Privacy Policy

MyTelegramBots ("we", "us", "the service") operates the platform available at mytelegrambots.com and the dashboard at app.mytelegrambots.com. For privacy questions, write to [email protected].

We collect the minimum data needed to operate the service. Specifically:

• Account data. Email address, display name and a hashed password (or third-party identity if you sign in with an OAuth provider).
• Bot configuration. Bot tokens you provide via @BotFather, role assignments, schedules, keyword filters, webhook URLs and command definitions.
• Operational logs. Webhook delivery status, response codes, error messages and timestamps. Retained for 30 days on Free, longer on paid tiers.
• Telegram-relayed data. Updates Telegram sends to your bot (messages, callback queries, chat IDs) — only as needed to route them through the configured roles.
• Technical metadata. IP address, user agent and referrer for sessions to the dashboard, used for security and rate limiting.

We do not collect the message bodies of conversations between your bot and its end users beyond what is required to execute a command in real time, and we do not retain that content after the request completes.

• To run the bots you have configured and deliver their output to Telegram.
• To maintain account security, prevent abuse and enforce rate limits.
• To send transactional email (account verification, security alerts, billing receipts on paid tiers).
• To improve reliability — aggregated, non-identifying performance metrics inform infrastructure decisions.

We do not sell your data. We do not use your bot data to train machine learning models. We do not show ads.

Bot tokens are encrypted at rest with per-record keys and are never exposed in the dashboard after creation (only the last four characters are shown). Tokens are decrypted in memory only at the moment a webhook fires or a scheduled job runs. You can rotate or revoke a token at any time from @BotFather; we will surface the resulting 401 Unauthorized in the dashboard.

We share data with a small, fixed list of processors:

• Telegram — to deliver and receive messages on your behalf. Subject to Telegram's privacy policy.
• Hosting provider — application and database hosting in the EU.
• Email provider — for transactional email only.
• Payment processor — Stripe, on paid tiers. Card data is collected by Stripe directly; we never see it.

We use a single first-party session cookie to keep you signed in to the dashboard. We do not set advertising or analytics cookies. The marketing site sets no cookies.

• Account data: until you delete your account.
• Bot configuration: until you delete the bot.
• Operational logs: 30 days (Free), 90 days (Pro), unlimited (Team).
• Backups: 30 days, encrypted.

If you are in the EU, UK or another jurisdiction granting equivalent rights, you may request access to, correction of, export of, or deletion of your personal data. Email [email protected] and we will respond within 30 days. Account deletion is also available self-service from the dashboard.

The service is not directed at children under 13 and we do not knowingly collect data from them.

We will post any material changes to this policy on this page and, where they affect existing users, send notice by email at least 14 days before they take effect.