Privacy Policy.

The bot stores the minimum needed to query your Valorant store on your behalf — your Discord user ID, encrypted Riot OAuth tokens, your region, and your notify preference. Nothing else. Run /logout in Discord to delete everything.

• Your Discord user ID — used to associate stored data with you so the bot knows whose store to fetch.
• Riot OAuth tokens (access token, ID token, entitlements token) — required to call Riot's Valorant API on your behalf.
• Your Riot region (na / eu / ap / kr / latam / br) — needed to hit the right regional API endpoint.
• Your notify preference (on / off) and last DM timestamp — so the daily 00:05 UTC notifier doesn't double-DM.

• Your Riot username or password. The bot never sees these — you log in on Riot's own page, then paste the redirect URL.
• Your real name, email, phone number, or payment information.
• Discord messages, server contents, or reactions outside of slash command interactions.
• Browser cookies, IP addresses, or any device fingerprinting data.
• Any information about other Discord users you share servers with.

Stored locally in a SQLite database on the operator’s machine. Sensitive fields (OAuth tokens) are encrypted at rest using AES-256-GCM via the Fernet spec. The encryption key is held only by the operator and never leaves the bot host.

The bot does not run a public web service that exposes user data. There is no admin dashboard, no analytics, and no logging of personal data beyond what’s required for one-shot command execution.

The bot transmits data to two external systems:

• Riot Games' Valorant API — your tokens are sent to riotgames.com endpoints to fetch your store, wallet, etc. Riot's own privacy policy applies.
• valorant-api.com — public skin/bundle catalog. No personal data is sent; only public skin UUIDs.

Data is not sold, shared with advertisers, or used for any purpose other than serving your slash commands.

Data persists until you delete it. There is no automatic expiration. To delete:

• Run /logout in Discord — wipes your row from the bot's database immediately.
• Remove the bot from your account or server — stops new commands. Existing data is wiped on the operator's next startup or via /logout.
• Email hi@adevstudio.xyz — operator will manually delete on request.

Riot OAuth tokens expire roughly every hour. When a stored token expires, the bot does not refresh silently — it asks you to re-login via the same paste-the-URL flow. This means even if a token were somehow exfiltrated, it would only be useful for at most ~60 minutes.

This bot is not intended for users under 13. Do not use it if you don’t meet Discord’s and Riot’s minimum age requirements for your country.

If a breach affecting user data is discovered, operator will: (a) wipe all affected sessions, (b) post a notice on adevstudio.xyz, and (c) notify affected users via Discord DM where possible.

Material changes will update the “last updated” date above. The bot does not currently track who has read this policy; continued use after changes constitutes acceptance.

Questions, deletion requests, or security reports: hi@adevstudio.xyz.