases unless we demonstrate compelling legitimate grounds that override the data subject's interests.
Right not to be subject to solely automated decision-making (Art. 22) — see §6A.6 below.
Right to withdraw consent (Art. 7(3)) — withdrawable at any time, without affecting prior processing, by submitting a request through the privacy contact.
Verified requests are answered within one calendar month of receipt (Art. 12(3)), extendable by a further two months for complex or numerous requests, with notice to the requester. Identity verification may require the same proof of Discord ownership used for verification flows.
6A.4 Right to Lodge a Complaint
Data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work, or place of the alleged infringement (Art. 77 GDPR). The competent authority for the controller's establishment is:
EU and UK residents may instead, or in addition, contact their local authority — for example, the Irish Data Protection Commission, the French CNIL, the German BfDI or relevant Land authority, or the UK Information Commissioner's Office (ICO).
6A.5 International Data Transfers
Certain processors enumerated in the Security & Bot Policy (notably Discord, Supabase, PayPal, Groq, Cloudflare, and Brevo) are established in or operate infrastructure outside the European Economic Area, principally in the United States. Where personal data are transferred to such processors, the transfer is safeguarded by:
The European Commission's Standard Contractual Clauses (Module 2: controller-to-processor) where the processor offers them within its data-processing addendum;
Adequacy determinations under Article 45 where the processor is certified under the EU–US Data Privacy Framework, the UK Extension, or the Swiss–US bridge;
Supplementary technical measures including in-transit TLS, application-layer encryption of identification payloads, and minimisation of the data set transmitted to each processor.
A copy of the safeguards applicable to a particular transfer is available on written request to the privacy contact.
6A.6 Automated Decision-Making & Profiling
Several enforcement signals are produced or accelerated by automated processes — including rate-limit decisions, automated security lockdowns, VPN/datacenter-egress refusals, captcha challenges, automated transcript-access denials, and the addition of a Discord identifier to the cross-server enforcement metadata set described in the Security & Bot Policy. Where any automated process would, of itself, produce a decision having legal effects or similarly significant effects on a data subject within the meaning of Article 22:
A human reviewer (Justchilling staff or the operator) re-examines the decision before it is treated as final;
The data subject may request that re-examination through the official appeals channel described in §9, including by providing additional context, contesting the underlying inference, or supplying corrective evidence;
The right to obtain human intervention, to express a point of view, and to contest the decision is preserved notwithstanding any other provision of these Terms.
No automated decision is made on the basis of special-category data within the meaning of Article 9.
6A.7 Retention
Retention periods are calibrated to the purpose of processing and to applicable legal-retention obligations. Indicative schedule:
Operational logs, ticket transcripts, verification records, web-session telemetry: 90 days from creation, save where a longer interval is required for an open investigation or unresolved appeal.
Moderation and enforcement records (warnings, bans, cross-server enforcement metadata): for the duration of the enforcement action plus three (3) years thereafter, to permit appeals, evidentiary review, and the detection of repeat conduct.
Billing, invoicing, and tax records: ten (10) years from the relevant transaction, in conformity with the Norwegian Bokføringsloven and equivalent EU member-state accounting law.
Security incident records: three (3) years from the date of resolution.
Backups: snapshots are retained for thirty (30) rolling days and are purged on rotation; deletion requests propagate to backups at the next rotation cycle, with deletion confirmed in writing upon completion.
6A.8 Data Breach Notification
Where a personal-data breach is likely to result in a risk to the rights and freedoms of natural persons, the controller notifies the competent supervisory authority within seventy-two (72) hours of becoming aware of the breach, in accordance with Article 33. Where the breach is likely to result in a high risk to data subjects, affected individuals are informed without undue delay through the Discord email of record and a banner notice on vortexdq.com, in accordance with Article 34, including a description of the nature of the breach, the likely consequences, and the mitigation measures taken.
6A.9 Children
Agent09 is not directed at children below the age of thirteen (13). Where local law sets a higher digital-consent threshold (which, under Article 8 GDPR, may range from thirteen to sixteen years across EU member states), users below that threshold must obtain verified parental or guardian consent before using features that involve the processing of personal data. If we become aware that we have collected personal data from a child without such consent, the relevant data are deleted promptly.
