• POST /v1/screen - Synchronous check (full pipeline, returns verdict)
• POST /v1/screen/async - Async check (returns job ID, optional webhook callback)
• POST /v1/screen/batch - Batch up to 100 entities per request
• GET /v1/jobs/{id} - Poll async job status
• GET /v1/graph/{type}/{value} - Relationship graph (BFS traversal)
• GET /v1/history - Recent check history
• GET /v1/audit/{id} - Full check audit record
• GET /v1/audit/export - Compliance-ready CSV export
• POST /v1/report - Community scam report (cross-platform)

Detailed API reference is available to enterprise customers under engagement. Contact [email protected] to discuss.

AVA auto-detects entity type, or you can specify explicitly:

• domain - example.com
• url - https://example.com/page
• wallet - ETH (0x...), BTC, SOL addresses
• email - [email protected]
• ip_address - IPv4 addresses
• phone - International format (+61...)
• social_account - platform:handle (e.g. x:@handle, instagram:handle)

• Free - 30 checks/day, 1 auto-monitored group, impersonation shield (sign in with social account)
• Starter ($29/mo) - 200/day, 5 channels, full scam detection, batch checks, webhooks
• Pro ($99/mo) - 1,000/day, 50 channels per platform, multi-platform, API, webhooks
• Business - Custom pricing, unlimited channels, SSO/SAML, dedicated support

AVA's Telegram bot monitors groups and channels in real time, automatically checking URLs, domains, wallet addresses, and social handles posted by members.

Setup (30 seconds):

• Add @CheckWithAvaBot to your Telegram group
• Make the bot an admin (required for reading messages and enforcing policies)
• Done. Monitoring starts automatically.

Everyday commands:

• /check <entity> - Check if a URL, domain, wallet, or email is a scam
• /report <entity> - Report a suspected scam (available to all group members)
• /status - View monitoring stats and queue depth
• /plan - View your current subscription (DM only)
• /support <issue> - Create a support ticket

Subscribing on Telegram:

• Just DM the bot or run any command. An account is created for you automatically on first contact (no sign-up needed).
• /subscribe starter or /subscribe pro - Monthly plan via Telegram Stars.
• /subscribe pro annual - Annual billing, 20% off the monthly total.
• /subscribe pro annual CODE20OFF - Apply a promo code. Invalid codes prompt you to retry or continue at full price (no silent billing).
• /delete_me - Delete your AVA account (right-to-erasure, DM-only).

Admin commands (group admins only):

• /protect - Quick-start monitoring with default notify policy
• /monitor / /unmonitor - Start or stop monitoring
• /policy <notify|delete|ban> - Set action policy:
  • notify (default) - Alert only, human decides
  • delete - Auto-delete messages with high-risk entities, plus alert
  • ban - Delete message, ban sender, plus alert
• /alerts <here|me|chat_id> - Choose where alerts are sent
• /antiraid <joins> <minutes> - Set anti-raid thresholds (e.g. /antiraid 5 3)
• /welcome on|off|set <text> - Configure welcome messages for new members
• /connect <api_key> - Bind a monitored channel to a paid plan (API key starts with ava_)
• /learn [days] - Observe channel behaviour before monitoring (1-30 days)

Security commands (group admins only):

• /audit - Scan members for admin impersonation (name copying, Unicode lookalikes)
• /verify <user> - Check if a user is a real admin
• /banuser <user> - Ban a suspected impersonator

Getting started:

1. Add @CheckWithAvaBot to your group as admin. Free monitoring starts automatically.
2. Optionally run /learn to profile the channel first
3. For more features: /subscribe in-chat via Telegram Stars, or sign up at checkwithava.com

Personal scanning (DM the bot):

• Forward a suspicious message to the bot - it extracts all entities and checks them instantly
• Paste a URL, wallet, or domain directly - same result
• The bot replies with a risk verdict for each entity found

What the bot detects:

• Phishing and malware URLs
• Known scam wallet addresses and rug pull tokens
• Fraudulent social accounts and admin impersonation
• Suspicious newly registered domains
• Scam emails and phone numbers

How it works:

• The bot passively reads all messages in monitored groups
• Entities (URLs, wallets, emails, domains, IPs) are automatically extracted
• Each entity is checked through AVA's comprehensive multi-source verification system
• Entities flagged as suspicious or dangerous trigger the configured action policy
• Recently checked entities are cached - repeat posts get instant verdicts without re-checking
• All findings feed into AVA's intelligence graph, improving detection over time

When you check a domain on AVA, we also read the site's privacy policy and summarise the risks in plain English, aimed at readers as young as 12. You'll see a risk band, a one-sentence TL;DR, up to five findings with "what this says" and "why it matters for you", and a short recommendation.

