Safety, privacy, and access
Operate Airwavy with least privilege and share diagnostic information safely.
Least privilege
- Keep owner and privileged staff roles above Airwavy.
- Grant feature-specific permissions instead of adding broad permissions without review.
- Restrict log, moderation, verification, backup, and support channels to the intended staff.
- Review reaction-role and verification role mappings for privilege escalation.
User-provided content
Welcome text, triggers, suggestions, chatbot prompts, AFK reasons, and other member content can contain mentions, links, or unsafe material. Configure channel access and moderation policies appropriate to your community.
Safe support evidence
- Share timestamps, the affected feature or command, and redacted screenshots.
- Use Discord IDs only when support asks for them and your policy permits it.
- Never share bot tokens, OAuth secrets, cookies, authorization headers, database credentials, webhook URLs, or private member content.
- For a suspected security issue, use the private contact route provided by the official support team rather than a public server channel.