Skip to content
Alvansa Docs

Privacy and Permissions

We take your privacy seriously and ensure that your data is handled with care. We always request the fewest number of permissions required for the bot to provide its functionality. This page outlines the permissions required by Alvansa and how we manage your data.

Permissions Required by Alvansa

When using Alvansa, there are two sets of permissions that you must authorise. The first set are for your own Discord account, and these are the permissions that you see when you login to the portal.

The second set are the permissions that Alvansa requires to function properly in your server. These permissions are requested when you invite Alvansa to your server.

Permissions for Your Discord Account

These permissions are commonly referred to as “OAuth2 scopes”. They are required for you to log in to the Alvansa portal and manage your server settings. The permissions include:

  • openid: Allows you to securely log in to the Alvansa portal using your Discord account without sharing your password.
  • identify: Allows access to your username, avatar, banner, and tag.
  • email: Allows access to your email address.
  • guilds: Allows access to a list of servers (guilds) you’re in.
  • guilds.members.read: Allows access to your roles and user data within the servers you share with the app.

You can find more information about Discord OAuth2 scopes in the Discord documentation.

Permissions for Your Server

These permissions are required for the Alvansa bot to function properly in your server. These come from the same set of permissions as the ones that you would assign to human members of your server. The permissions we request are:

  • Manage Channels: Allows Alvansa to create, edit, and delete channels in your server. This is necessary for creating dedicated channels for certain features when needed, such as ticket channels.

  • Send Messages: Allows Alvansa to send messages in text channels. This is fundamental for the bot to respond to commands, reply to tickets, publish your knowledge base, and provide information.

  • Manage Messages: Allows Alvansa to delete or pin messages in channels where it has permission. This is required to be able to update the published knowledge base, as well as to update messages within tickets.

  • Read Message History: Allows Alvansa to view message history in channels. This is required for Alvansa to be able to generate a knowledge base from your server’s history, generate transcripts of tickets, and create summaries of conversations.

We also use the privileged MESSAGE_CONTENT intent to be able to read the content of messages. This is fundamental for the bot to be able to generate transcripts, summaries, respond to tickets, maintain the knowledge base, and provide AI features.

You can find more information about Discord permissions in the Discord documentation.

Data Handling

Alvansa strives to store as little sensitive data as possible. We do not store any information about you or your server unless it is necessary for our system to function. The data we do store is used solely for the purpose of providing you with the best experience possible.

  • We only listen to messages in channels that you have explicitly given us permission to listen to. When listening to these channels, we store the messages, encrypted at rest, until we have a buffer of messages to process. Once we have processed the messages, we delete them from our servers. This happens within 24 hours of the messages being sent.
  • Our AI features are designed to be optional, and you can choose to disable them at any time. If you do not want to use AI features, you can simply disable them in the Alvansa portal.
  • We do not train AI models with your data. When we process messages using AI, we use a technique called Retrieval-Augmented Generation (RAG). This means that we do not need to train the AI models with your data, as we provide the AI with the full context required each time. We also explicitly opt-out of training AI models with your data, and we do not share your data with third parties for this purpose.
  • We use strict access controls to ensure that only authorized personnel have access to your data, utilising industry standard security practices such as RBAC and passwordless authentication. We also use encryption to protect your data both in transit and at rest.

Privacy Policy

You can find our full privacy policy here.