What it covers:

• Data sharing with advertisers and third parties
• How long the company keeps your data
• Under-13 handling and parental-consent requirements
• Opt-out clarity and tracking cookies
• Policy change notification terms

How to see it: check any domain on the home page. If AVA has analysed the policy in the last 30 days, the section appears on the verdict page below the trust signals. Every summary is timestamped so you know how current it is.

This is a plain-English summary, not legal advice. For legal interpretation of a policy, speak with a lawyer.

AVA's Discord bot monitors servers using slash commands, checking URLs, wallets, and entities in real time with the same comprehensive enrichment system.

Setup:

• Invite the AVA bot to your Discord server using the invite link from checkwithava.com
• The bot requires Read Messages, Send Messages, Manage Messages, and Ban Members permissions
• Run /monitor in the channel you want to protect

Slash commands:

• /checkwithava <entity> - Check if something is a scam
• /monitor / /unmonitor - Start or stop monitoring a channel
• /policy <notify|delete|ban> - Set action policy
• /report <entity> [reason] - Report a suspected scam
• /support <description> - Create a support ticket
• /connect <api_key> - Bind this channel to your paid AVA plan (ephemeral, key hidden)
• /audit - Scan members for admin impersonation
• /learn - Start learning mode to profile channel behaviour

All slash command responses are ephemeral (visible only to you) when they contain sensitive data like API keys or check details.

Requires: Starter plan ($29/mo) or higher.

AVA's Slack bot integrates with your workspace using Slack's slash commands and Events API, checking messages in monitored channels.

Setup:

• Install the AVA Slack app from your workspace admin panel
• Invite @AVA to the channels you want to monitor
• Run /ava-monitor to start monitoring

Commands (prefixed with /ava-):

• /ava-check <entity> - Check if something is a scam
• /ava-monitor / /ava-unmonitor - Start or stop monitoring
• /ava-policy <notify> - Set action policy
• /ava-report <entity> - Report a suspected scam
• /ava-support <description> - Create a support ticket
• /ava-connect <api_key> - Connect to your paid AVA account
• /ava-learn - Start learning mode

Responses are ephemeral by default, keeping your workspace clean.

Requires: Pro plan ($99/mo) or higher.

AVA's WhatsApp integration uses the Meta Cloud API to check messages in WhatsApp groups via text commands.

Setup:

• Add AVA's WhatsApp number to your group
• The first user to connect becomes the admin
• Send !ava monitor to start monitoring

Commands (prefixed with !ava):

• !ava status - Show monitoring status (no admin required)
• !ava monitor / !ava unmonitor - Start or stop monitoring
• !ava policy <notify> - Set action policy
• !ava report <entity> - Report a suspected scam (no admin required)
• !ava support <description> - Create a support ticket (no admin required)
• !ava admin add <phone> - Add an admin
• !ava admin remove <phone> - Remove an admin

Config-changing commands require admin status. The user who first connects the group is automatically the admin.

Requires: Starter plan ($29/mo) or higher. WhatsApp Business API access.

AVA is an entity verification and scam detection platform that checks domains, URLs, wallet addresses, social media accounts, emails, IP addresses, and other digital entities for fraud indicators and risk signals.

IMPORTANT - PLEASE READ CAREFULLY:

AVA provides risk indicators for informational purposes only. AVA does NOT provide legal, financial, investment, or professional advice of any kind.

Trust Scores, risk levels, recommendations, and analysis summaries are automated assessments based on available data at the time of the check. They are not guarantees of safety or danger. A high Trust Score does not mean an entity is safe. A low Trust Score does not mean an entity is definitely a scam.

You are solely responsible for your own decisions. Always verify independently and exercise your own judgement before sending money, sharing personal information, or engaging with any entity - regardless of what AVA's assessment says.

AVA's analysis is based on publicly available data, third-party intelligence sources, and automated pattern detection. Data sources may be incomplete, outdated, or incorrect. New scams may not yet be in our databases.

• You must provide accurate information when creating an account via social login (Google, GitHub, Microsoft, Facebook, LinkedIn, Apple).
• You are responsible for maintaining the security of your account and API keys.
• Free accounts are subject to usage limits. Paid plans (Starter, Pro, Business) provide higher limits as described on the Pricing page.
• We reserve the right to suspend or terminate accounts that violate these terms or exhibit abusive usage patterns.

