1. Overview

This Privacy Policy explains what information we collect when you use our platform for managing Telegram bots, channels, mini apps, and payments (the “Service”), how we use it, and the choices you have. We act as the data controller for your account data and as a processor for the end-user data your bots handle on your behalf.

2. Information we collect

Account data: email address, password hash, or Telegram user id; your plan, role, and language preference.
Bot & channel data: connected bot tokens (encrypted), bot and channel identifiers, usernames, and member-count statistics.
Commerce data: storefronts, products, and orders, including the buyer's Telegram id, amounts, and payment references for Stars, TON, and Wallet Pay transactions.
Usage & technical data: log data, IP addresses (e.g. for rate limiting and abuse prevention), and device information.

3. How we use information

We use the information to:

provide, operate, and secure the Service;
relay messages, schedule posts, and run moderation on your behalf;
process payments and calculate platform commissions;
prevent fraud and abuse, enforce limits, and comply with legal obligations;
communicate with you about your account and the Service.

4. Payment data

Payments are processed by Telegram (Stars), the TON network, and Wallet Pay. We store transaction metadata such as amounts, status, and provider charge or order identifiers to fulfil orders and reconcile commissions. We do not store card numbers or wallet private keys. Payment-provider tokens you supply are encrypted at rest.

5. Data processing for end users

When your bots interact with Telegram users, those users' messages and identifiers may be processed through the Service to deliver the features you have configured (e.g. moderation, welcome messages, purchases). You are responsible for having an appropriate legal basis and for informing your end users in line with applicable law.

6. How we protect data

Secrets such as bot tokens and payment tokens are encrypted at rest; passwords are stored only as salted hashes. Sessions are signed and can be revoked. We restrict access to personal data to what is needed to operate the Service. No system is perfectly secure, but we take reasonable measures to safeguard your information.

7. Data sharing

We do not sell your personal data. We share data with infrastructure and payment providers strictly to operate the Service, and with authorities where required by law. Telegram receives the data necessary to deliver your bot and channel operations.

8. Data retention

We retain account and tenant data for as long as your account is active. When you delete your account, associated data is removed, except records we must keep for legal, accounting, or fraud-prevention purposes.

9. Your rights & account deletion

Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can delete your account at any time from your settings, which permanently removes your account and cascaded tenant data. To exercise other rights, contact us using the details below.

10. International transfers

The Service is global and your data may be processed in countries other than your own. Where required, we rely on appropriate safeguards for such transfers.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or by email.

12. Contact

For privacy questions or requests, contact our data protection team at [email protected].