Privacy Policy

The categories of information we collect depend on how you use the Service.

a. From the website

We collect standard server logs, including IP address, user agent, request path, referring URL, timestamps, and approximate location derived from IP address. We also collect product analytics events such as page views and outbound-link clicks through Google Analytics and our own link tracker, and error or performance diagnostics through tools such as Sentry. We use cookies and similar technologies as described in Section 8.

We suppress website analytics on wallet-link routes such as /connect because those URLs can contain short-lived verification tokens.

b. From community bots and social feeds

When a Coral bot is installed in a chat, receives a command, sees a ticker or contract address, handles a reaction, receives a vote, or interacts with a user, the relevant platform delivers message data and metadata to Coral. This can include:

• message text visible to the bot or monitor, including cashtags, contract addresses, commands, replies, and mentions;
• platform, tenant, chat, channel, message, thread, sender, username, display-name, and timestamp metadata;
• chat titles, channel names, chat type, and member-count metadata where exposed;
• reaction, vote, button, and slash-command interaction data;
• questions you submit to Ask Coral through a mention or the /ask command, the context retrieved to answer them, and the answers produced;
• when the bot is installed in a server or group, install and configuration data, including the installer's platform ID and handle, administrator IDs, the features enabled, and per-community settings;
• public or platform-provided social data from X, Farcaster, Moltbook, Net Protocol, and similar sources when Coral reads, posts, replies, or tracks market discussion there.

Operating useful Telegram cashtag and command detection can require privacy mode to be off, which means the bot can receive messages in chats where it has been installed. Coral also processes Discord, Telegram, and Farcaster community-intelligence signals to score tokens, rank callers, render cards, and detect cross-community market activity.

We do not publicly identify private chat names, member lists, or raw message content. Public outputs may include aggregated or de-identified statistics, token mentions, leaderboards, caller scores, or content already public on the source platform.

Coral may combine a caller's activity across the communities it observes to compute an aggregate reputation, such as an overall track record or smart-money status, and may surface that aggregate figure inside any community where Coral operates. We surface the aggregate statistic or badge only. We do not reveal, through that feature, which communities a person participates in, their messages in another community, or any per-community breakdown.

To answer an Ask Coral question, we process the text you submit, retrieve related public chat and market data, and may send your question and that context to a third-party AI inference provider that generates the reply. We keep audit records of Ask Coral activity, which can include hashed representations of questions and answers, the question category, the path used, and the funding source, so we can secure, debug, and meter the feature.

c. Wallet-link information

If you link a wallet to the Service, including through /setwallet, we collect the wallet address, chain type, signed message, signature, nonce, platform, platform user ID, platform handle, and related verification timestamps. We then query public blockchain data for that address, including token balances, transfers, transaction history, and holdings, as needed to power wallet-linked features.

Public blockchain data is public by nature. A wallet link can connect a social identity to an address inside Coral's systems, and some features may use that link globally across servers or chats. We do not publish the underlying social-to-wallet binding unless a feature clearly presents that information or you choose to share it.

d. Payments and rewards

Onchain payments, rewards, top-ups, holdings checks, contests, sweepstakes, giveaways, votes, and leaderboards involve public blockchain data, Discord or Telegram IDs, entries, interactions, reward status, and the addresses you choose to use. We do not collect credit card or bank-account information. If you use a third-party rail, wallet, exchange, swap route, bridge, or aggregator, that service's own privacy policy applies to its handling of your information.

If you buy Ask Coral credits, we record the onchain payment used to fund them, including the transaction hash, the paying address, the asset, the amount, and the network, along with your resulting credit balance and the per-answer debits against it. Holdings-based free allowances use public blockchain data for the addresses you link.

e. Public API and developer use

When you use the Coral public API or OpenAPI reference, we may collect request metadata, IP address, user agent, endpoint path, timestamps, rate-limit state, error state, and usage metrics. The v1 API is intended for public read data; do not send secrets or private user data to public endpoints.

f. Communications you send us

Feedback, bug reports, Discord messages, Telegram messages, X messages, email, and similar communications may be retained for as long as needed to respond, operate the Service, maintain records, and improve the product.

We use the information we collect to:

• operate, maintain, secure, and improve the Service;
• compute, validate, and improve Coral Scores, smart-money attribution, and other analytical outputs, including by using observed market data, public blockchain data, and community discussion as inputs for models, rules, evaluations, and backtests;
• render bot replies, charts, token cards, leaderboards, wallet-linked summaries, Reef Pulse posts, public dashboards, and developer API responses;
• process wallet links, token rewards, holdings-based features, top-ups, and access eligibility, including contests, sweepstakes, giveaways, and leaderboards;
• operate Ask Coral, including classifying questions, retrieving relevant data, generating and filtering answers, and caching results;
• meter and bill AI usage, manage credit balances and holder allowances, and enforce funding requirements, rate limits, and per-community budgets;
• detect, prevent, and respond to abuse, spam, security incidents, fraud, and violations of our Terms;
• generate aggregated, de-identified statistics for internal analysis;
• communicate with you about the Service;
• comply with applicable law and legal process.