You agree NOT to:

• Use the Service to harass, stalk, or target individuals
• Reverse engineer, scrape, or extract AVA's detection logic, scoring algorithms, or intelligence data
• Use the API to build a competing service
• Submit false or misleading entities to manipulate AVA's threat intelligence
• Attempt to circumvent rate limits, authentication, or access controls
• Use the Service for any unlawful purpose

All content, branding, scoring algorithms, detection patterns, intelligence data, and software comprising AVA are the intellectual property of Check With AVA and are protected by applicable copyright, trademark, and trade secret laws.

Your use of the Service does not grant you any rights to our intellectual property beyond the limited licence to use the Service as intended.

• Paid subscriptions are billed monthly via Stripe. Prices are in USD unless otherwise stated.
• You may cancel at any time. Cancellation takes effect at the end of the current billing period.
• Refunds are provided at our discretion within 14 days of initial purchase. No refunds for partial months.
• We reserve the right to change pricing with 30 days notice to existing subscribers.

Telegram Stars / Digital Payments:

• All Telegram Stars purchases are processed through Telegram's payment system.
• Refund requests can be submitted via the /paysupport command or by contacting [email protected].
• Refunds are processed within 14 business days.

NO WARRANTY. THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, OR NON-INFRINGEMENT.

NO GUARANTEE OF ACCURACY. WE DO NOT WARRANT THAT ANY RISK ASSESSMENT, TRUST SCORE, VERDICT, OR ANALYSIS WILL BE ACCURATE, COMPLETE, RELIABLE, OR ERROR-FREE. SCAM DETECTION IS INHERENTLY IMPERFECT - LEGITIMATE ENTITIES MAY BE FLAGGED, AND MALICIOUS ENTITIES MAY NOT BE DETECTED.

NOT ADVICE. NOTHING PROVIDED BY THE SERVICE CONSTITUTES LEGAL, FINANCIAL, INVESTMENT, TAX, OR PROFESSIONAL ADVICE. YOU SHOULD NOT RELY SOLELY ON AVA'S ASSESSMENTS WHEN MAKING DECISIONS INVOLVING MONEY, PERSONAL INFORMATION, OR SECURITY.

LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, CHECK WITH AVA, ITS OFFICERS, DIRECTORS, EMPLOYEES, AND AGENTS SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, FUNDS, OR GOODWILL, ARISING FROM OR RELATED TO YOUR USE OF OR INABILITY TO USE THE SERVICE, ANY RELIANCE ON RISK ASSESSMENTS OR VERDICTS PROVIDED BY THE SERVICE, OR ANY THIRD-PARTY CONDUCT OR CONTENT.

OUR TOTAL AGGREGATE LIABILITY SHALL NOT EXCEED THE GREATER OF (A) THE AMOUNT YOU PAID FOR THE SERVICE IN THE 12 MONTHS PRECEDING THE CLAIM, OR (B) ONE HUNDRED AUSTRALIAN DOLLARS (AUD $100).

INDEMNIFICATION. You agree to indemnify, defend, and hold harmless Check With AVA and its officers, directors, employees, and agents from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising from or related to: (a) your use of the Service; (b) any decision you make based on information provided by the Service; (c) your violation of these Terms; or (d) your violation of any rights of a third party.

• AVA may flag legitimate entities as suspicious (false positives). AVA is not liable for any reputational harm resulting from automated risk assessments.
• AVA may fail to detect scams (false negatives). Users must not rely solely on AVA's assessments for financial or safety decisions.
• AVA's risk assessments are automated opinions based on publicly available data and third-party intelligence sources. They do not constitute allegations of fraud or criminal activity.

• Reports must be made in good faith based on genuine concern about scam activity.
• False or malicious reports may result in account suspension or termination.
• AVA reserves the right to disclose reporter identity to law enforcement if required.
• Reported entities may contest assessments by contacting [email protected].
• Community reports are weighted inputs to AVA's assessment system, not standalone verdicts.

• Any entity owner that believes they have been incorrectly assessed may submit a re-evaluation request to [email protected].
• AVA will re-evaluate contested assessments within 14 business days.
• AVA reserves the right to maintain its assessment if the evidence supports it.

• API access is subject to rate limits as defined by your plan tier.
• AVA verdicts must not be redistributed, resold, or used to build competing intelligence services.
• AVA does not guarantee API uptime. Business customers may negotiate SLA terms separately.
• API consumers must not use AVA verdicts as the sole basis for automated blocking, account termination, or financial decisions without human review.

