Appendix Dthe operator’s own privacy policy — reproduced in fullRead it on its own terms
← back to the writeupAppendix D · the operator’s privacy policy
Appendix D — the other side, in their own words

The bot’s published privacy policy

This is Nano’s own privacy policy for the Alvric / SmashSplash ecosystem, reproduced here verbatim and unedited. It is the strongest argument against this writeup, so it belongs in it: it answers most of the charges directly, and you should weigh it on its own terms before you read ours. Read it first — then, below it, we hold each promise up against the bot’s own source and the files on its disk, claim by claim. Some hold up. Several don’t.

What you’re reading. Everything inside the framed box below is the operator’s text, word for word. Nothing has been added, removed, or rephrased; the only changes are typographic (headings and bullet styling) so it’s readable in this theme.
Reproduced verbatim · operator’s document

Privacy Policy: Alvric & SmashSplash Ecosystem

Effective Date: April 19, 2026

Our Approach to Your Privacy

We believe that safety shouldn’t come at the cost of your privacy. The Alvric system and the SmashSplash ecosystem are designed to protect the community while being as lightweight as possible on the data we keep.

The AI Behind the Bot

To give you the best experience, our bot uses the Llama series models powered by Groq’s high-speed API.

  • Industry Standard: We use these models because they are world-class in speed and reasoning.
  • Our Custom Shell: While the AI “brain” comes from Groq, the entire “body” of the bot—how it handles your messages, safety checks, and server security—is custom-built by us to be completely safe and secure.
  • Privacy First: Your interactions are processed through the API to generate a response, but they aren’t used by the external provider to build a permanent profile of you.

Why We Collect Data

  • Improving the Experience: We look at how people interact with the bot to make its responses feel more natural and helpful over time.
  • Keeping the Peace: Our security systems (Heat and Méfiance) monitor for automated attacks, spam, and server raids to keep the environment friendly.
  • Safety Logs: We track specific interaction patterns to identify and block malicious behavior before it affects the community.

Data Retention & Daily Resets

We don’t believe in holding onto your history forever. To ensure a fresh start and protect your privacy, we follow a strict reset schedule:

  • Daily Cleanup: Most interaction data, including temporary warnings and records of “bad behavior” or “Heat” scores, is automatically reset every 24 hours.
  • No Long-Term Tracking: We do not maintain permanent “shadow profiles” on users. If you’ve had a rough day and triggered a warning, that data is typically purged by the next day.
  • Minimal Footprint: Our goal is to know only what we need to know for the current session’s safety.

The “No-Sale” Promise

  • Your Data Stays Here: We will never sell, lease, or trade your personal information to advertisers, data brokers, or any third-party companies.
  • Non-Commercial Use: All data is used strictly for technical performance and community moderation within the SmashSplash ecosystem.
  • Admin Privacy: Access to raw logs is restricted to a very small number of system administrators and is only accessed when a safety incident occurs.

Your Control

  • Right to be Forgotten: If you want your specific data cleared sooner than the daily reset, you can reach out to the administration.
  • Transparency: We are open about how our AI works. If you have questions about a specific moderation action, our team is available to explain the logic behind it.

Held against the code & the files — claim by claim

Every finding below points at a real file in the bot’s own source or its live data directory — the same evidence used in the writeup, so you can check each one. We graded each promise honestly: where it holds, we say so.

Not what the files show

“We do not maintain permanent ‘shadow profiles’ on users… that data is typically purged by the next day.”

The disk says otherwise. Every user gets a standing file at chatbot/users/profiles/<id>.json holding their display name, username, interests, custom_slang, a free-text notes field, message count, last-seen time, and a list of every server the bot has seen them in. That is the textbook definition of a permanent, cross-server profile — and it’s still there in data pulled days later, not purged overnight.

Not what the files show

“Records of ‘bad behavior’ or ‘Heat’ scores… is automatically reset every 24 hours.”

The live “Heat” counter may well reset — but the records it escalates into do not. A threat record in security/dangerous_users/<id>.json is timestamped 2026-06-03 and was still present in data captured 2026-06-11eight days later, not one. Alongside it, security/global_bans/<id>.json entries are flat permanent flags (true). “Purged by the next day” isn’t what these files do.

Not what the files show

As lightweight as possible on the data we keep… know only what we need to know for the current session’s safety.”

For each person the bot keeps, at once: seven days of conversation (604800 seconds, hard-coded — 284 messages stored verbatim), the profile above, an affection score for how much it likes you (chatbot/users/affection/<id>.json), a heat ledger, an auto-generated threat profile, and a portable blacklist. That is a week-plus dossier, not a single session’s footprint.

Technically true, but beside the point

“[Your interactions] aren’t used by the external provider to build a permanent profile of you.”

This sentence is carefully about Groq — and may be perfectly accurate about Groq. But the permanent profile people worry about isn’t built by the provider; it’s built by the bot itself, locally, in the profile file above. The promise answers a question nobody was really asking.

Incomplete

“Our bot uses the Llama series models powered by Groq’s high-speed API.”

It uses more than Groq. The live runtime/runtime_state.json lists the current provider as groq1 plus Cerebras providers, and in DM the operator described building a “6 api switcher.” Your messages can be handed to several outside companies on failover, not the one named here.

Not what the files show

“Access to raw logs is restricted to… administrators and is only accessed when a safety incident occurs.”

Two things cut against “only on an incident.” The bot streams activity to a configured log_channel_id continuously, and the owner-only command set gives one person standing, on-demand access at any moment — !read (read any file), !screenshot (capture the host’s screen), !runts (run any shell command). That is a live feed plus a master key, not access gated to incidents (see Exhibit 07).

Holds up

“Our security systems (Heat and Méfiance) monitor for automated attacks, spam, and server raids.”

True, and worth saying. The anti-raid machinery is real and genuinely useful — the writeup says so too. The quarrel was never that it stops raids; it’s what the same machinery quietly keeps and how long.

Nothing contradicts it

“We will never sell, lease, or trade your personal information… All data is used strictly for technical performance and community moderation.”

We take this at face value. Nothing in the source or the data shows anything being sold or handed to advertisers; it’s a forward-looking promise the evidence neither proves nor disproves, and we won’t pretend otherwise.

The honest tally. The security purpose is real and the no-sale promise stands unchallenged. But on the things this whole writeup is about — how long your words are kept and whether a lasting profile of you exists — the policy and the files plainly disagree, and the files are what actually ran. A policy can be sincere intent the code hasn’t caught up to; it can also be wording that reads better than the disk. Either way, where they conflict, believe the disk.
Why this is here. Reproducing the policy in full is a matter of fairness and right of reply — the operator’s strongest defence deserves to be read straight, not summarised — and then tested against the same evidence as everything else, rather than waved away.
A writeup on Nano · back to the writeup · the source · this site’s privacy · terms of use · the server