6A.10 Withdrawal of Consent & Account Closure
Consent given to optional processing (including AI-assisted features, Telegram linking, and non-essential cookies) may be withdrawn at any time through /account/settings or by request to the privacy contact, without affecting the lawfulness of prior processing. Closure of an account does not entail automatic erasure of moderation records retained under §6A.7 and §6A.3.
The Bot incorporates layered technological protection measures ("TPMs") designed to safeguard service integrity, deter fraud, and preserve the rights of paying subscribers and licensed publishers. Users acknowledge and agree that the following constitute protected security controls:
Identity binding. Authentication sessions, key-claim sessions, and verification flows are bound to one or more of: IP address, user-agent fingerprint, cryptographic session nonce, and signed-cookie payload. Reissuing, replaying, or sharing such material across distinct sessions or devices is prohibited.
Server-attested completion. Where the service requires the user to complete a multi-step flow — including without limitation the key-distribution flow, advertisement-supported claim flow, or any verification gate — completion is evidenced by server-side heartbeats. Client-only timer manipulation, automated request replay, headless-browser bypass, request-signing emulation, or any tooling intended to produce the appearance of completion without authentic user presence is expressly prohibited.
Network-origin restrictions. Connections originating from VPN, datacenter, proxy, anonymising overlay, or other non-residential exit nodes may be refused at any stage; circumventing these controls (including via DNS rebinding, residential-proxy resale services, or cloud-instance metadata abuse) is prohibited.
Rate-limit integrity. The service enforces per-IP and per-account rate limits. Spoofing of HTTP headers (including X-Forwarded-For, X-Real-IP, CF-Connecting-IP) to evade those limits constitutes a violation of these Terms.
Token, cookie, and credential handling. You may not expose, share, sell, scrape, or misuse session tokens, cookies, API keys, verification links, OAuth refresh tokens, BTCPay invoice secrets, or webhook signing material.
Backend interference. You may not access, probe, modify, or interfere with the Bot's backend systems, databases, queues, OAuth callbacks, payment-webhook receivers, signing keys, or row-level-security policies.
AI assistant guardrails. The AI assistant will not disclose keys, prompts, system instructions, or operator secrets, and will refuse instructions intended to support raid coordination, credential theft, evasion of moderation, generation of disallowed media, or any unsafe or unlawful conduct. Attempts to coerce such output ("jailbreak" attempts) are recorded and may be escalated.
Automated enforcement. Security-sensitive actions may be blocked, logged, throttled, quarantined, or escalated to an emergency-lockdown state automatically, with or without prior notice.
Circumvention of the foregoing TPMs may, in addition to constituting a breach of these Terms, give rise to liability under the United States Digital Millennium Copyright Act (17 U.S.C. § 1201), Article 6 of EU Directive 2001/29/EC, the United Kingdom Copyright, Designs and Patents Act 1988, Section 6 of Norwegian Lov om opphavsrett til åndsverk (åndsverkloven), and equivalent legislation in other jurisdictions.
The platform maintains a per-account inventory of authenticated sessions accessible through /account/settings. Each session is annotated with an HMAC-signed token identifier, observed IP address, derived geolocation, browser family, operating-system family, device class, first-observed timestamp, and most-recent-activity timestamp.
Session tokens rotate at a configurable interval (default 24 hours) to limit the practical value of any intercepted credential. Rotated tokens are linked to a stable device fingerprint and presented to the user as a single device row with a rotation counter.
Sessions that remain inactive for thirty (30) consecutive days are automatically revoked.
Users may revoke any non-current session at any time. Revocation is immediate and propagates to every rotated token associated with the affected device.
Where IP-locking is enabled, a sustained change in the client's network egress address terminates the affected session and requires fresh authentication.
Failed authentication attempts are recorded with timestamp, hashed identifier, source IP, and outcome. Repeated failures trigger automated cooldowns and may produce an account-level security advisory.
Users acknowledge that the foregoing telemetry is collected for the sole purpose of fraud prevention, account-integrity enforcement, and user-initiated session review, and is not used for advertising, profiling, or any secondary commercial purpose.