These terms are governed by the laws of Australia. For matters relating to published verdicts and public-facing content, the laws of England and Wales apply (Defamation Act 2013).

Any disputes shall be resolved through binding arbitration in the jurisdiction of the applicable governing law.

Contact: [email protected]

• Account data: Contract performance (GDPR Article 6(1)(b))
• Group message scanning: Legitimate interests in fraud prevention and security (Article 6(1)(f))
• Threat intelligence: Legitimate interests in preventing financial crime
• Marketing: Consent (Article 6(1)(a))

• AVA reads messages in monitored groups to extract entities (URLs, wallets, emails, domains, phone numbers).
• We do NOT store message content. Only extracted entities and their risk verdicts are retained.
• Sender IDs and reputation scores are retained to detect coordinated scam behaviour.
• Message processing occurs in memory. No full message text is written to permanent storage.

• Provide the Service: Process checks, generate verdicts, maintain your account
• Improve detection: Check results contribute to our threat intelligence graph, improving detection for all users. Entity data is anonymised in public-facing insights.
• Security: Detect and prevent abuse, fraud, and prompt injection attacks
• Communication: Service notifications, support responses, and (with consent) product updates

We do NOT sell your personal data. We do NOT use your data for advertising.

We share data only with:

• Third-party reputation and intelligence providers: The entity you check (a URL, domain, email, phone number, or wallet address) may be sent to independent reputation and threat-intelligence providers for analysis. We send only the entity being checked, never your account details or personal information. Each provider operates under its own privacy policy.
• Payment processor: Stripe processes payments. We do not store credit card details.
• Law enforcement: If required by law or to protect against imminent harm.

We do NOT share your personal information with advertisers or data brokers.

Essential cookies: We use a single session cookie (ava_session) to maintain your login state. This is httpOnly and secure - it cannot be read by JavaScript or third parties.

No tracking cookies: We do not use Google Analytics, Facebook Pixel, or any third-party tracking. We do not fingerprint your browser.

No advertising cookies: We do not serve ads or use advertising-related cookies.

Self-hosted fonts are loaded from our own servers - no requests to Google Fonts or other CDNs.

• Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
• Check verdicts: Retained indefinitely as part of our threat intelligence database. Verdicts are anonymised in public-facing features.
• Enrichment evidence: Compressed enrichment snapshots retained for audit trail purposes. Available for export on Business plans.
• Session data: Sessions expire after 72 hours. Expired sessions are automatically purged.

Under GDPR and the Australian Privacy Act, you have the right to:

• Access: Request a copy of all personal data we hold about you
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your personal data (right to be forgotten)
• Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing of your personal data
• Withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact: [email protected]

• All data encrypted in transit (TLS/HTTPS) and at rest (AES-256/KMS)
• API keys are stored as one-way hashes - we cannot retrieve your full key after creation
• Session tokens are cryptographically random with httpOnly, secure, SameSite attributes
• Prompt injection defences prevent adversarial manipulation of our analysis pipeline
• Infrastructure hosted on AWS with SOC 2 and ISO 27001 compliance

AVA uses the following third-party services to process your personal data:

• Amazon Web Services (AWS): cloud hosting and data storage (Sydney region; transactional email is delivered from the Ireland region)
• Cloudflare: content delivery, DNS, and edge security in front of our application
• Stripe: payment processing (we never store card details)
• Resend: transactional email delivery
• Telegram: messaging platform, for users who interact with the AVA Telegram bot

Separately, when you check an entity, that entity (a URL, domain, email, phone number, or wallet address) may be sent to independent reputation and threat-intelligence providers for analysis. These providers receive only the entity being checked, not your personal information, so they act as data sources rather than processors of your personal data. Each operates under its own privacy policy.

• Entity values (URLs, domains, wallets) may be sent to US-based enrichment APIs for analysis.
• No personally identifiable information is included in cross-border API calls.
• Where personal data transfers occur, appropriate safeguards (Standard Contractual Clauses or adequacy decisions) are in place.

• AVA uses automated systems to generate risk assessments for entities.
• Risk scores are generated by combining multiple data sources with the AVA Intelligence Engine.
• You have the right to request human review of any automated assessment by contacting [email protected].

In the event of a data breach affecting personal data, we will notify the relevant supervisory authority within 72 hours and affected individuals within 30 days.

For privacy-related enquiries:

• Email: [email protected]
• General support: [email protected]

We will respond to all privacy requests within 30 days.