Privacy Policy — Ava Protocol Discord Bot
Last updated: 2026-06-11
This Privacy Policy describes how Ava Protocol ("we", "us", "our") collects, uses, and protects information when you interact with the Ava (Agent) Discord bot (the "Bot") in the official Ava Protocol Discord server (guild ID 840137038316699648).
The Bot is operated exclusively in the official Ava Protocol Discord server. It is not available for installation in other servers and User Install is disabled. If you are not a member of the Ava Protocol Discord server, the Bot does not collect any information about you.
1. Who We Are
Ava Protocol is the operator of the Bot and the data controller for the information described below.
Contact: contact@avaprotocol.org
2. Information We Collect
We collect only the information necessary to operate the Bot's community engagement, rewards, and moderation features.
2.1 Account information
- Discord user ID
- Discord username and display name
- Server role (USER, VERIFIED, AMBASSADOR)
2.2 Activity information
- Message metadata: channel ID, message ID, timestamp, and the Discord ID of the message author. We use this to count qualifying messages for the community points program.
- Message content is read transiently in memory to (a) filter out short or low-quality messages before awarding points, (b) detect disallowed links for moderation, and (c) detect bug-resolution confirmations posted by staff. In almost all cases the content is discarded immediately after processing and only the resulting action (point award, moderation action) is persisted.
- The single exception is the verbatim text of staff "bug resolved" confirmation messages, which is retained as the audit record for the on-chain AP bounty payout it triggers. The original bug report and any discussion messages from members are not stored.
2.3 Referral information
- The Discord invite code used by new members joining the server
- The Discord ID of the member who created that invite (the inviter)
- The Discord ID of the member who used it (the invitee)
- Whether the invitee subsequently left the server
2.4 Rewards and points information
- AP token balance
- Point transactions, categorized by source (message activity, quest completion, bug bounty, monthly distribution, manual award, purchase, tip)
- Monthly point summaries and Ambassador status history
- Quest entries and submission status
2.5 Wallet information (only if you opt in)
- Ethereum-compatible wallet address that you voluntarily bind via the
/bind-walletslash command. You can remove this at any time with/unbind-wallet.
2.6 Purchase information (only if you make a purchase)
- Items redeemed from the in-server store
- Internal purchase identifier
- On-chain transaction hash for any USDC payout sent to your bound wallet on the Base blockchain
2.7 Information we do not collect
- Message content from regular members (read transiently only, never stored; see Section 2.2 for the staff "bug resolved" exception)
- Direct messages sent to or from the Bot for any purpose other than purchase receipts initiated by your action
- Presence, online status, or activity status
- Voice channel data
- Email address, phone number, or government identification
3. How We Use Your Information
We use the information above solely to operate the Bot's stated features:
- Attribute new members to the inviter and credit invite-based rewards
- Award and revoke community points based on qualifying activity
- Gate access to slash commands by role (for example,
/balanceis restricted to Ambassadors) - Enforce community moderation rules (deleting disallowed links)
- Trigger bug bounty payouts when a staff member confirms a bug resolution
- Deliver USDC payouts to your bound wallet when you redeem AP tokens in the in-server store
- Send you a Direct Message receipt after a purchase you initiated
We do not sell your information. We do not use your information for advertising. We do not use your information to train AI models.
4. Where Your Information Is Stored
- Primary database: PostgreSQL, hosted on Railway (United States region).
- Application runtime: Railway (United States region).
Access to the database is restricted to Ava Protocol engineers responsible for operating the Bot.
5. Third Parties
The Bot relies on the following third parties to deliver its features. Each is bound by its own privacy practices, linked below.
| Third party | Purpose | Data shared |
|---|---|---|
| Discord | Platform on which the Bot operates | All Bot interactions are mediated by Discord under Discord's own privacy policy |
| Railway | Application hosting and database hosting | All data described in Section 2 |
| Base blockchain (public ledger) | On-chain USDC payouts to wallets bound by users | Your bound wallet address and the payout amount, written to a public blockchain |
Note that any information written to the Base blockchain becomes part of a public ledger and cannot be deleted. We only write your wallet address on-chain at the moment of a payout you have initiated.
We do not share your Discord identity or activity information with any other third party.
6. Retention
We retain the information described in Section 2 for as long as you remain a member of the Ava Protocol Discord server and the community rewards program continues to operate, or until you request deletion under Section 7.
On-chain transaction records on the Base blockchain are public and permanent and cannot be deleted by us.
7. Your Rights
You may request, by emailing contact@avaprotocol.org from an address you can verify, that we:
- Provide a copy of the information we hold about you
- Correct inaccurate information
- Delete your account record from our database
We will respond within 30 days. Note that deletion does not affect on-chain transaction records that have already been written to the Base blockchain.
You may unbind your wallet at any time using the /unbind-wallet slash command without contacting us.
8. Children
The Bot is available only to users who meet Discord's minimum age requirement (13 years old, or older where required by local law). If we learn that we have collected information from a user below the applicable minimum age, we will delete that information.
9. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this document indicates when it was last revised. Material changes will be announced in the Ava Protocol Discord server.
10. Contact
Questions about this Privacy Policy can be sent to contact@avaprotocol.org.