AI features, including Ask Coral, may send selected prompts, context, and outputs to AI service providers, including a third-party inference gateway, that help operate the Service. This includes the questions you submit to Ask Coral and the context used to answer them. Where supported by an AI provider's available settings or contractual terms, we configure those providers not to train their general-purpose public models on the content we send. Coral does not use private social-to-wallet bindings to publicly identify private chats or private member lists.

We use automated processing to operate the Service, including scoring, ranking, eligibility and funding checks, rate limiting, and abuse detection. These processes support the Service and do not, by themselves, produce legal or similarly significant effects on you. If an automated decision affects you and you believe it is mistaken, you can contact us.

We do not sell personal information or share it for cross-context behavioral advertising. We share information only as follows:

• Service providers who help us operate the Service, including cloud infrastructure, Cloudflare, analytics, Sentry/error reporting, AI inference providers, including a third-party LLM gateway, that process selected prompts and context (including Ask Coral questions), blockchain RPC and index providers, market-data providers, messaging platforms, wallet software, and storage providers.
• Aggregated and de-identified data. We may publish aggregated or de-identified statistics intended not to directly identify any individual chat, user, or wallet, such as token mention counts, market trends, cross-community activity, or a caller's cross-community reputation expressed as an aggregate figure (without revealing the underlying communities, messages, or membership).
• Public and community platform data. Content posted on X, Farcaster, Moltbook, Net Protocol, Discord, Telegram, or similar platforms may be displayed, linked, quoted in short form, ranked, or summarized in Coral outputs when the source context and platform rules allow it.
• Legal and safety. We may disclose information if required by law, subpoena, or court order, or where we believe in good faith that disclosure is necessary to protect rights, property, or safety.
• Business transfers. If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to standard confidentiality.

We retain information for as long as it is useful for the purposes described above or as required by law. Operational logs, analytics events, API usage metrics, and error reports are typically retained for up to 24 months, though backups and security records may last longer.

Community-intelligence signals, caller profiles, token mention records, wallet links, signatures, reward records, Ask Coral audit records, AI-usage and credit ledgers, payment records, tenant install and configuration records, and aggregated or de-identified datasets may be retained for longer periods, including indefinitely, because they support scoring, abuse prevention, auditing, historical analysis, and public performance records.

If a bot is removed from a chat, we stop processing new messages from that chat. Data already collected may be retained subject to the periods above.

We use reasonable administrative, technical, and physical safeguards to protect information. This includes access controls, scoped service credentials, signature checks, webhook validation, input validation, logging controls, secret management, and production monitoring. Despite these measures, no system is perfectly secure; we cannot guarantee the security of any information you provide.

You have the following choices:

• Remove the bot. A Telegram chat admin may remove the bot at any time, and a Discord admin may remove or disable the bot where available. This stops further bot processing for new messages in that chat or server.
• Administer your community's settings. A server or group administrator can enable or disable features such as Ask Coral, message archiving, and community intelligence, mute channels, and remove the bot, which controls what Coral processes in that community.
• Unlink a wallet. A linked wallet can be unlinked where supported, including through bot wallet commands. Unlinking does not erase public blockchain history or historical analytical records.
• Mute or limit bot replies. Some platforms support bot controls such as /silent or platform-level permissions.
• Stop using the Service. You can stop using the website, API, wallet-link pages, community bots, and social surfaces at any time.
• Statutory rights. Depending on where you live, you may have rights to know, access, correct, delete, restrict, or obtain a copy of personal information, to object to certain processing, to opt out of sale, sharing, or targeted advertising where applicable, to appeal a denial, and to use an authorized agent. We will not discriminate against you for exercising rights that apply to you. To exercise these rights, contact us as described in Section 11. We may need to verify your identity and may retain information where allowed or required for security, legal, abuse-prevention, public-record, or blockchain-record reasons.

The Service is not directed to children under 18, and people under 18 may not use the Service. We do not knowingly collect personal information from children under 13. If you believe a child has provided information to us, please contact us and we will take appropriate steps consistent with applicable law.

The website uses a small number of cookies and similar technologies for basic site functionality and analytics, including Google Analytics outside sensitive wallet-link routes. You can disable cookies in your browser, though some site features may not work as a result. We do not use advertising cookies or targeted-advertising pixels.

The Service is operated from the United States. By using the Service from another jurisdiction, you understand that information may be transferred to, stored in, and processed in the United States and other countries that may have different data-protection rules than your country.

If you are in the European Economic Area or the United Kingdom, we process personal data where we have a lawful basis, including our legitimate interests in operating, securing, and improving the Service, performing a contract with you, your consent where required, and compliance with law. Where we transfer data internationally, we rely on appropriate safeguards where they are required. You may have rights to access, correct, delete, restrict, port, or object to processing, and to lodge a complaint with your supervisory authority.

We may update this Privacy Policy from time to time. Material changes will be reflected by an updated "Last updated" date on this page. Your continued use of the Service after changes become effective constitutes acceptance of the revised Policy.

Questions or requests about this Privacy Policy can be sent to [email protected]. You can also reach the operator on X at @r_alx_z or through Discord. Do not send seed phrases, private keys, or other wallet secrets in privacy requests.