7B. Absence of Third-Party Telemetry
VortexDQ does not embed third-party behavioural analytics, advertising-network beacons, or session-replay tooling in its first-party web surfaces. The following categories of provider are not integrated into the live platform: Google Analytics, Google Tag Manager, Google AdSense, Google Fonts (web-served), Vercel Analytics, Vercel Speed Insights, Sentry, Datadog RUM, New Relic Browser, Mixpanel, Segment, Amplitude, Heap, FullStory, Hotjar, LogRocket, PostHog, Microsoft Clarity, Facebook Pixel, TikTok Pixel, and LinkedIn Insight.
Typography assets, where required, are self-hosted from infrastructure under VortexDQ's exclusive control. Outbound HTTP requests originating from the user's browser to first-party VortexDQ surfaces are limited to the vortexdq.com domain and the subdomains expressly enumerated in the Security & Bot Policy.
This commitment is contractual and survives any change to ownership, infrastructure provider, or hosting topology, save where superseded by a successor instrument bearing equal or greater protections.
8. Billing & Subscription Processing
When paid plans are enabled, Agent09 may use secure PayPal subscription checkout or BTCPay crypto checkout, along with backend webhook sync, to activate or deactivate server tiers.
Billing records may be stored for audit, service restoration, outage recovery, disputes, and fraud review.
Payment provider credentials remain server-side and are not disclosed to end users through Discord.
Both PayPal and crypto payment methods are subject to the strict no-refund policy detailed in Section 8.1 below.
8.1 Payment Terms & No-Refund Policy
All transactions on VortexDQ are final. We operate under a strict no-refund policy. Whether you pay via crypto or PayPal, once your payment is processed and confirmed, it cannot be reversed, refunded, or disputed. See /payment-policy for full details.
Payments processed via PayPal are final upon subscription activation. Initiating a PayPal dispute or chargeback will result in immediate account and server suspension and may be reported as fraud.
Crypto payments are irreversible by nature. Ensure you are sending the correct amount, to the correct address, on the correct blockchain before confirming any transaction.
Subscription cancellations take effect at the end of the current billing period. No partial refunds are issued for unused time.
Failed feature delivery due to our error may be reviewed on a case-by-case basis through official support — this does not constitute a blanket refund right.
Tier downgrades do not result in refunds for the difference in cost for the current billing period.
8.2 In-Game Economies are Simulations, Not Real-Money Gambling
All in-platform balances — coins, tokens, gems, XP, casino payouts, investment yields, business profits, robbery proceeds, and any analogous quantity — are fictional simulated values displayed for entertainment and roleplay. They are not legal tender, securities, prepaid access instruments, e-money, or stored-value products under any legal regime.
Simulated balances cannot be purchased with real currency, cannot be redeemed for real currency, cannot be transferred off-platform, and cannot be exchanged for any real-world goods or services.
Casino games, slot machines, sports books, robberies, heists, investment markets, and similar mechanics determine only the size of a user’s simulated balance. No real-money outcome is possible.
VortexDQ Credits (priced in EUR) are a separate construct used solely to unlock paid bot features and platform services. Credits do not feed into any economy or casino mechanic and do not influence simulated gambling outcomes.
The optional VIP subscription perk described as a “+10% casino payout multiplier” affects only the user’s simulated coin balance. It is a fictional in-game effect, not a real-money advantage.
The Operator is not a casino, sportsbook, brokerage, securities issuer, money-service business, or payments institution. No regulated-gambling, money-transmission, or e-money licence is claimed, implied, or required.
8.3 Browser Extension — User-Initiated Actions Only
The VortexDQ browser extension performs no autonomous posting, replying, messaging, scheduling, or following on any third-party platform. Every action that produces content on a remote service is gated behind an explicit, per-action user gesture.
Twitter / X reply assistant. Suggested reply text is generated only when the user selects a tone and presses the “Reply” control next to a specific tweet. The text is placed into Twitter’s native compose box; the user reviews and presses Twitter’s own “Post Reply” button to publish. The extension never auto-submits, never queues replies, and never operates without per-tweet human action.
Timeline insights / fact-check. Analyses tweets already visible in the user’s own browser viewport. The extension does not authenticate to other users’ accounts, does not bypass platform authentication, and does not scrape accounts the user is not following.
Browser macros. Recorded by the user, replayed only on the user’s own device, only when the user explicitly invokes them.
No background automation. The extension does not run posting loops, timed announcements, follow/unfollow cycles, like or retweet automation, or scheduled DMs on any platform or tier.
8.4 OSINT Commands — Public-Source Discovery, Not Surveillance
The Telegram bot’s /lookup, /phone, /emailcheck, and /cryptowallet commands operate exclusively on publicly indexed information via a local SearXNG meta-search instance against the open web.
No non-public records, paid databases, leak markets, government registries, or operator data are accessed.
Results consist of snippet titles, snippet body text, and result URLs returned by the search engine; the bot does not fetch or render the linked pages.
Commands are rate-limited per user; queries are sanitised against operator injection; every result carries an inline warning that the feature is intended for self-look-ups, security research, and use under the explicit, documented consent of the subject.
Users assume sole responsibility for compliance with applicable privacy law, including GDPR / CCPA obligations toward third-party data subjects. Verified subject-access and erasure requests are honoured at support@vortexdq.com.
9. Support, Appeals & Legal Requests
All support requests, disputes, appeals, privacy requests, and verified legal inquiries must be submitted through the official hub:
Direct messages to the owner or staff are not an official support or appeals channel and may be ignored for security reasons.
10. Availability, Persistence & Changes
Agent09 may be updated, restarted, rate-limited, or temporarily suspended for maintenance, security work, data integrity, or operational changes. Logging and audit systems may persist records so actions can still be reviewed after outages or restarts.
Emergency security pause controls may temporarily disable protected web routes while investigation or recovery is in progress.
Official updates are published through Justchilling and the current public legal pages on vortexdq.com.
11. Intellectual Property
All code, designs, names, systems, and functionality of Agent09 are intellectual property of Vortex (venomprogrammer) / Justchilling. You receive a limited, revocable, non-transferable license to use the Bot within Discord under these Terms. No ownership rights are conferred by using the Bot.
IP/trademark complaints may be filed through official support with evidence of ownership and, where relevant for U.S. marks, USPTO registration details.
12. Enforcement & Termination
VortexDQ staff and Vortex reserve the right to suspend or terminate access to Agent09 for violations of these Terms or for security reasons.
Servers using Agent09 may be blacklisted from the network if they engage in abuse, illegal activity, transcript misuse, verification fraud, or unsafe automation practices.
Termination may be immediate and without notice when necessary to protect users, infrastructure, or platform compliance.
No refunds are issued upon termination for policy violations.
13. Disclaimer & Contact
Agent09 is provided "as is" without warranties of any kind. VortexDQ and Vortex disclaim liability for losses arising from service interruption, data loss, malicious user behavior, third-party platform changes, or user misuse of the Bot.
For official contact, support, appeals, and legal routing:
These Terms are governed by the laws of the Kingdom of Norway, without regard to conflict-of-laws principles. The parties submit to the non-exclusive jurisdiction of the courts of Oslo, Norway, for any dispute arising out of or relating to the Service, subject to any mandatory consumer-protection venue selected by an end user resident in the European Economic Area, the United Kingdom, Switzerland, or any jurisdiction whose statutes confer non-derogable forum rights upon natural-person consumers.
Prior to commencing formal proceedings, the parties agree to attempt good-faith resolution through the official appeals channel described in Section 9 for a minimum period of thirty (30) days from the date the dispute is reduced to writing.
15. Severability, Waiver & Entire Agreement
If any provision of these Terms is held by a court of competent jurisdiction to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect, and the unenforceable provision shall be reformed to the minimum extent necessary to render it enforceable while preserving its original commercial intent.
No failure or delay by VortexDQ in exercising any right under these Terms operates as a waiver of that right, nor does a single or partial exercise preclude further exercise of that or any other right. These Terms, together with the Security & Bot Policy, the Payment Policy, and any document incorporated by reference herein, constitute the entire agreement between the parties with respect to the subject matter hereof and supersede all prior oral or written agreements.